Any way to get detailed inbound/outbound traffic logs?

Hi Ryan,

If Jaydeep's answer isn't what you were looking for, share with us the motivation for asking your question - what do you want to know?

Cheers - Bob

Hi Bob/Jaydeep,

Sorry, my question was posted on behalf of someone else and admittedly I rushed it. Basically I'd like to know whether SSL VPN-specific traffic is logged anywhere for an event such as:

"Ryan sent traffic outbound to address 1.1.1.1 at 5:13PM on September 18th through the VPN tunnel."

Hi Bob/Jaydeep,

Sorry, my question was posted on behalf of someone else and admittedly I rushed it. Basically I'd like to know whether SSL VPN-specific traffic is logged anywhere for an event such as:

"Ryan sent traffic outbound to address 1.1.1.1 at 5:13PM on September 18th through the VPN tunnel."

Hi Ryan Swin 

No, it would not be possible for UTM to log the traffic to these details. It would consume the logs disk and the resource in only logging this traffic details which would be counterproductive to main purpose of a firewall.

However, you can use TCPDUMP in SSH of UTM to check live traffic details. Please note that UTM can not store that for a later-viewing purpose. Please refer to this KBA Sophos UTM: How to capture packets and download the Packet Capture for more details on how to capture live traffic in UTM 9.

Thanks Jaydeep,

Your reply makes a lot of sense, as what I was asking for does seem a little outside of the responsibilities of a router. I suppose there is dedicated hardware appliances that are meant gathering information like this that we could position between our router and the public internet. Perhaps something like a Unifi Security Gateway device? Does that make sense?

I'm still not clear, Ryan.  In your example, is 1.1.1.1 the OpenVPN server that someone connected to from behind the UTM, or is it an internal IP accessed by an SSL VPN client that connected to the UTM, or ???

Cheers - Bob