by
Scott Glew
With many people now working from home due to COVID-19, reporting on Fortinet FortiGate's VPN activity is top of mind for many overstretched IT teams right now.
To help, we've made some additions to Fastvue Reporter for FortiGate to provide better visibility into FortiGate's VPN connections so you can plan for extra capacity, proactively respond to unexpected or excessive invalid login attempts, or simply keep an eye on who is and isn't logging in each day.
First of all, we've added a new VPN Dashboard that lets you monitor FortiGate's VPN activity in real-time.
The line chart at the top shows the number of Active VPN Sessions over time as well as the number of New Connections, Disconnections, as well as the number of Failed Logins.
Underneath the line chart are some clear statistics showing the number of Active Connections now, the number of New Connections and Disconnections over the past hour, as well as the number of Failed logins over the past 24 hours.
Underneath the statistics, we have two tables showing the most recent VPN connections and the most recent VPN disconnections. The disconnections table also shows the FortiGate event message that indicates the reason for the disconnection. This lets you see if the VPN connection was terminated due to an auto-logout, a normal user logout, or any other reason.
The final row of the VPN dashboard shows the Top VPN Users by size, as well as a table showing the most recent Failed VPN logins.
We've also added a new VPN section to the existing IT Network and Security Reports. To access the new FortiGate VPN report:
Note: If you only want to see the VPN activity for a certain user, you can also select a User Overview Report | IT Network and Security Report, then select the user, date range, and click Run Report.
The VPN report section is also availabe in the All Usage reports.
The VPN section starts with the same line chart showing Active Connections, New Connections, Disconnections and Failed Logins over time.
It's important to note that this will show connections that started after the report's start date. So if you run a report on today, it will show connections that started from midnight today. It will not show connections that were started yesterday, even if they are still active today.
The VPN section also shows a table that lists all VPN connections, including the user, internal and external IPs, connection and disconnection times, VPN duration, VPN session type, and a column called details that displays the Fortinet FortiGate event message. The details column usually states the reason for the VPN's disconnection, but for VPN sessions that were not disconnected within the report's time range, it will show the FortiGate Event Message for the connection start event.
The green bars in the table give you a visual indication of when a VPN connection started and stopped, relative to other connections.
Like the VPN dashboard, the VPN report section also shows Top VPN Users by Size, but also includes a simple list of VPN Users alphabetically. This makes it easy for managers and IT administrators to easily find how long a specific user was logged in for, and how much traffic they consumed over the VPN connection.
The report also includes Failed Logins showing the Username, Message and Source IP as it does on the VPN Dashboard, but the report also includes the Destination IP (the FortiGate IP), which is handy if you have multiple FortiGate devices being monitored by Fastvue Reporter, and you need to know which one is receiving a high number of failed login attempts.
Unlike the VPN Dashboard, the VPN section in the report also shows VPN Session Types, such as SSL VPN, IPSec or L2TP.
If you want to receive these reports every day, week or month, just click the Schedule Report button in the top right corner.
Download and install the latest version of Fastvue Reporter for FortiGate to access these new features.
If you're new to Fastvue Reporter for FortiGate, it comes with a free 30-day trial. See our Getting Started Guide for recommended system requirements, simple installation instructions and information on sending log data from your Fortinet FortiGate.
Simply download and run the new installer over the top of your existing installation. The installer will pick up your existing settings, so just click next throughout the wizard without making any changes. Once installed, browse to the site and clear the browser cache by hitting ctrl + F5 (cmd + R on Mac).
Note that it can take a few minutes for data to start importing again after upgrades and restarts of the Fastvue Reporter service. You can check the database initialisation progress in Settings | Diagnostic | Database.
It's also important to note that you will not see the VPN dashboard populate immediately. This will start populating as soon as new VPN connections are started.
With Fastvue Reporter for FortiGate's new VPN Dashboard and VPN section in the IT Network and Security report, you can monitor the number of active sessions throughout the day to help plan for extra capacity, or use the reports to find who has not connected recently.
You can also easily see when most people connect and disconnect, and proactively respond to unexpected disconnections or excessive invalid login attempts.
What do you think of our new VPN Dashboard and VPN report section? Let us know if we're missing anything in the comments.
Download our FREE 14-day trial, or schedule a demo and we'll show you how it works.
How to Enable Dark Mode in Fortinet FortiGate (FortiOS 7.0)
Sophos XG - How to Block Searches and URLs with Specific Keywords