Tracking connected users
This section explains how to track currently connected users, or those that are connected through the SSL VPN, from the SNS firewall web administration interface.
To improve the readability of images, some columns in tables have been hidden. As such, what you see on your SNS firewall may be slightly different. Not all of the available columns are described in this section. For more information, refer to the in the v4 user guide or v5 user guide, depending on the SNS version used.
Information on access to private data
Some information can be accessed if the user has been granted permissions to look up private data. If you hold this permission or a code to access private data:
- On SNS in version 5: click on the icon representing a user
in the upper banner, then click on Obtain personal data access. If an access code is required, enter it and click on Obtain. - On SNS in version 4: click on Logs: restricted access in the upper banner. If an access code is required, enter it and click on Obtain.
For further information, refer to the Technical note Complying with privacy regulations.
Displaying users currently connected to the SNS firewall through the SSL VPN
In SSL VPN tunnel monitoring
Go to Monitoring > Monitoring > SSL VPN tunnels.
This view shows which users are connected to the SNS firewall through the SSL VPN in real time, and includes session details (IP addresses, number of bytes sent and received, etc.).
| Column | Description |
|---|---|
| User |
Indicates the name of the user currently connected to the SNS firewall through the SSL VPN. |
| Client version |
Indicates the version of the Stormshield SSL VPN client that was used to connect. For SSL VPN clients that are not compatible with the client workstation verification feature, the value "N/A" is shown. This column is available only on SNS versions 4.8 LTSB and 5. |
| Client workstation verification (ZTNA) |
Indicates the client workstation’s compliance status. There are several possible values:
This column is available only on SNS versions 4.8 LTSB and 5. |
In user monitoring
Go to Monitoring > Monitoring > Users.
This view provides a real-time view of the users connected on the SNS firewall.
| Column | Description |
|---|---|
| User |
Indicates the name of the user currently connected on the SNS firewall. To find out whether the user is connected to the SNS firewall through the SSL VPN, check the "SSL VPN" column. |
| Client workstation verification (ZTNA) |
Indicates the client workstation’s compliance status. There are several possible values:
This column is available only on SNS versions 4.8 LTSB and 5. |
| One-time password |
Indicates whether a user has logged in using a TOTP from the Stormshield TOTP solution. This column is available only on SNS versions 4.8 LTSB and 5. |
| SSL VPN |
Identifies users connected on the SNS firewall through the SSL VPN. |
Viewing logs on VPN tunnel events
Go to Monitoring > Logs - Audit logs > VPN.
This log shows events relating to SSL VPN and IPsec VPN tunnels.
By default, events from the last hour are displayed. You can change the time range by selecting another value in the toolbar above the grid.
| Column | Description |
|---|---|
| Saved at | Indicates the date and time of the event. |
| Message |
Indicates the nature of the event: VPN tunnel connected or disconnected, user authentication in the firewall authentication engine, etc. On SNS versions 4.8 LTSB and 5, messages relating to the client workstation verification feature (HostChecking in the logs) may appear:
|
| User |
Indicates the user that is associated with the event. |
| Client workstation verification (ZTNA) |
Indicates the client workstation’s compliance status. There are several possible values:
This column is available only on SNS versions 4.8 LTSB and 5. |
| Client workstation verification criterion |
Shows non-compliant criteria when an SSL VPN tunnel fails to set up due to the non-compliance of the client workstation or user. This column is available only on SNS versions 4.8 LTSB and 5. |
