03-30-2020 03:36 AM
Hello. We have a redundant pair of FTD 2110 managed by a virtual FMC. RA VPN users connect to the FTD using AnyConnect. They are authenticated using a RADIUS server.
We need to have a list of RA VPN sessions: at least username, login time, logout time and assigned IP.
But on FTD, we only have a list of currently active sessions, I don't know whether we can get a list of previous sessions. On FMC, Analysis -> Users -> Active Sessions displays only a subset of them!?! Also, Analysis -> Users -> Users and Analysis -> Users -> User Activity display only a subset of host history and activities.
How to correct that? How can we get the needed list of sessions?
Is it possible to log user events to an external syslog server, and how to set that up? Maybe that would help to collect all the data we need.
Thanks and best regards.
Solved! Go to Solution.
03-30-2020 03:46 AM
Hi,
The FMC does not currently provide a lot of session information. You have 2 options, use RADIUS as the authentication server, this will have the information you require (login, logoff etc). If you wish to use syslog, refer to this guide.
HTH
03-30-2020 11:38 AM
Hi! Thanks for the idea. We already had been using RADIUS as the authentication server, but now we turned on logging of authentication and accounting on the RADIUS server. Logs are rather large but contain all the info we need. We had to turn on accounting in order to see framed IP addresses and logouts. (We use pools on FTD to assign IP addresses.) Thanks again and best regards.
03-30-2020 03:46 AM
Hi,
The FMC does not currently provide a lot of session information. You have 2 options, use RADIUS as the authentication server, this will have the information you require (login, logoff etc). If you wish to use syslog, refer to this guide.
HTH
03-30-2020 11:38 AM
Hi! Thanks for the idea. We already had been using RADIUS as the authentication server, but now we turned on logging of authentication and accounting on the RADIUS server. Logs are rather large but contain all the info we need. We had to turn on accounting in order to see framed IP addresses and logouts. (We use pools on FTD to assign IP addresses.) Thanks again and best regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide