Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
polarpanda
New Contributor II

Show Current VPN Users Login

Hi fortianalyzer gurus,

 

                I'm new to Fortianalyzer. Can someone guide me how to display or run report of all the current VPN users login at the moment? Thank you!!

4 REPLIES 4
Chris_Colantonio
New Contributor

I am looking for this as well. There doesn't seem to be a built in one for this and what I'm looking for is the username, hostname (optional), login time, and ssl vpn ip address (not remote).

The use case is remote support team connecting to remote users and need to look up IP addresses in case DNS isn't accurate (sometimes it updates, sometimes it doesn't). If we had IP's it would cut out having to ask the end user what their IP address is...which is painful for some.

I can't break out the permissions directly to fortigate, nor can i do it via fortianalyzer, so I would end up sending this report a few times a day..although i have no idea how long the ssl vpn addresses lease is for and can't seem to find a setting.

Please advise. Thank you!

___________________ FCNSA 3.0 2 FG-620b HA 2 FWF-60B FortiAnalyzer 2000a FortiMail 400
___________________ FCNSA 3.0 2 FG-620b HA 2 FWF-60B FortiAnalyzer 2000a FortiMail 400
polarpanda

Hi Chris,

 

             For my situation, I still haven't find the solution on fortianalyzer. But i did find solution on fortigate itself. I found it under Monitor -> SSL VPN users. Then you can see the current users login via VPN and the last login time. Hopefully this is helpful for your case as well. Thanks.

Chris_Colantonio

If only I could delegate access to specifically that tab...I wouldn't be in a world of hurt with learning sql queries to pull it out.

Thank you.

___________________ FCNSA 3.0 2 FG-620b HA 2 FWF-60B FortiAnalyzer 2000a FortiMail 400
___________________ FCNSA 3.0 2 FG-620b HA 2 FWF-60B FortiAnalyzer 2000a FortiMail 400
AlexL

Hi,

 

I think this is possible, here is a query for a dataset:

 

Log Type: Event

 

select distinct(`user`), remip, assignip from $log-event where action='tunnel-up' and tunnelid not in (SELECT tunnelid FROM $log-event WHERE action='tunnel-down')

Labels
Top Kudoed Authors