You are encouraged to have Logstash brokering the information between the Fortigate and your Elasticsearch back-end. Using Kibana we'll construct a query based on the collected information, so if this is a single unit and not a vdom in a multi-chassis setup, pay attention to the query language changes below. You must have users that use a Fortigate vdom SSL-VPN gateway that logs to Elasticsearch ( ES). How do we see it in a particular user? We modify the query for them. In either case, they'll experience a race condition between the competing devices attempting to use the same account ( if concurrent account usage is disallowed). For instance, a remote-worker user may have the same SSL-VPN account in use on a desktop and a laptop, or a whole office of employees might be trying to use the same account. This is good for both hosting revenue as well as security, as a client is forced to purchase a separate account for each user, and each client user's usage can be individually tracked for accounting/security purposes.Ī common problem with this is that individual end-users may have more than one device that uses the SSL-VPN account, or a group of users may be attempting to use the same account. To briefly review Fortigate SSL-VPN functionality, the administrator can disallow multiple concurrent logins with the same VPN account. The Elasticsearch Stack can be used to find SSL-VPN concurrent use problems, which cannot be found with the Fortigate itself ( without a true parsing of the raw logs, including the ones that are useless). Here's a real-world example using Fortinet Fortigate SSL-VPN activity ( Forticlient User VPN connections). The real sizzle is that it might be able to tell you more than the things it has information on. The dream of the Elasticsearch stack is that you will be able to glean information that might not be easily derived ( or, at all) from other sources.
0 kommentar(er)
