Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Chris_Blake
Participant

IPSEC traffic report

Hi all,

Is there a way to get IPSEC traffic on a specific gateway put into a report or view, so that it can be sent off to our client?

I have searched the community posts and come across various topics dealing with VPN users and their traffic, but nothing specific for IPSEC tunnel traffic.

Thanks

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

Can you clarify exactly what you are expecting in this report and provide some clarity about the S2S VPN configuration?
My guess (at a high level) is you could use the encryption domains of the relevant gateways to filter the report down to the relevant traffic.

0 Kudos
Chris_Blake
Participant

Thank you for replying.

I can see in my firewall logs the total traffic being sent over a period of time, based on the source IP from the peer. I would like to put these logs into a graph to show daily connections from the client side (they asked us if we could provide this as they don't monitor these metrics on their side)

I don't know if I can get Traffic In (bytes) to show on the graph, when I select this in my report creation it shows "0b" in the widget.

We then have an internal Zabbix monitor using SNMP to monitor the state of the tunnel using 1.3.6.1.4.1.2620.500.9002.1.3.peer.ip.of.client.0, and this alerts when it changes from 3 (active) to any other value (4 destroy, 129 idle, 130 phase1, 131 down, 132 init).

I would like to provide some info in my report on the state of the tunnel say over a 30 day period, like a table that shows number of times the tunnel changed from 3 to any other state.

We are running Checkpoint R81.10 on our side, the client is running Fortigate (I think) on theirs.

For my report parameters I`m using :

Blade = Firewall

Source = peer.ip.of.client

I hope this is the info you require, thanks for your assistance.

 

 

 

0 Kudos
PhoneBoy
Admin
Admin

I think the only thing we log is when the VPN comes up or there is a new key exchange.
We don't log VPN state beyond when the tunnel comes up due to interesting traffic being sent/received.
That means you will not be able to get this information from SmartEvent.

0 Kudos