Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Peter_Elmer
Employee
Employee
Jump to solution

Monitoring applications and data volume related to remote access sessions

Following up the great work of @Tomas_Vobruba mentioning the importance of SmartView Remote Access support, I created the attached View. 

RAS_Session.PNG

It shows the how long the user was connected, which application she/he has accessed and that data volume transmitted.  Check the video to learn more how you can use this view.

(1)
1 Solution

Accepted Solutions
Paul_Kellett
Employee Alumnus
Employee Alumnus

Have a look over on this page too for some more details in reporting for VPN : https://community.checkpoint.com/t5/Visibility-Analytics/SmartView-VPN-Client-enhanced-view/m-p/7887...

Designed to provide 

- total time spend on VPN

- transferred total bytes.

- number of logs

- blade used

- client used for connection (workspace, endpoint, snx, etc)

- login fails and realauth schemes

View solution in original post

12 Replies
Jacopo_Vigano
Explorer

Hi Peter,

are there any method to have a timeline with concurrent active users?

From your template we are able to see the timeline with login peak, but customer asking a timeline with concurrent users.

 

Thanks in advance.

Jacopo 

0 Kudos
Paul_Kellett
Employee Alumnus
Employee Alumnus

Have a look over on this page too for some more details in reporting for VPN : https://community.checkpoint.com/t5/Visibility-Analytics/SmartView-VPN-Client-enhanced-view/m-p/7887...

Designed to provide 

- total time spend on VPN

- transferred total bytes.

- number of logs

- blade used

- client used for connection (workspace, endpoint, snx, etc)

- login fails and realauth schemes

Jacopo_Vigano
Explorer

I already reviewed the link you posted, but there are no any references regarding concurrent users.

Talking with a TAC Engineer, he told me that it seems there are not any method to get concurrent users from SmartEvent. It seems that this information is only available on the Gateway.

Thanks.

Jacopo

0 Kudos
Maarten_Sjouw
Champion
Champion
That is indeed the information I also got from R&D when I was trying to get the user numbers on an MDS per domain.
Regards, Maarten
0 Kudos
Juan_
Collaborator

Hi Peter,

Have tried this in lab and worked well.

However, integrating it in production (200+ RA users), hence, more users and log data causes the cpu to max out and ultimately to SmartLog/SmartEvent to fail. 

Only recovering it with a evstop ; evstart, or waiting many hours.

This might probably be the reason: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

Do you know of any successful use cases in production environments?

 

In which case i may raise a SR to tac to see if there is something else going on with my Management.

0 Kudos
nasa
Participant

There is a SmartEvent License needed to use this feature, right ?

0 Kudos
PhoneBoy
Admin
Admin

Yes, these reports require a SmartEvent license.

0 Kudos
marciojss_check
Explorer

CaptureChcek.PNG

My dash is with  transferred total bytes in O, Can you help me?

0 Kudos
pavan_kalal
Participant

How to create his custom report ? can anyone explain in details R80.30.

0 Kudos
PhoneBoy
Admin
Admin

The report was attached to Peter’s original post and can be imported into R80.30.

0 Kudos
mbckymber
Participant

Hi Peter , Can u tell me why if when implement this solution , i have the cpu 100%?

 

0 Kudos
Peter_Elmer
Employee
Employee

Hi,

you may want to work with Secure Knowledge and TAC here, as high CPU load can have many reasons. You may want to get started with sk167553 and sk165853.

-pelmer

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events