VPN Utilization

I am looking for a way to determine how much traffic is being generated across specific SSL VPN tunnels. The problem is we are attempting to identify staff that are just connecting to the VPN at the beginning of the day, and then disconnecting at the end of the day, but not really doing any work. I figured, if I can at least get an idea of how much traffic is being passed, then it should give me some idea of those that are just logging in and out, but not really doing anything. Any ideas on how to do this?

Comments

  • In Dimension, there is the Per CLient Reports.
    Select Summary and enter a user name or IP addr and you will see assorted info about the user's logged traffic for the time period specified.
    To get good info, you need to have Logging for reports on proxy policies being used by these VPN users.

  • The policies that would be included all have Logging for reports enable, but I'm still not seeing anything. So, all traffic from an SSLVPN connection does not seem to get logged anywhere. (This is traffic coming from/to the SSLVPN client and internal hosts.) However, I did see on the management server, under "Mobile VPN with SSL Tunnels" in the "Device Status", tab, it does list all users and how much data is sent and received. That appears to give me what I'm looking for, but it appears to only provide a live view and I'm wondering if that is logged in Dimension as well.

  • I don't think that this info is in any log files which get sent to Dimension.

    There is a default Allow SSLVPN-Users policy, which is an Any packet filter.
    Logging is not enabled on this default policy, although you can change it.

    Do you have any policies From: SSLVPN-Users other than the default one?

Sign In to comment.