Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Daniel__Greg__G
Employee Alumnus
Employee Alumnus

Individual Remote Access User Bandwidth Utilization

Can Check Point report on individual remote access user bandwidth utilization? R80.20 gateways with E82.30 Endpoint Security Client. Would it require Identity Awareness Blade + Monitoring Blade + Accounting level tracking on the correlating rule(s).

0 Kudos
4 Replies
Amir_Senn
Employee
Employee

Yes this needs both Identity Awareness (IA) and accounting unless you can identify the users by other method (static IP for example). Monitoring blade is unrelated to this and more for VPN.

Then I suggest taking a look at existing views and reports and check what's suitable for you. You can use the existing views/reports or make your own view from copying existing widgets (right click on widget top -> copy) and pasting them (right click on a view with room to paste -> paste . Need edit mode).

 

You can even run the same view for top X users by going to 'View Settings' 'Use View as Template' or 'Duplicate View' (depends on version) and select Users and amount of users.

Kind regards, Amir Senn
0 Kudos
Amir_Senn
Employee
Employee

I've also created 2 views related to browse time which contain relevant data, you can import it and use if you like.

Kind regards, Amir Senn
0 Kudos
Daniel__Greg__G
Employee Alumnus
Employee Alumnus

Thanks Amir. How does scale factor into the requirement. In example:

Customer has peak approximately 8,000 concurrent remote access IPSec VPN active users (E82.30 Endpoint – Remote Access, Firewall & App Ctrl & Compliance Blades enabled) with load-sharing MEP across 4 gateway clusters (R80.20 active/standby), all users/traffic is hub mode.

Customer wants to collect monthly per user remote access VPN data volume (i.e. Bob’s November 2020 Aggregate Remote Access VPN Data Volume = X Megabytes/MB).

Can we provide this data (i.e. Bob’s November 2020 Aggregate Remote Access VPN Data Volume = X) and what are the scale considerations given logging and monitoring capabilities/limitations?

0 Kudos
Amir_Senn
Employee
Employee

I can't say for sure because I don't neither scaling nor EP expert. But you can check a few things to make sure:

1) The logs you want to query has the relevant data - user + accounting

2) Make sure SmartView index those logs - SmartView only index non-connection logs so try to locate them in the SmartView.

If 1+2 occurs then you're good to go.

Kind regards, Amir Senn
0 Kudos