R80.40 Logging and Monitoring Administration Guide
You are here:
This section describes how to monitor VPN tunnels.
VPN Tunnels Solution
VPN Tunnels are secure links between gateways. These Tunnels ensure secure connections between gateways of an organization and remote access clients.
When Tunnels are created and put to use, you can keep track of their normal function, so that possible malfunctions and connectivity problems can be accessed and solved as soon as possible.
To ensure this security level, SmartView Monitor constantly monitor and analyze the status of an organization's Tunnels to recognize malfunctions and connectivity problems. With the use of Tunnel views, you can generate fully detailed reports that include information about the Tunnels that fulfill the specific Tunnel views conditions. With this information you can monitor Tunnel status, the Community with which a Tunnel is associated, the gateways, to which the Tunnel is connected, and so on.
These are the Tunnel types:
-
A Regular tunnel refers to the ability to send encrypted data between two peers. The Regular tunnel is considered up if both peers have Phase 1 and Phase 2 keys.
-
Permanent tunnels are constantly kept active. As a result, it is easier to recognize malfunctions and connectivity problems. With Permanent tunnels administrators can monitor the two sides of a VPN tunnel and identify problems without delay.
Permanent tunnels are constantly monitored. Therefore, each VPN tunnel in the community can be set as a Permanent tunnel. A log, alert or user defined action can be issued when the VPN tunnel is down.
See AlsoWant to see traffic going over the tunnelMonitor Network Tunnel StatusWhat command to see the actual encrypted and decrypted packets in a GRE Tunnel InterfaceHow to check the IPsec tunnels are still being used or not?The configuration of Permanent tunnels takes place on the community level and:
-
Can be specified for an entire community. This option sets every VPN tunnel in the community as permanent.
-
Can be specified for a specific Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.. Use this option to configure specific Security Gateways to have Permanent tunnels.
-
Can be specified for a single VPN tunnel. This feature allows you to configure specific tunnels between specific Security Gateways as permanent.
-
This table shows the possible Tunnel states and their significance to a Permanent or Regular Tunnel.
| State | Permanent Tunnel | Regular Tunnel |
|---|---|---|
| Up | The tunnel works and the data can flow with no problems. | IDE SA (Phase 1) and IPSEC SA (Phase 2) exist with a peer gateway. |
| Destroyed | The tunnel is destroyed. | The tunnel is destroyed. |
| Up Phase1 | Irrelevant | Tunnel initialization is in process and Phase 1 is complete (that is, IKE SA exists with cookies), but there is no Phase 2. |
| Down | There is a tunnel failure. You cannot send and receive data to or from a remote peer. | Irrelevant. |
| Up Init | The tunnel is initialized. | Irrelevant. |
| Gateway not Responding | The Security Gateway is not responding. | The Security Gateway is not responding. |
VPN Tunnel View Updates
If a Tunnel is deleted from SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., the Tunnel Results View shows the deleted Tunnel for an hour after it was deleted.
If a community is edited, the Results View shows removed tunnels for an hour after they were removed from the community.
Running VPN Tunnel Views
When a Tunnel view runs the results show in the SmartView Monitor client.
A Tunnel view can run:
-
From an existing view
-
When you create a new view
-
When you change an existing view
A Tunnels view can be created and run for:
-
Down Permanent Tunnels
-
Permanent Tunnels
-
Tunnels on Community
-
Tunnels on a Security Gateway
Run a Down Tunnel View
Down Tunnel view results list all the Tunnels that are currently not active.
To run a down tunnel view:
-
In the SmartView Monitor, click the Tunnels branch in the Tree View.
-
In the Tunnels branch (Custom or Predefined), double-click the Down Permanent Tunnel view.
A list of all the Down Tunnels associated with the selected view properties shows.
Run a Permanent Tunnel View
Permanent Tunnel view results list all of the existing Permanent Tunnels and their current status.
A Permanent Tunnel is a Tunnel that is constantly kept active.
To run a permanent tunnel view:
-
In the SmartView Monitor client, click the Tunnels branch in the Tree View.
-
In the Tunnels branch, double-click the Custom Permanent Tunnel view that you want to run.
A list of the Permanent Tunnels related to the selected view properties shows.
Run a Tunnels on Community View
Tunnels on Community view results list all the Tunnels related to a selected Community.
To run a tunnels on community view:
-
In the SmartView Monitor client, click the Tunnels branch in the Tree View.
-
In the Tunnels branch (Custom or Predefined), double-click the Tunnels on Community view.
A list of all Communities shows.
-
Select the Community whose Tunnels you want to monitor.
-
Click OK.
A list of all the Tunnels related to the selected Community shows.
Run Tunnels on Gateway View
Tunnels on Gateways view results list all of the Tunnels related to a selected Security Gateway.
To run tunnels on Gateway view:
-
In the SmartView Monitor client, click the Tunnels branch in the Tree View.
-
In the Tunnels branch (Custom or Predefined), double-click the Tunnels on Gateway view.
A list of the Security Gateways shows.
-
Select the Security Gateway, whose Tunnels and their status you want to see.
-
Click OK.
A list of the Tunnels related to the selected Security Gateway shows.
04 July 2024
© 2020 - 2024 Check Point Software Technologies Ltd.
