Schedule demo
Home

AWS Client VPN Monitoring

AWS Client VPN - Overview

Amazon Client VPN is a managed client-based VPN service that enables secure and scalable access to AWS and on-premises resources. With Applications Manager, you can monitor the health and performance of your Client VPN endpoints by tracking key metrics such as connection status, data and packet transfer rates, active sessions, authentication failures, and more. It also provides visibility into endpoint configuration details like logging, authentication methods, certificates, and routing options, helping you ensure secure connectivity, detect anomalies, and troubleshoot issues quickly.

Creating a new AWS Client VPN monitor

To learn how to create a new AWS Client VPN monitor, refer here.

Monitored Parameters

Go to the Monitors Category View by clicking the Monitors tab. Click on the Client VPN instance available under Amazon in the Cloud Apps section. Displayed is the Amazon Route Health Checks bulk configuration view distributed into three tabs:

  • Availability tab gives the availability history for the past 24 hours or 30 days.
  • Performance tab gives the health status and events for the past 24 hours or 30 days.
  • List view tab enables you to perform bulk admin configurations.

By clicking a monitor from the list, you'll be taken to the AWS Client VPN dashboard which includes the following tabs:

Performance Overview

ParameterDescription
STATUS INFORMATION
StateDescribes the state of a Client VPN endpoint. Possible values: Pending-associate | Available | Deleting | Deleted.
DAYA UNTIL REVOKED CERTIFICATES LIST EXPIRES
Days Until Revoked Certificates List ExpiresThe minimum number of days until the Certificate Revocation List (CRL) configured on the Client VPN endpoint expires at the time of the poll (in days).
AUTHENTICATION FAILURES
Authentication FailuresThe total number of authentication failures for the Client VPN endpoint between the poll interval.
DATA RECEIVED
Rate of Data ReceivedThe total amount of data received per second by the Client VPN endpoint between the poll interval (in MB/s).
Data ReceivedThe total amount of data received by the Client VPN endpoint between the poll interval (in MB).
DATA SENT
Rate of Data SentThe total amount of data sent per second from the Client VPN endpoint between the poll interval (in MB/s).
Data SentThe total amount of data sent from the Client VPN endpoint between the poll interval (in MB).
PACKETS RECEIVED
Rate of Packets ReceivedThe total number of packets received per second by the Client VPN endpoint between the poll interval (in packets/s).
Packets ReceivedThe total number of packets received by the Client VPN endpoint between the poll interval (in packets).
PACKETS SENT
Rate of Packets SentThe total number of packets sent per second from the Client VPN endpoint between the poll interval (in packets/s).
Packets SentThe total number of packets sent from the Client VPN endpoint between the poll interval (in packets).
ACTIVE CONNECTIONS
Active ConnectionsThe average number of active connections to the Client VPN endpoint at the time of polling.
CONFIGURATION DOWNLOADS
Configuration DownloadsThe total number of downloads of the Client VPN configuration file from the self-service portal between the poll interval.
CONNECT HANDLER ERRORS
TimeoutsThe total number of timeouts when invoking the client connect handler for connections to the Client VPN endpoint between the poll interval.
Invalid ResponsesThe total number of invalid responses returned by the client connect handler for connections to the Client VPN endpoint between the poll interval.
Execution ErrorsThe total number of unexpected errors while running the client connect handler for connections to the Client VPN endpoint between the poll interval.
Throttling ErrorsThe total number of throttling errors on invoking the client connect handler for connections to the Client VPN endpoint between the poll interval.
Denied ConnectionsThe total number of connections denied by the client connect handler for the Client VPN endpoint between the poll interval.
Service ErrorsThe total number of service-side errors while running the client connect handler for connections to the Client VPN endpoint between the poll interval.

Configuration

ParameterDescription
CONFIGURATION
DescriptionA brief description of the endpoint.
Creation TimeThe date and time the Client VPN endpoint was created.
VPC IDThe identifier of the Virtual Private Cloud (VPC) to associate with this resource.
Security GroupsThe IDs of the security groups for the target network.
Client Certificate ARNThe unique identifier (ARN) of a certificate used for authentication between clients and AWS services.
Server Certificate ARNThe Amazon Resource Name (ARN) of the SSL/TLS certificate used by the VPN server to authenticate itself to connecting clients.
DNS NameThe DNS name to be used by clients when connecting to the Client VPN endpoint.
DNS ServersList of DNS servers to be used for DNS Resolution.
Authenticate TypeSpecifies the authentication method for Client VPN connections. Valid values: Certificate-authentication (mutual certificate-based)| Directory-service-authentication (Active Directory)| or Federated-authentication (SAML-based identity federation).
VPN ProtocolThe tunneling protocol used to establish secure connections between clients and the VPN endpoint.
Transport ProtocolThe transport protocol used by the Client VPN endpoint. Possible values: TCP | UDP.
CLIENT & SESSION CONFIGURATION
Client Login Banner OptionsWhen enabled, displays a customizable banner message to users when they connect to the Client VPN endpoint.
Client Connect OptionsWhen enabled, ClientConnectOptions allows you to run custom logic when clients connect to the VPN endpoint.
Split TunnelIndicates whether split-tunnel is enabled in the AWS Client VPN endpoint.
Client Route EnforcementThe current status of Client Route Enforcement. Possible Values: Enabled | Disabled.
Connection Log OptionsIndicates whether client connection logging is enabled for the Client VPN endpoint.
Client CIDR BlockThe IPv4 address range, in CIDR notation, from which client IP addresses are assigned.
VPN PortThe port number for the Client VPN endpoint.
Session Timeout HoursThe maximum VPN session duration time in hours. Possible values: 8 | 10 | 12 | 24. (Hours)
Disconnect on Session TimeoutIndicates whether the client VPN session is disconnected after the maximum sessionTimeoutHours is reached. If enabled, users are prompted to reconnect; if disabled, reconnection happens automatically.

Loved by customers all over the world

"Standout Tool With Extensive Monitoring Capabilities"

It allows us to track crucial metrics such as response times, resource utilization, error rates, and transaction performance. The real-time monitoring alerts promptly notify us of any issues or anomalies, enabling us to take immediate action.

Reviewer Role: Research and Development

carlos-rivero
"I like Applications Manager because it helps us to detect issues present in our servers and SQL databases."
Carlos Rivero

Tech Support Manager, Lexmark

Trusted by over 6000+ businesses globally