Introducing SonicWall VPN Reports and VPN Dashboard

by

Scott Glew

With everyone shifting to working from home due to COVID-19, reporting on SonicWall's VPN activity is top of mind for many overstretched IT teams right now.

To help, we've made some additions to Fastvue Reporter for SonicWall to provide better visibility into SonicWall's VPN connections and to ensure your remote infrastructure is holding up.

In addition to reporting on VPN activity from SonicWall firewalls, we've also added support for SonicWall's Secure Mobile Access (SMA) devices. Just send the SMA device's syslog data to the Fastvue Reporter for SonicWall server to enjoy these new features:

SonicWall VPN Dashboard

First of all, we've added a new VPN Dashboard that lets you monitor SonicWall's VPN activity in real-time.

SonicWall VPN Dashboard - Fastvue Reporter for SonicWall

The line chart at the top shows the number of Active VPN Sessions over time as well as the number of New ConnectionsDisconnections, as well as the number of Failed Logins.

SonicWall VPN Sessions Overtime

Underneath the line chart are some clear statistics showing the number of Active Connections now, the number of New Connections and Disconnections over the past hour, as well as the number of Failed logins over the past 24 hours.

SonicWall VPN Statistics

Underneath the statistics, we have two tables showing the most recent VPN connections and the most recent VPN disconnections. The disconnections table also shows the SonicWall event message that indicates the reason for the disconnection. This lets you see if the VPN connection was terminated due to an auto-logout, a normal user logout, or any other reason.

SonicWall VPN Active Connections and Disconnections

The final row of the VPN dashboard shows the Top VPN Users by size, as well as a table showing the most recent Failed VPN logins.

SonicWall VPN Users by Size and Failed Logins

SonicWall VPN Reports

We've also added a new VPN section to the existing IT and Network Security Reports. To access the new SonicWall VPN report:

  1. Go to Reports | Overview Report | IT and Network Security.

  2. Select your date range and click Run Report.

  3. Scroll down to the VPN section

Note: If you only want to see the VPN activity for a certain user, you can also select a User Overview Report | IT and Network Security Report, then select the user, date range, and click Run Report.

The VPN report section is also availabe in the All Usage reports.

The VPN section starts with the same line chart showing Active ConnectionsNew ConnectionsDisconnections and Failed Logins over time.

SonicWall VPN Sessions Report

It's important to note that this will show connections that started after the report's start date. So if you run a report on today, it will show connections that started from midnight today. It will not show connections that were started yesterday, even if they are still active today.

The VPN section also shows a table that lists all VPN connections, including the userinternal and external IPsconnection and disconnection timesVPN durationVPN session type, and a column called details that displays the SonicWall event message. The details column usually states the reason for the VPN's disconnection, but for VPN sessions that were not disconnected within the report's time range, it will show the SonicWall Event Message for the connection start event, such as 'SSL VPN zone remote user login allowed'.

The green bars in the table give you a visual indication of when a VPN connection started and stopped, relative to other connections.

Like the VPN dashboard, the VPN report section also shows Top VPN Users by Size, but also includes a simple list of VPN Users alphabetically. This makes it easy for managers and IT administrators to easily find how long a specific user was logged in for, and how much traffic they consumed over the VPN connection.

SonicWall VPN Users by Size Report
SonicWall VPN Users Alphabetically Report

The report also includes Failed Logins showing the UsernameMessage and Source IP as it does on the VPN Dashboard, but the report also includes the Destination IP (the SonicWall's IP), which is handy if you have multiple SonicWall devices being monitored by Fastvue Reporter, and you need to know which one is receiving a high number of failed login attempts.

SonicWall Failed VPN Logins

Unlike the VPN Dashboard, the VPN section in the report also shows VPN Session Types, such as SSL VPN, IPSec or L2TP, as well as VPN Policies. If you want to view the VPNs that relate to a specific VPN Policy, you can hover over a VPN Policy, then over the green arrow, and run another IT and Network Security report.

SonicWall VPN Session Types and VPN Policies Report

If you want to receive these reports every day, week or month, just click the Schedule Report button in the top right corner.

SonicWall VPN Alerts

In addition to the VPN Dashboard and VPN Reports mentioned above, it is also possible to create real-time alerts when users login to the VPN, or disconnect. You can receive these alerts directly in your email inbox. I've created a quick video to show you how:

Does it support SonicWall SMA (Secure Mobile Access)?

Yes! VPN Reporting for SonicWall would not be complete if we didn't support SonicWall SMA in addition to SonicWall Firewalls. On your SMA, simply go to Log | Settings and enter the Fastvue server as a syslog server.

SonicWall SMA Syslog Settings

Then in Fastvue Reporter for SonicWall go to Settings | Sources | Add Source and you should see your SMA appear in the dropdown list. Select it to add it as a monitored device.

Note: Fastvue Reporter for SonicWall is licensed based on the number of SonicWall devices you need to monitor. Monitoring an SMA device in additon to a SonicWall Firewall will require at minimum the Medium license.

Try Fastvue's SonicWall VPN Reports now!

Download and install the latest version of Fastvue Reporter for SonicWall to access these new features.

If you're new to Fastvue Reporter for SonicWall, it comes with a free 14-day trial. See our Getting Started Guide for recommended system requirements, simple installation instructions and information on sending log data from your SonicWall.

If you're upgrading an existing v2.0 installation (see Settings | About), simply download and run the new installer over the top of your existing installation. The installer will pick up your existing settings, so just click next throughout the wizard without making any changes. Once installed, browse to the site and clear the browser cache by hitting ctrl + F5 (cmd + R on Mac).

If you're upgrading from v1.0, please see the Upgrade section on our Getting Started page.

Note that it can take a few minutes for data to start importing again after upgrades and restarts of the Fastvue Reporter service. You can check the database initialisation progress in Settings | Diagnostic | Database.

It's also important to note that you will not see the VPN dashboard populate immediately. This will start populating as soon as new VPN connections are started.

Enjoy!

With Fastvue Reporter for SonicWall's new VPN Dashboard and VPN section in the IT and Network Security report, you can monitor the number of active sessions throughout the day to help plan for extra capacity, or use the reports to find who has not connected recently.

You can also easily see when most people connect and disconnect, and proactively respond to unexpected disconnections or excessive invalid login attempts.

What do you think of our new VPN Dashboard and VPN report section? Let us know if we're missing anything in the comments.

Try Reporter for SonicWall free, or learn more

  • Share this story
    facebook
    twitter
    linkedIn