Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Juan_Concepcion
Advisor

Mobile Access Reporting

I am trying to figure out how to get mobile access to correctly report on users for:

1. Login/Logout Activity

2. Client they are currently using

3. Destination of their traffic

Firsts 2 I have been successful in creating the appropriate pages. However the 3rd doesn't seem to work no matter what I do.

On SmartEvent I created a new report with report filter as follows:

Report Filter

and on the page for my destinations I set the page with a table with settings as follows:

Page Filter

However no matter what I do the destination comes up blank:

Destination page

Can someone enlighten me on what I'm doing wrong -have spent hours on the and if I put in "Destination port" into the  table settings that shows up, the only thing I cannot get to show up is "Destination"

24 Replies
Gaurav_Pandya
Advisor

Hi Juan,

Try to add "contains" field and match the words. Let see if you are getting reports or not for destination.

Juan_Concepcion
Advisor

"No data found" when I change my filter.

0 Kudos
PhoneBoy
Admin
Admin

Which destination are you looking for here:

  • The gateway the user is authenticating
  • The server they are connecting to over the VPN
  • Something else
0 Kudos
Juan_Concepcion
Advisor

The server they are connecting to over vpn.

Sent from my iPhone

0 Kudos
Juan_Concepcion
Advisor

I found the issue it's not allowing VPN traffic data to be pulled into table view, is this by design??

Available Data Table View

Gaurav_Pandya
Advisor

Hi Jaun,

Are you talking about Mobile access SSL VPN? Please select "All Session events" in Mobile access blade for required field and check.

Mobile Access Blade --> Advance setting --> Logging --> Tracking

Juan_Concepcion
Advisor

Not sure what you’re referring to there but I have logs reported for user access:

there is just no way to get them pulled into the reports because VPN Blade is not an option for data field:

--Juan

Kfir_Dadosh
Employee Alumnus
Employee Alumnus

Please add a screen capture of a sample log card and mark all the relevant fields you wish to report on.

Then I will be able to advise you how to do it.

Kfir

Juan_Concepcion
Advisor

0 Kudos
Juan_Concepcion
Advisor

Still trying to get this resolved:

0 Kudos
Jason_Dance
Collaborator

Just a thought, have you tried applying a report filter of VPN blade and Source equal to the Office mode IP range, and then adding just source and destination to your table?

Juan_Concepcion
Advisor

Yes doesn’t come up ☺

0 Kudos
Jason_Dance
Collaborator

What version are the gateways and management on?

0 Kudos
Juan_Concepcion
Advisor

R80.10 – mobile access is not one of the fields you can add in the table

Dilian_Chernev
Collaborator

Just dealing with such report and have follwing suggestions for you:

1. Enable "logging per session" on all rules you want to track. VPN blade is not generating session logs, so no data for smartevent.

2. On your report use filter by action: Decrypt and can also filter for destination if applicable.

Where how it looks no my report:

Hope this helps

Juan_Concepcion
Advisor

Thank you very much - will test per your settings.

0 Kudos
Juan_Concepcion
Advisor

That worked!! Thanks so much for the solution.

MattDunn
Advisor

Hi,

I've read this thread with interest as I'm trying to do the same thing - reporting on what internal servers each Mobile Access user is hitting.  I didn't quite follow when you suggested "logging per session".  I presume you mean on the normal Security rules logging?  In which case, which Security rule would I log to capture Mobile Access Native Application traffic?  

Any help greatly appreciated.

Thanks,

Matt

0 Kudos
PhoneBoy
Admin
Admin

Right click on Track field of relevant rule, select More.


0 Kudos
MattDunn
Advisor

Thanks Dameon Welch Abernathy.  I was more interested in which Security rule I need to enable this logging.  I thought that as I'm using Mobile Access, my access rules are created in the MAB rulebase rather than the Security rulebase, so I don't get which specific rule I should enable this per session logging on in order to capture what internal "Native Application" IP's my users are accessing?

0 Kudos
PhoneBoy
Admin
Admin

Which Security rule (if any) matches the traffic?

Not sure if this works if you're not using the unified policy that includes Mobile Access or not.

0 Kudos
MattDunn
Advisor

Ah, Unified Policy!  That makes sense...  I'm not running Unified at the moment...  I'll add that to my To-Do list!

Thanks.

Gaurav_Pandya
Advisor

Hi,

I have made below settings for only Mobile users.

 

 

Capture2.PNGCapture3.PNG

0 Kudos
Gaurav_Pandya
Advisor

I have put Office pool IPs in source field.

0 Kudos