Hello,
We are monitoring VPNSSL for security purpose with snmptraps.
It's working, but in the text send in the trap by the sophos firewall, we don't have the real public client ip address.
Here is an example :
20230308.100302 UDP: [XXX.XXX.XXX.9]:14615->[XXX.XXX.XXX.253]:162
DISMAN-EXPRESSION-MIB::sysUpTimeInstance = 179275369
SNMPv2-MIB::snmpTrapOID.0 = SFOS-FIREWALL-MIB::sfosNotification
SFOS-FIREWALL-MIB::sfosDeviceType.0 = XGS4300_AM01_SFOS
SFOS-FIREWALL-MIB::sfosDeviceFWVersion.0 = 19.0.1 MR-1-Build365
SFOS-FIREWALL-MIB::sfosDeviceAppKey.0 = XXXXXXXXXXXXXXXX
SFOS-FIREWALL-MIB::sfosDeviceName.0 = xxxx.xxxxx.xx
SFOS-FIREWALL-MIB::sfosCurrentDate.0 = Wed Mar 8 10:03:02 2023
SFOS-FIREWALL-MIB::sfosTrapMessage.0 = Alert_Id : 17825 Message : SSL VPN User 'username@domain.local' disconnected
It would be nice to have it in the message to log it and to check if there is any abnormal behavior of our users.
Furthermore, I've been unable to find this information with the GUI.
I had to log in my firewall with SSH and read the /log/ssslvpn.log file, which is not fast at all.
At least, we must have this information somewhere in the GUI, and even better in the snmp traps.
Regard.
Christophe.
This thread was automatically locked due to age.
