Checkpoint R60 VPN Debugging and killing IPSec / IKE Tunnels

Further to my initial post about just restarting the VPN module, which does the job, albeit a bit of a hammer to crack a nut..

Here are a few more usefull commands.

To list all your current VPN Tunnels – IKE / IPSec etc..

Open a command line on the firewall, go into expert mode and type: vpn tu

You then get the option to list tunnels, or kill them by peer ip or user (client) or just all.

This gives you a much more granular method to debug and view / kill tunnels on a per peer type basis.

To switch VPN debugging on, which logs to $FWDIR/log/vpnd.elg use the following:

vpn debug on

vpn debug ikeon

vpn debug trunc (this command is the equivalent of the above 2)

To switch debugging off use:

vpn debug off

vpn debug ikeoff

You can then export the log file to another machine for analysis.

You can follow any responses to this entry through the RSS 2.0 feed.

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This blog is kept spam free by WP-SpamFree.