Checkpoint smartreporter admin guide12/21/2023 The username and the connect time in epoch time. So I was monkeying around and I used the -f switch on the userc_users and it gives me the exact data that I need. I'm also familiar this this command fw tab -t userc_users -s which shows you the number of users presently connected and the high water mark. I'm familiar with this command fw tab -t userc_rules -f which will show the username of each "connected" remote access user in the past 15 minutes. points of presence across the globe)? we'll likely never know.ĭameon, quick question since you replied. Maybe CP doesn't want to cannibalize their existing MOB customer investments? Maybe the existing CP Cloudguard Connect global footprint is not ready for prime time (ie. cloud-hosted VPN to cloud infrastructure). Side note: for whatever reason, the go-to-market Cloudguard Connect product doesn't include remote VPN option that I'm aware (ie. In addition, all following have good - and mature - multi-factor options that are well documented and mutually supported. I will be creating a new Checkmates topic on this, but here's what I would recommend for current SASE alternatives (complete with Zero-Trust-Network-Access options). All the data points that were readily available in consolidated report with R77.xx SmartReport were not ported to new R80.xx SmartEvent reporting (sadly). I get distinct feeling that CP really hasn't touched their core VPN functionality for years and effectively missed the mark with R80.xx SmartEvent VPN usage reporting. Please bring back the R77.30 SmartReport template for remote access VPN usage.Ħ. However, I would repeat this "should be easier". I don't feel the customer's issues were ever resolved to satisfaction but I do understand some improvements were made with subsequent releases. There was not a comprehensive "YES" to everything - AND - the various data points were available in various different places and metrics (if I recall correctly). The idea was to understand the R77.30 report and try to replicate in R80.xx SmartEvent. One customer in particular spent lots of cycles talking with R&D. This report - and the associated access or similar relevant data - disappeared with NGSE and the incorporated reporting in R80.xx SmartEvent. R77.30 SmartReport included a great per-user report template for remote VPN usage. Incorporating R77.30 SmartReporter features directly into R80.xx SmartEvent (with one database back-end) was good decision but customers did lose functionality (the big taboo). The R77.30 reference does remind me of pain experienced by numerous customers when they upgraded SmartEvent/SmartReporter to the new NGSE (and subsequently R80.xx SmartEvent). Select and enable Consolidated Sessions > Firewall Session. To enable this functionality, activate the Firewall session event on the SmartEvent Policy tab. Note - For Security Gateways R77.30 and lower, the ability to generate reports on Firewall and VPN activity is integrated into SmartConsole. Here's link to latest/greatest R80.40 Logging and Monitoring Admin GuideĬheck the "note" on page // views and reports / Reports Great question posed by remote access VPN usage metrics. There are ways to convert this to a usable date/time, I'm sure. The ConnectTime is when the users connected, but it's listed as seconds since the Epoch (Jan 1 00:00:00 GMT). For those following along at home, here's what the command fw tab -t userc_users -f -uįormatting table's data - this might take a while.ģ:30:34 5 N/A N/A 192.168.101.253 > N/A LogId: ContextNum: OriginSicName: : (+)=(+) Table_Name: userc_users : (+) Attributes: dynamic, id 144, attributes: keep, sync, kbuf 1, local sync, expires 900,, hashsize 16384, limit 10000 LastUpdateTime: 19Mar2020 3:30:34 ProductName: VPN-1 & FireWall-1 ProductFamily: Network ģ:30:34 5 N/A N/A 192.168.101.253 > N/A LogId: ContextNum: OriginSicName: SRAddress: 172.16.10.1 Schema: SSL(8) UserName: Bob UserDN: CN=Bob,CN=Users,DC=ir,DC=local MyRange:First: Last: 255.255.255.255 PeerRange:First: 172.16.10.1 PeerLast: 172.16.10.1 ConnectTime: 1584581121 RouteTraffic: 0 Expires: 900/900 LastUpdateTime: 19Mar2020 3:30:34 ProductName: VPN-1 & FireWall-1 ProductFamily: Network
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |