Hi Ktro,

I understand you want to know what data is transferred over the SSLVPN tunnel by the users.

+ You may need to track the destinations by enabling log all sessions in the policy

+ If in case you want to see the files or applications used by the user, you may need to have deep-inspection enabled in the policy along with application-control profile so you can see the what applications are used by the user

Thank you!

Thallapelly Thrilok.

As a person more often on the audit/compliance side, it's easier to make me happy this way. If I'm a regulator or auditor, and you're running connections that go through any pipe that's not explicitly owned and operated privately only for your company's use, I need to now test that each one of them is encrypted and secured. Best practice, I'm doing this no matter what for every system, platform, protocol, etc. But, if you have a tunnel, I'm less likely to pitch a fit when one of your systems is using a deprecated protocol or isn't locking down or encrypting every single packet that goes out.

Another flavor of this answer: it's what has always passed audits in the past, so why change what works? There will be, at some point in the future, theoretically, an inflection point where encryption and other controls are inherent/built into the protocols and infrastructure, and we no longer have to scrutinize each connection as if it was hand coded in 1987. We are not quite there yet. So "it goes over VPN" is still the answer that even the auditor is looking for, and despite it being overkill if your teams are good at securing connections, it's still probably easier than having to convince me otherwise.

Please note the legal basis.

In a Tunnel VPN connection, various types of data can be transferred depending on the activities of the users. The most common types of data include:

1. General internet traffic: This includes browsing websites, downloading files, accessing web applications, and any other online activities performed by the users.

2. Remote access to internal resources: Users may use the Tunnel VPN connection to access resources such as files, databases, applications, or servers within a private network. This allows them to work remotely as if they were physically present within the network.

3. Secure communication: VPNs encrypt the data transmitted between the user's device and the VPN server, ensuring a secure connection. This encryption is particularly important when using public Wi-Fi networks or when transmitting sensitive information.

To track the activity and data transferred across a Tunnel VPN connection, you can employ various monitoring and logging methods. Here are a few options:

1. VPN server logs: The VPN server can log connection information, including the duration of each session, the amount of data transferred, and the source/destination IP addresses. Reviewing these logs can provide insights into user activity.

2. Network traffic analysis: By monitoring the network traffic on the VPN server, you can gain visibility into the type and volume of data being transferred. Network monitoring tools can help track bandwidth usage and identify any anomalies or excessive data transfers.

3. User activity logs: If your VPN solution provides user-level logging, you can track individual user activities. This can give you detailed information about the applications accessed, websites visited, and files downloaded/uploaded by each user.

By analyzing these logs and monitoring network traffic, you can identify patterns, usage trends, and any potential issues related to VPN usage. This information can help you optimize the VPN infrastructure, enforce security policies, and ensure efficient utilization of network resources.