Firewall VPN report

When your organization adopts remote work, you'll want your remote users to connect to your corporate network securely through VPNs. This traffic generates logs that are different from usual authentication traffic. Therefore, specifically monitoring VPN traffic is important from both a security and compliance perspective.

EventLog Analyzer, a comprehensive log management solution, analyzes firewall VPN traffic and alerts you in case of suspicious VPN connections, anomalous VPN usage trends, and more.

Firewall VPN traffic monitoring using EventLog Analyzer

EventLog Analyzer enables you to monitor VPN traffic by analyzing your VPN logs. It provides:

• VPN firewall traffic reports that give you an overview of VPN traffic, including details like source, destination of traffic, and port.
• The number of VPN connections at any given time.
• Real-time alerts when VPN connections exceed the specified threshold limit.

EventLog Analyzer supports VPN traffic monitoring for multiple firewall vendors including Cisco, SonicWall, Fortinet, Sophos, Meraki, and more.

Firewall VPN connection and usage monitoring

EventLog Analyzer gives you analytical reports that present information on VPN usage. Learn about connected and disconnected users, and analyze VPN usage with the trend graph based on volume (number of VPN connections).

Further, this solution monitors every VPN user session and gives information on:

• VPN logons, including remote users who logged on through a VPN, how long the user was connected to the network, the data consumed, and more. This information is vital to analyzing traffic trends.
• Failed VPN logons, including users who had logon failures. This information can be effective for reducing the risk of a breach through the VPN.

Detecting suspicious VPN activities

EventLog Analyzer helps you detect suspicious VPN activities such as:

• Unusual spikes in VPN usage.
• VPN logons during odd hours.
• Multiple failed VPN logons from the same user.

Further, the solution reduces the risk of intrusions through VPN connections by providing instant alerts for VPN security threats such as land-speed violation, where multiple successful connections are established by the same user from different locations within a specified time period.

These threats are detected using prebuilt correlation rules. With this solution, you can also automate remedial actions such as blocking or disabling the suspicious user account, terminating the connection, and more.