VPN

VPN

From the VPN console, users can access information on any VPNs associated with their FortiGate. From the initial window, a list of all the associated VPNs is provided, along with general information, such as number of user connections and VPN type. By double-clicking on an individual VPN (or right-clicking and selecting Drill down for details…), users can access more specific data on that VPN.

Logs in the VPN console can be sorted by number of connections, last connection time, or data sent/received by selecting the column headers.

This console can be filtered by Result, User Name, and VPN Type. For more on filters, see Filtering options on page 1172.

Certain dashboard options will not appear unless your FortiGate has Disk Logging enabled.

Furthermore, only certain FortiGate models support Disk Logging — refer to the FortiView Feature Support – Platform Matrix on page 1149 for more information.

To enable Disk Logging, go to Log & Report > Log Settings, and select the check- box next to Disk and apply the change.

 

Scenario: Investigating VPN user activity

The VPN console can be used to access detailed data on VPN-user activity via the use of the drill down windows. In this scenario, the administrator looks into the usage patterns of the IPsec user who has most frequently connected to the network.

1. Go to FortiView > VPN to view the VPN console.

2. Select the Connections column header to sort the entries by number of connections to the network.

3. Locate the top user whose VPN Type is ipsec and double-click the entry to enter that user’s drill down screen.

4. To get the most representative data possible, sort the entries by bandwidth use by selecting the Bytes (Sent/Received) column header. Double-click the top entry to enter the drill down window for that connection instance.

From this screen, the administrator can find out more about the specific session, including the date/time of access, the XAuth (Extensible Authentication) User ID, the session’s Tunnel ID, and more.

Only FortiGate models 100D and above support the 24 hour historical data.

 

This entry was posted in FortiOS 5.4 Handbook and tagged , , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.