Check the status of the VPN Broker

To make sure that the components in the VPN Broker configuration are working correctly, check the status of the VPN Broker in the Management Client component of the SMC or on the command line of the NGFW Engine.

For more information about the monitoring features in the Management Client, see the Forcepoint Next Generation Firewall Product Guide.

Steps

Check the status in one or more of the following ways:
  • In the Home view of the Management Client, select an NGFW Engine to check the status of the connection between the NGFW Engine and the VPN Broker gateway.

    The Status tab of the Info pane shows the status.



    Note: This status information is not available for Virtual NGFW Engines.
  • In the Logs view of the Management Client, use the VPN Broker facility in a filter to show logs related to the VPN Broker.


    The following situations appear in log entries related to the VPN Broker:

    Situation Description
    VPN-Broker_Client-Request A VPN Broker member sent an information request to a VPN Broker gateway.
    VPN-Broker_Connection_Error The connection with the VPN Broker gateway has not been established.
    VPN-Broker_Connection_Established The connection with the VPN Broker gateway has been established.
  • When VPN tunnels have been established between VPN Broker members, check the status of the tunnels in the SD-WAN dashboard in the Home view of the Management Client.
  • On the command line of an NGFW Engine, enter the following command:
    sg-brokerctl -s

    On an NGFW Engine that acts as a VPN Broker gateway, the command shows a summary of the status of the connections between the VPN Broker members and the VPN Broker gateway. In a high availability environment, you can see if the VPN Broker gateways can be contacted. The age shown in the output should be 5 seconds or less. To check that the members have been synchronized correctly, you can enter sg-brokerctl info to check that the hash for primary_member_hash and member_hash match.

    On an NGFW Engine that acts as a VPN Broker member, the command shows which other VPN Broker members the NGFW Engine can connect to, and shows the status of the connection between the NGFW Engine and the VPN Broker gateway.

Result

You have now finished configuring the VPN Broker.