Monitoring authenticated users

Leave a reply

To disconnect a tunnel-mode user

execute vpn sslvpn del-tunnel <index>

 

To disconnect a web-mode user

execute vpn sslvpn del-web <index>

You can also disconnect multiple users:

 

To disconnect all tunnel-mode SSL VPN users in this VDOM

execute vpn ssl del-all tunnel

 

To disconnect all SSL VPN users in this VDOM

execute vpn ssl del-all

 

Monitoring IPsec VPN users

To monitor IPsec VPN tunnels in the web-based manager, go to VPN > Monitor > IPsec Monitor. user names are available only for users who authenticate with XAuth.

You can close a tunnel by selecting the tunnel and right click to select Bring Down.

For more information, see the FortiOS Handbook IPsec VPN guide.

 

Monitoring users Quarantine

The User Quarantine list shows all IP addresses and interfaces blocked by NAC quarantine. The list also shows all IP addresses, authenticated users, senders, and interfaces blocked by Data Leak Prevention (DLP). The system administrator can selectively release users or interfaces from quarantine or configure quarantine to expire after a selected time period.

All sessions started by users or IP addresses on the User Quarantine list are blocked until the user or IP address is removed from the list. All sessions to an interface on the list are blocked until the interface is removed from the list.

You can configure NAC quarantine to add users or IP addresses to the User Quarantine list under the following conditions:

  • Users or IP addresses that originate attacks detected by IPS – To quarantine users or IP addresses that originate attacks, enable and configure Quarantine in an IPS Filter.
  • Users or IP addresses that are quarantined by Data Leak Prevention – In a DLP sensor select QuarantinIP Address as the action to take.

For more information, see FortiOS Handbook Security Profiles guide. Users are viewed from User & Device > Monitor > User Quarantine.

Delete                        Removes the selected user or IP address from the User Quarantine list.

Remove All               Removes all users and IP addresses from the User Quarantine list.

Search                       Search the list for a particular IP address.

Source                      The FortiGate function that caused the user or IP address to be added to the User

Quarantine list: IPS or Data Leak Prevention.

Created                     The date and time the user or IP address was added to the Banned User list.

Expires

The date and time the user or IP address will be automatically removed from the User Quarantine list. If Expires is Indefinite, you must manually remove the user or host from the list.

 

Pages: 1 2

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.