This is a real life sample alert from the indeni alert guide for Check Point Firewalls.
Some of the monitored/permanent VPN tunnels have been found to be in an inactive or unstable state.
For more information on permanent tunnels and how to set it up, read the VPN admin guide. For more information on how to monitor permanent tunnels within Check Point’s SmartView Monitor, read Monitoring Tunnels.
Possibly Affected Tunnels:
VPN Community XVPN, tunnel between CP1 and CP2 (22.214.171.124)
Manual Remediation Steps:
Review the network connectivity between the two sites. Normally, permanent tunnels do not run into configuration issues but do run into connectivity issues.
How does this alert work?
indeni loads the VPN Community configurations and then tests the VPN tunnels on each gateway using the ‘vpn tu’ command. For this alert, only the permanent tunnels are examined. Note that indeni does not need to use SmartView Monitor, or the rtmd process, to achieve this. If you are interested in manually checking the status of permanent tunnels, you may use Check Point’s SmartView Monitor. When a permanent tunnel goes down you may sometimes see “No valid SA”.