Fortigate SSL VPN statistics monitoring & graphs

alanbboyd · 12 June 2017 15:21

I would like to see support for graphs counts of clients connecting to a Fortigate SSL VPN; other statistics would also be useful (unique users; average time connected per session; average bytes in/out per session). Client count information similar to the graphs produced in the latest LibreNMS wireless code update would be ideal.

Sanitised snmpbulkwalk output below (from a Fortigate 1500D) showing three concurrently connected users with MIB objects as per http://www.mibdepot.com/cgi-bin/getmib3.cgi?win=mib_a&r=fortinet&f=fortinet-fortigate-mib&v=v2&t=tree

 /usr/bin/snmpbulkwalk -OsqnU  -M /opt/librenms/mibs device .1.3.6.1.4.1.12356.101.12.2.3.1
.1.3.6.1.4.1.12356.101.12.2.3.1.1.1 2                         ! fgVpnSslState
.1.3.6.1.4.1.12356.101.12.2.3.1.2.1 3                         ! fgVpnSslStatsLoginUsers
.1.3.6.1.4.1.12356.101.12.2.3.1.3.1 6                         ! fgVpnSslStatsMaxUsers
.1.3.6.1.4.1.12356.101.12.2.3.1.4.1 4                         ! fgVpnSslStatsActiveWebSessions
.1.3.6.1.4.1.12356.101.12.2.3.1.5.1 9                         ! fgVpnSslStatsMaxWebSessions
.1.3.6.1.4.1.12356.101.12.2.3.1.6.1 3                         ! fgVpnSslStatsActiveTunnels
.1.3.6.1.4.1.12356.101.12.2.3.1.7.1 3                         ! fgVpnSslStatsMaxTunnels

 /usr/bin/snmpbulkwalk -OsqnU  -M /opt/librenms/mibs device .1.3.6.1.4.1.12356.101.12.2.4.1
.1.3.6.1.4.1.12356.101.12.2.4.1.1.1 1                         ! fgVpnSslTunnelIndex
.1.3.6.1.4.1.12356.101.12.2.4.1.1.2 2
.1.3.6.1.4.1.12356.101.12.2.4.1.1.3 3
.1.3.6.1.4.1.12356.101.12.2.4.1.2.1 1                         ! fgVpnSslTunnelVdom
.1.3.6.1.4.1.12356.101.12.2.4.1.2.2 1
.1.3.6.1.4.1.12356.101.12.2.4.1.2.3 1
.1.3.6.1.4.1.12356.101.12.2.4.1.3.1 "user1"                   ! fgVpnSslTunnelUserName (Username)
.1.3.6.1.4.1.12356.101.12.2.4.1.3.2 "user2"
.1.3.6.1.4.1.12356.101.12.2.4.1.3.3 "user3"
.1.3.6.1.4.1.12356.101.12.2.4.1.4.1 10.23.209.138           ! fgVpnSslTunnelSrcIp (Client source IP)
.1.3.6.1.4.1.12356.101.12.2.4.1.4.2 10.23.15.19
.1.3.6.1.4.1.12356.101.12.2.4.1.4.3 10.23.215.230
.1.3.6.1.4.1.12356.101.12.2.4.1.5.1 10.15.26.1              ! fgVpnSslTunnelIp (Client SSL VPN allocated IP)
.1.3.6.1.4.1.12356.101.12.2.4.1.5.2 10.15.26.2
.1.3.6.1.4.1.12356.101.12.2.4.1.5.3 10.15.26.3
.1.3.6.1.4.1.12356.101.12.2.4.1.6.1 593                       ! fgVpnSslTunnelUpTime (Seconds connected to SSL VPN)
.1.3.6.1.4.1.12356.101.12.2.4.1.6.2 92
.1.3.6.1.4.1.12356.101.12.2.4.1.6.3 15
.1.3.6.1.4.1.12356.101.12.2.4.1.7.1 521220                    ! fgVpnSslTunnelBytesIn (bytes out from client)
.1.3.6.1.4.1.12356.101.12.2.4.1.7.2 24421
.1.3.6.1.4.1.12356.101.12.2.4.1.7.3 953
.1.3.6.1.4.1.12356.101.12.2.4.1.8.1 1151950                   ! fgVpnSslTunnelBytesOut (bytes in to client)
.1.3.6.1.4.1.12356.101.12.2.4.1.8.2 22216
.1.3.6.1.4.1.12356.101.12.2.4.1.8.3 2870

Thanks

network-guy · 13 June 2017 05:35

Should be pretty simple. I’ll work on this as I get time. I’ve got some use for it as well.

network-guy · 15 June 2017 15:30

@alanbboyd I started working on this, but it’s a bit more complicated than I originally thought. The Fortigate reports the SSL stats per VDOM, so I need to figure out a way to create a graph per VDOM, or a single graph that shows all VDOMs. I’ll link the pull request when it’s ready.

alanbboyd · 16 June 2017 08:28

No problem, thanks for the update.

freysteinn · 23 May 2019 13:46

Hi @network-guy.

Was this ever implemented?

Best wishes
Frey Alfredsson

Joe_Hsu · 5 June 2019 08:41

I’m looking for this too.
Any update?

Joe_Hsu · 1 August 2019 09:40

Thanks for the hard work!
Just find out that there are COUNT for SSLVPN now and wondering how to add to the widget.
I did find [Device Count] ing Graph and this will display all of the COUNT items of that device.
But I just want [SSL VPN Logged users]
Is it possible?

Donovan_Esterhuizen · 1 August 2019 11:02

Yip thanks for the Devs, this is a great feature

alanbboyd · 2 August 2019 09:04

And a big thankyou from me - VPN usage graphs are building up nicely. Lovely!

MS_Mum · 8 October 2020 23:08

Can you share how I can use this?

alanbboyd · 27 October 2020 17:30

Look at the device page for your firewall and you should seem something like the below for VPN statistics (example from a test/dev FortiGate 90D which isn’t doing very much):

MS_Mum · 27 October 2020 17:50

Oh yes I can see that.
I was looking for more information related to user as mentioned
“other statistics would also be useful (unique users; average time connected per session”
I thought its possible to see the specific user connected time. Let say if I want to see how whichs users are connected right now then I can see all usersname.

alanbboyd · 27 October 2020 18:00

It’s a long time since I’ve looked at it, but LibreNMS only looks at concurrent user/tunnel counts. You would need to look the FortiGate directly or whatever syslog server you have at the back end for that level of detail.

If you have a significant number of concurrent VPN users I don’t think that would work well with the device user interface and IMO is outside the scope of what LibreNMS is for. Either way I suspect it would be a significant piece of work to add that functionality.

MS_Mum · 27 October 2020 20:24

Ok. Thanks for quick information.