Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

network connect destination IP and port logging

SOLVED
Go to solution
epetty_
New Contributor
‎10-23-2012 02:47:PM
‎10-23-2012 02:47:PM

network connect destination IP and port logging

I want to see a history of all the destination IP addresses and ports to which clients are connecting during Network Connect sessions.

 

For example, if a user launches Network Connect and then uses the SSH client on their computer to connect to Server1 on port 22, or opens up Windows explorer and connects to Server2 on port 445, I want to have a log showing me the user name, date/time, destination IP, destination protocol, and destination port #.

 

How can I do this?  Is there logging which can be configured in any component of the SSL VPN which will show me this information?  Is a packet capture from the internal interface of the SSL VPN the only way to do this?

 

The reason I want to do this is because I have many users which have been given Network Connect, and an Access Policy which doesn't restrict the protocols/IPs/ports they are allowed to connect to (the Access Policy allows allows access to *:*).    I want to see what they are currently connecting to, so I can restrict access to only what they need.

 

I am using a Juniper SA 2000 SSL VPN, 7.1R12 build 21827.

 

Thanks

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
-red-_
Frequent Contributor
‎10-23-2012 05:56:PM
‎10-23-2012 05:56:PM

Re: network connect destination IP and port logging

Unless I am forgetting something, I am not sure there is a clean way to do this within the IVE itself. Assuming you have a firewall filtering traffic from the inside interface, why not just log that and filter on your NC IP range?

 

While it will obviously not give you the username, assuming your users stay logged in for a decent period of time, you can look up thier assigned IP for that session then correlate it to the firewall log. Though not ideal, its a good starting point.

View solution in original post

0 Kudos
3 REPLIES 3
-red-_
Frequent Contributor
‎10-23-2012 05:56:PM
‎10-23-2012 05:56:PM

Re: network connect destination IP and port logging

Unless I am forgetting something, I am not sure there is a clean way to do this within the IVE itself. Assuming you have a firewall filtering traffic from the inside interface, why not just log that and filter on your NC IP range?

 

While it will obviously not give you the username, assuming your users stay logged in for a decent period of time, you can look up thier assigned IP for that session then correlate it to the firewall log. Though not ideal, its a good starting point.

0 Kudos
muttbarker_
Valued Contributor
‎10-24-2012 07:09:AM
‎10-24-2012 07:09:AM

Re: network connect destination IP and port logging

Red is 100% correct - NC does not provide that level of logging. You can't do this with the SSL box through logging.

0 Kudos
epetty_
New Contributor
‎10-24-2012 08:41:AM
‎10-24-2012 08:41:AM

Re: network connect destination IP and port logging

Thanks for the confirmation

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.