vpn tu tlist

Description

Shows information about VPN tunnels.

Syntax for IPv4

vpn tu [-w] tlist

      {-h | -help}

      [clear]

      [start]

      [state]

      [stop]

      [<Sort Options>]

Syntax for IPv6

vpn6 tu [-w] tlist

      {-h | -help}

      [clear]

      [start]

      [state]

      [stop]

      [<Sort Options>]

Parameters

Parameter

Description

-w

Shows various warnings on the screen.

-h | -help

Shows the built-in usage.

clear

Clears the Tunnel List volume statistics.

start

Turns on the Tunnel List volume statistics.

state

Shows the current Tunnel List volume statistics state.

stop

Turns off the Tunnel List volume statistics.

<Sort Options>

The available sort options are:

 

If you specify more than one sort option, you can:

  • Separate the options with spaces:

    ... -<option1> -<option2> -<option3>

    For example: -v -t -b -r

  • Write the options together:

    ... -<option1><option2><option3>

    For example: -vtbr

Example for IPv4

+-----------------------------------------+-----------------------+---------------------+
| Peer: 172.16.10.1 (c05ea6c62d82122c)    | MSA: ffffc90047aa08d8 | i: 3  ref:     1    |
| Client public IP: 10.20.4.12            |                       |                     |
| Authenticated at:    Aug 1 17:22:01     |                       |                     |
| Methods: SSL Tunnel 3DES MDS            |                       |                     |
| My TS:   0.0.0.0/0                      |                       |                     |
| Peer TS: 172.16.10.1                    |                       |                     |
| User: user_1                            |                       |                     |
| MSPI:   1c00001 (i:  3, p:  -)          |                       |                     |
| Tunnel created:        Aug 1 17:22      |  SSL                  |                     |
| Tunnel expiration:     Aug 1 17:31:58   |  Connected            |                     |
+-----------------------------------------+-----------------------+---------------------+
| Peer: 10.20.3.198 - SGW4                |  MSA: ffffc90047aa0ae |i: 9   ref: --57/60  |
| Methods: ESP Tunnel AES-128 SHA1        |                       |                     |
| My TS: 10.20.5.4/31                     |                       |                     |
| Peer TS:                                |                       |                     |
| MSPI:                                   |  No outbound SPI      |                     |
| Tunnel created:                         |  IPsec                |                     |
| Tunnel expiration:                      |  Disconnected         |                     |
+-----------------------------------------+-----------------------+---------------------

(1) Site-to-Site tunnels are up:
IPSEC           1
NAT-T           0

(1) Number of Active Clients:
NAT-T           0
Visitor Mode    0
SSL             1
L2TP            0

Output

The output of the vpn tu tlist command is a table with counters below it.

Each row of the table shows information for one VPN peer.

These fields can appear in the left column of the table:

Field in Left Column

Explanation

Peer: [IP ADDRESS]

IP address of the remote peer that communicates with the VPN Gateway through the VPN tunnel.

Client public IP

In a Remote Access VPNClosed An encrypted tunnel between remote access clients (such as Endpoint Security VPN) and a Security Gateway. tunnel, shows the public IP address of the Remote Access client

Authenticated at

Date and time when the VPN Gateway finished establishing the tunnel with a Remote Access VPN client.

Methods

Encryption methods configured for the VPN tunnel.

 

Examples:

  • tunnel type - SSL, ESP

  • encryption type - 3DES, AES-128

  • data integrity algorithm - MD5, SHA1

My TS

Traffic Selector - Subnets, sections of subnets, or a single IP address behind the VPN Gateway that can be destinations for traffic that passes through the VPN TunnelClosed An encrypted connection between two hosts using standard protocols (such as L2TP) to encrypt traffic going in and decrypt it coming out, creating an encapsulated network through which data can be safely shared as though on a physical private line..

Peer TS

Peer Traffic Selector -
In a Site to Site VPNClosed An encrypted tunnel between two or more Security Gateways. Synonym: Site-to-Site VPN. Contractions: S2S VPN, S-to-S VPN. tunnel, shows subnets, sections of subnets, or a single IP address behind the peer gateway that can be destinations for traffic that passes through the VPN tunnel.

In a Remote Access VPN tunnel, shows the IP address of a computer connected to Remote Access VPN.

User

In a Remote Access VPN tunnel, shows the username of the remote access user .

MSPI

Indicator

Value

Explanation

Hash

[STRING]

Unique indicator for the VPN tunnel to a Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.. If the VPN peer is a ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing., each Cluster MemberClosed Security Gateway that is part of a cluster. has its own hash.

i

[INTEGER]

The number of the firewall instance on which the VPN tunnel is opened.


p

 

-

The tunnel is not accelerated.

[INTEGER]

The tunnel is accelerated. The number indicates the PPAC that handles the tunnel.

d

[INTEGER]

The number of the IKE daemon that handles traffic in the VPN tunnel.


Tunnel created

If the VPN tunnel is connected, shows the date and time when the VPN tunnel was created.

If the VPN tunnel is disconnected, shows no value.

Tunnel expiration

If the VPN tunnel is connected, shows the date and time when the VPN tunnel will expire.

If the VPN tunnel is disconnected, shows no value.

These fields can appear in the middle column of the table:

Field in Middle Column

Explanation

MSA [HASH ID]

The unique hash ID of the Security Association.

IPsec

The VPN tunnel is of type IPsec.

SSL

the VPN tunnel is of type SSL.

No outbound SPI

There is no Security Parameter Index (SPI) for outbound traffic.

Connected

the VPN Gateway has encryption keys for the VPN tunnel.

Disconnected

the VPN Gateway does not have encryption keys for the VPN tunnel.

These fields can appear in the right column of the table:

Field in Right Column

Value

Explanation

i

[INTEGER]

The number of the firewall instance on which the VPN tunnel is opened.

ref

 


 

 

[INTEGER]

The number of connections that the firewall instance handles.

-- [INTEGER]/[INTEGER

The tunnel is disconnected and there is a countdown until termination or re-establishment of the tunnel. The integer before the slash is the number of seconds left in the countdown backwards to 0. The integer after the slash is the total length of the countdown.

Example:

ref: -- 57/60 means the tunnel is disconnected. There are 57 seconds left in a 60-second countdown until tunnel termination or re-establishment.

These counters appear below "Site-to-Site tunnels are up:"

Field

Explanation

IPsec

the number of Site to Site VPN tunnels of type IPsec connected to the VPN Gateway

NAT-T

the number of Site to Site VPN tunnels of type NAT-Tconnected to the VPN Gateway


These counters appear below "Number of Active Clients:"

Field

Explanation

NAT-T

the number of Remote Access clients connected to the VPN Gateway in NAT Traversal (NAT-T) mode

Visitor Mode

the number of Remote Access clients connected to the VPN Gateway in Visitor Mode

SSL

the number of Remote Access clients connected to the VPN Gateway in SSL mode

L2TP

the number of Remote Access clients connected to the VPN Gateway in L2TP mode

strongSwan

the number of Remote Access clients connected to the VPN Gateway in strongSwan mode