Remote Access VPN
Verification Commands
List Office Mode VPN users (including SNX and L2TP): fw tab -t om_assigned_ips -f
List SNX VPN users: fw tab -t sslt_om_ip_params -f
List L2TP VPN user: fw tab -t L2TP_tunnels -f
List MAB user (Not SNX just MAB portal): fw tab -t cvpn_session
List Office Mode users that are currently connected in Visitor Mode: vpn show_tcpt
Examples
Get VPN logged-on users: fw tab -t sslt_om_ip_params -f | grep UserName | cut -f5 -d”;”
Same as above, but just get username and sort ascending with case-ignore: fw tab -t sslt_om_ip_params -f | grep UserName | cut -f5 -d”;” | cut -f3 -d” ” | sort -f
Generate Certificate for SSL VPN - Mobile Access
Download and Install OpenSSL if it’s not already installed
Get private key from server/cert store/ask person in charge.
Convert Intermediate CA Certificate from p7b to crt format:
openssl pkcs7 -print_certs -in .\gd-g2_iis_intermediates.p7b -out gd-g2_iis_intermediatescert.crt
Run command to convert Cert (.crt) file to Pkcs#12 (p12) file:
Windows: C:\Program Files (x86)\GnuWin32\bin> openssl pkcs12 -export -inkey private.key -in certificate.crt -out result.p12|result.pfx -certfile gd-g2_iis_intermediatescert.crt
Mac or Linux: no need to go to any folder, just use openssl ……
Without –certfile option, some browsers such as firefox will alert invalid cert as the intermediate certificate chain is not included and therefore, this information cannot be exposed to clients when requested Loading ‘screen’ into random state – done Enter Export Password: Verifying – Enter Export Password:
Replace the Cert: – Open properties of gateway – Mobile Access – Portal Settings – Should also change Platform portal: Open properties of gateway – Platform portal
Install Policy
Reference
https://community.checkpoint.com/t5/Remote-Access-VPN/Remote-Access-VPN-Short-List-of-Most-Useful-Resources-and-Tools/m-p/78983#M16070
Last updated