[munrog]

Its quite easy, but you have to be running NGX (you can do it with NG, but it requires some manual file modifications), you have to allow tunnel_test and tunnel_test_mapped between both peers and you have to configure the connection as a permanent tunnel.

Permanent Tunnels are VPN tunnels that are constantly kept active and as a result, make it easier to recognize malfunctions and connectivity problems. You can monitor the two sides of a VPN tunnel, and identify problems without delay.

Each VPN tunnel in the community may be set to be a Permanent Tunnel.

Since Permanent Tunnels are constantly monitored, if the VPN tunnel is down, then a log, alert, or user defined action, can be issued. Permanent Tunnels can only be established between Check Point gateways.

You set permanent tunnels within the VPN community window under the tab "tunnel management". Once you enable Set Permanent Tunnels, you choose if you want all tunnels in the community, specific gateways or specific tunnels in a community. You can also select the tracking for tunnels that change state up or down. These are the usual suspects of none, log, popup alert, mail alert, snmp alert and userdefined alerts.

Set this to snmp, next go into Policy > Global Properties > Log and Alert > Alert Commands: select the checkbox next to "Run SNMP trap alert script" and in the box beside it put "internal_snmp_trap <snmptrapserver>" where <snmptrapserver> is the name or IP address of your SNMP management server that should receive the traps. After that, it's up to your SNMP management system to page you or whatever...