How to monitor and count connected RemoteAccess VPN User

[Sergej]

Hi,

What is the available methods to count and monitor Remote Access VPN users? For example all users are VPN enabled by default. Authentication is done via active directory (but some customers use local authentication). How to count how much VPN users was connected same time, see who use VPN and who do not using, who are the top VPN users etc.
Is it only available via eventia reporter? Are you happy with Eventia VPN reports (does it always working). What minimum you need to perform to enable Eventia VPN reports on RemoteAccess users?

Share you experience please.

[ddarby1]

Hi Sergej,

I guess you know about using SmartView Monitor to see what Remote Users are currently connected, VPN stats, related traffic, etc.

I setup and used Eventia Reporter as part of CCSE study and so haven't used it in a live environment yet (I get the impression that not many people are yet).

However, it worked really well for me, clear very presentable, customisable historical reports - the sort of thing that management love.

It seems clear that in a high-traffic production environment you'd want to put in on a seperate, fast application server, as it looks to be a bit of a resource hog.

I put the Reporter Module on the Primary SmartCenter (& log) Server and the Eventia Reporter Server on another Windows Server.

Basically it has two kinds of databases, which it draws reports from, the 'Express' Reports are pulled from data collected by SmartView Monitor (will include VPN user, traffic usage, etc.). This data is quicker to run reports against.
The Standard Reports search through the entire database, which I think is the comprised of all the logs sent from the enforcement module (can become quite large over time). With this you get a more comprehesive set of data to report against.

I've used Microsoft ISA 2004 reports in a high throughput environment and they weren't bad, however I'd say that Eventia Reporter is much better/more comprehensive/customisable.

It might take a little while to setup your reports as you want them(I remember having quite a few with 'no data found' due to incorrect settings), but that was mainly due to me getting use to using it I guess.

Hope that wasn't too glowing, but it's the best I can come up with without having used it in production.

[usman_a]

are there any cli commands to check any users are connected at any give time?

[Firewall_Guy]

Try the following command:

fw tab -t userc_key -s

The firewall will return the number of active SecuRemote connections under the #VALS column.