Being fairly new to CheckPoint, I hadn’t yet used SmartView monitor, which is the windows desktop monitoring application. At first glance it wasn’t very useful. I had terminated several test tunnels to various Cisco, FortiGate, and Palo Alto firewalls, all of which were working fine. But they all showed down in SmartView. What the heck?
Reason: When it comes to monitoring tunnels, CheckPoint by default uses a proprietary protocol they call “tunnel_test” (udp/18234). In order to properly monitor VPN tunnels to Non-CheckPoint Devices, DPD (dead peer detection) must be used.
Here’s how to enable DPD on an interoperable device:
- In the CheckPoint SmartConsole folder (usually C:\Program Files (x86)\CheckPoint\SmartConsole), run GuiDBedit.exe
- Under Network Objects folder -> network_objects, look for the interoperable device Object. The class name will be “gateway_plain”
- Search for Field name tunnel_keepalive_method and change it to dpd
- File -> Save All, exit.
- Restart SmartConsole and install policy to the applicable Checkpoint gateways / clusters
After making that change, pushing policy, and restarting SmartView Monitor, the tunnels now show green: