HOW TO CHECK FOR UP TIME IN IPSEC VPN TUNNEL

Hi eFrancis,

Thank you for reaching out to Sophos Community.

Kindly check on the CLI and select option 5. Device Management, then option 3. Advanced Shell. 
>  ipsec statusall

•  Sophos Firewall: Troubleshooting site to site IPsec VPN issues 

Hello Erick,

Thank you for your response. However, it seems the information provided is the uptime for the device, not for the IPSEC Tunnel as I had requested.

The client is specifically requesting the uptime for the IPSEC Tunnels. Currently, I have nine (9) IPSEC Tunnels in operation.

Thank you.

@eFrancis, how is it going be helpful to check the tunnel uptime? are you looking for S2S tunnel details or Remote access tunnel details?

IPsec has 2 phases; IKE(v1/v2) phase which is larger and child SA phase that is smaller. Both phase1 and phase2 sessions keep rekeying after sometime, based on the rekey values configured in the IPsec.

In site2site tunnel type, there is no straight way to get the tunnel uptime; you can check ipsec statusall | grep rekey - this gives how much time is left for rekeying for phase1 and phase2 and compare this with what has been configured in the UI.

In remote access type, you can take a look at UI in Current activities - Live users - it displays the start time of the tunnel.

Hi eFrancis ,There isn't a direct way to find the tunnel uptime. However, you can check the log viewer -> 'VPN' and filter by the specific tunnel name and see the timestamp of most recent 'Established' status for that specific tunnel .

Regards,

Vamshi