probemon

Description

On Security Gateways R82 and higher, shows the status of Site to Site VPN An encrypted tunnel between two or more Security Gateways. Synonym: Site-to-Site VPN. Contractions: S2S VPN, S-to-S VPN. Tunnels based on the configured Network Probes (see sk181994).

This command controls the Probe Monitor daemon (probemond) on the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

Notes:

You must run this command in the Expert mode.

On Scalable Platforms (Maestro and Chassis), you must run the applicable commands in the Expert mode on the applicable Security Group.
The "probemon" command does not support IPv6 tunnels.
The "probemon" command is limited to a maximum of 500 Network Probes.
In ClusterXL, the Standby Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members may report the status "DOWN" when they use spoofed ICMP probes.
The "probemond" daemon listens to RPC requests on port 9877 from either the "probemon" CLI or its consumers

It is possible to configure a different port number in the $FWDIR/conf/probemond.C file (required the restart of the daemon).
The "probemond" daemon uses these probing methods (based on the configuration in the Network Probe):
- HTTP / HTTPS:
  
  The Security Gateway sends HTTP / HTTPS requests to the URL configured in the Network Probe.
  
  The Security Gateway sends these HTTP / HTTPS requests based on standard routing and DNS lookup configuration.
- ICMP:
  - Direct ICMP:
    
    The Security Gateway sends ICMP 'Echo Request' packets to the destination IP address / object configured in the Network Probe.
    
    The Security Gateway sends these ICMP requests based on the standard routing flow.
  - Spoofed ICMP:
    
    The Security Gateway injects ICMP packets as if they arrive at one of the Security Gateway's interfaces.
  In case of the ICMP probing, the probemond daemon automatically determines the ICMP method (Direct ICMP or Spoofed ICMP).
The "probemond" daemon saves its events in the $FWDIR/log/probemon.elg* files.

Syntax

probemon [-d]

help

start

status

stop

report [<parameters>]

debug [<parameters>]

Parameters

Parameter	Description
`-d`	Run the command in the debug mode.
`help`	Shows the built-in help for the command and for each sub-command.
`start`	Starts the `probemond` daemon. This is the default status.
`status`	Shows the current status of the `probemond` daemon.
`stop`	Starts the `probemond` daemon.
`report [<parameters>]`	Shows the probing report. Available parameters: `essential_only` Shows only the essential Network Probes in the report. `extended` Shows additional details in the report. `live` Shows an animated report in real time until you press the CTRL+C keys. `max_elems <Number>` Specifies the maximum number of Network Probes to show in the report (for paging). `offset <Number>` Specifies the offset (from which position to start) in the list of Network Probes (for paging). `order {ascending \| descending}` Specifies the report sort order. `probes` Shows only the Network Probes in the report (without the statistics). `sort_by {id \| status \| destination}` Specifies the report sort column. `stats` Shows only statistics in the report (without the monitored Network Probes). `status_max {up \| down \| unknown}` Shows the probe status maximum constraints. `status_min {up \| down \| unknown}` Shows the probe status minimum constraints.
`debug [<parameters>]`	Controls the debug of the Probe Monitor daemon (`probemond`). Available parameters: `on` Starts the debug. `off` Stops the debug. `trunc` Starts the debug and automatically rotates the current log file (`$FWDIR/log/probemon.elg`).

Examples