KBI 311800 Best And Most Secure Way To Safely Monitor Check Point VPN Status

Version

Argent for Compliance – All Versions

Date

Thursday, 12 March 2020

Summary

The Check Point appliance supports all kinds of VPN tunnels

The most common one is IPsec

A VPN tunnel may drop without warning, and active monitoring is essential to alert on dropped tunnel(s)

Technical Background

A VPN tunnel may drop due to many reasons, including the following:

  • High latency between sites
  • WAN gateway IP change
  • Power outages
  • Tunnel misconfiguration

Resolution

  1. Login to the Check Point appliance and configure it to send logs to any of your Argent server’s IP addresses
  2. Go to Argent Compliance SYSLOG Rules and create a new Rule with the below settings:



    Click For Full Size
  3. The search text is: “no response from peer.” fw_subproduct=”VPN-1″ peer_gateway=”X.X.X.X”

    Substitute X.X.X.X with the IP gateway address of the remote location to monitor (only if a specific tunnel is to be monitored)

  4. If monitoring of more than one tunnel from the same Argent Rule is desired, then the search string should be: “no response from peer.”