Monitoring VPN Tunnels

Because VPN tunnels synchronize between all Security Group Members, you need to use traditional tools to monitor VPN tunnels.

SmartConsole

You must not activate the Monitoring Software Blade in the Security Gateway (Security Group) object.

You can still see VPN tunnel status and details information in SmartConsole.

SNMP

  • You can use the OID sub-tree tunnelTable (.1.3.6.1.4.1.2620.500.9002 ) in the Check Point MIB to see the VPN status.

  • In the Traditional VSX mode, search for the "SNMP Monitoring" section in the R82 VSX Administration Guide for VSX-related SNMP information.

CLI Tools

Notes:

  • In the VSNext mode / Traditional VSX mode, you must run these commands in the context of the applicable Virtual Gateway / Legacy Virtual System.

  • For more information about these commands, see the R82 CLI Reference Guide.

Use these commands:

  • To see VPN statistics for each Security Group Member, run in the Expert mode:

    cpstat -f all vpn

  • To monitor VPN tunnels for each Security Group Member, run in the Expert mode:

    vpn tu

    VPN tunnels are synchronized to all Security Group Members. Therefore, you can run this command from the scope of one Security Group Member.

  • To monitor VPN tunnels in the non-interactive mode, run in Gaia gClish:

    vpn shell tunnels