ā10-12-2020 05:21 AM - edited ā10-12-2020 05:22 AM
Hello,
I have several profiles of RA VPN
In all of them I use the traffic filter option.
In addition, I have the "Bypass Access Control policy for decrypted traffic" ticked.
The problem I have is that I do not see the logs of VPN activity in the events. I only see some events to the broadcast IP or the Gateway IP of the VPN.
Is there sth I have to enable?
Or If the Events are not the place to see the activity of the VPN, where should I see it?
The extended access lists I use have the logging enabled.
Regards,
Konstantinos
ā10-12-2020 11:33 AM
Can you share please the sanitised screenshots of how you configured the logging on the FMC?
ā10-13-2020 01:07 AM
I believe you can see these log in Devices > VPN > Troubleshooting
If you want these logs sent to a syslog server, you need to configure this under Platform Settings > Syslog > Logging
ā10-13-2020 01:52 AM
Hello,
The logs in Devices > VPN > Troubleshooting show only log off and log on actions.
I have not seen any traffic related events.
ā10-13-2020 02:08 AM
Exactly what type of traffic related events are you looking for?
There are a couple other places you can look. Under Analysis > Users > Active Sessions provides info on the user, the AnyConnect client they are using, public IP, etc.
Under Analysis > Users > User Activity provides connection duration details, throughput, details, etc.
ā04-05-2024 10:41 PM
hi,
do I have some kind of log on the ftd it self?
I am looking for some VPN activities of the last 48 hours.
ā04-05-2024 11:50 PM
Make new post it better
MHM
ā10-13-2020 02:13 AM
I would like to see the traffic allowed or blocked on a user
For example I have an access list on traffic filter that allows only RDP.
This traffic was blocked and I could not see why.
Where could I see that kind of traffic?
ā10-13-2020 03:17 AM
Hmm...I wonder if it is the "Bypass Access Control policy for decrypted traffic" that is the issue here. I suggest, if possible, to create an ACP entry that matches your VPN traffic allowing what you want them to be able to reach on your inside network and enable logging on that entry. You should then be able to see this traffic in connection events.
Otherwise, if that is not what you want, I do not believe it is possible to view the traffic other than what I posted earlier.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide