KBI 311800 Best And Most Secure Way To Safely Monitor Check Point VPN Status
Version
Argent for Compliance – All Versions
Date
Thursday, 12 March 2020
Summary
The Check Point appliance supports all kinds of VPN tunnels
The most common one is IPsec
A VPN tunnel may drop without warning, and active monitoring is essential to alert on dropped tunnel(s)
Technical Background
A VPN tunnel may drop due to many reasons, including the following:
- High latency between sites
- WAN gateway IP change
- Power outages
- Tunnel misconfiguration
Resolution
- Login to the Check Point appliance and configure it to send logs to any of your Argent server’s IP addresses
- Go to Argent Compliance SYSLOG Rules and create a new Rule with the below settings:
- The search text is: “no response from peer.” fw_subproduct=”VPN-1″ peer_gateway=”X.X.X.X”
Substitute X.X.X.X with the IP gateway address of the remote location to monitor (only if a specific tunnel is to be monitored)
- If monitoring of more than one tunnel from the same Argent Rule is desired, then the search string should be: “no response from peer.”