VPN Connection Logging
What are the capabilities for logging of mobile VPN connections? Can connects and disconnects be logged (with IP address)? I haven't found a place to configure that.
T55 (v12.3.1).
Thanks
0
Sign In to comment.
Answers
In FSM Traffic Monitor -> right click -> Event Notifications, you can select
user log on and off log records, and set them to Notify
The following are from the Log Catalog:
2500-0000 SSLVPN Login
2500-0001 SSLVPN Log off
5B01-0005 L2TP Delete user session
3E00-0002 User Login succeeded
3E00-0004 User Logout
Unfortunately you will also get "Management user status@Firebox-DB from"
accesses an user authentications logged with the above log record IDs set to Notify and .
Thanks for the help - is this one of those things that can only be done from the FSM? I find the webUI easier to use so rarely open the System Manager. Also, even though we're using SSLVPN, I don't see events 2500*. As you mention, the 3E00-002 includes management logins so not an ideal solution without the 2500- events.
AFAIK, only via FSM
Hello Bruce,
in my Event Notifications window those 2 ids are missing.
Instead 3E00-0002 and 0004 are present but those are logging every ad login to user pc, creating a lot of email spam.
I'd like to only log SSL VPN user logged out assigned virtual ip, is it possibile?
M270 v12.7.2 here.
Hi @Francesco
In order to get those checkboxes to show up, those logs need to have gone by in Traffic Monitor before you right click -> event notifications. If you're not seeing them, try logging in and out of SSLVPN then right clicking in FSM.
-James Carson
WatchGuard Customer Support
Hi james, the event of ssl vpn user disconnecting is shown as 3E00-0004 not 2500-0001
FWStatus, Firewall user - from - logged out, pri=6, proc_id=sessiond, msg_id=3E00-0004