Description
This article explains how to view the historical logs for users connected through SSL VPN.
Scope
FortiGate with SSL VPN.
Solution
The historic logs for users connected through SSL VPN can be viewed under a different location depending on the FortiGate version:
- Log & Report -> VPN Events in v6.0.x.
- Log & Report -> Events and select 'VPN Events' in 6.2.x and 7.0.x
- Log & Report -> System Events and select 'VPN Events' in 7.2.x and 7.4.x.
It is necessary to use the Add Filter option to add 'Action: tunnel-Up' or 'Action: tunnel-down' depending on requirements as shown in the following screenshots.
Once the log has been selected for the required date, the user identifier will be shown as part of the detailed log display.
- v6.0.x:
- v6.2.x:
- v7.0.x:
- v7.2.x and v7.4.x:
- v7.6.x and v7.6.3:
In v7.6.3 and later, SSL VPN tunnel mode has been deprecated and no longer supported on all FortiGate models. This change requires users to migrate to an alternative remote access solution, such as IPsec VPN or ZTNA (Zero Trust Network Access), to maintain connectivity.
Note:
Make sure that the VPN activity event is enabled.
To log VPN events from the GUI:
- Go to Log & Report -> Log Settings.
- Verify that the VPN activity event option is selected.
- Select Apply.
