locked
Monitor Internet Usage of VPN Users

    Question

  • Hi Guys,

    My requirements are to monitor ALL internet usage in my company. Employees also log onto the company network by using vpns. For the duration of the vpn connection company's internet gateway also acts as vpn users' default gateway. I m looking for a solution to monitor the internet traffic for local as well as vpn users, along with details like the duration of the vpn connection, when the connection was created & destroyed, as well as amount of bandwidth consumed by a particular user.

    Is it possible to achieve this with ISA 2004/2006?


    Regards,
    wakh

    Saturday, July 25, 2009 7:18 PM

Answers

  • Hi,

     

    Thank you for update.

     

    As far as I know, ISA Server firewall allows you to monitor the VPN client connections. Please perform the following steps to see how you can view connections from VPN clients:

     

    1.      In the ISA management console, expand the computer name in the left pane of the console and click the Virtual Private Networks node. In the Task Pane, click the Tasks tab. Click the Monitor VPN Clients link.

    2.      You are moved to the Sessions tab in the Monitoring node. Here you can see that the sessions have been filtered to show only the VPN Client connections.

    3.      Click on the Dashboard tab. Here you can see in the Sessions pane the VPN Remote Client connections.

    4.      You can also use the real-time logging feature to see connections made by the VPN clients. Click on the Logging tab and then click the Tasks tab in the Task Pane. Click the Start Query link. Here you see all communications moving through the firewall. You can use the filter capabilities to focus on specific VPN clients or only the VPN clients network.

     

    Regards,

     


    Nick Gu - MSFT
    Wednesday, July 29, 2009 6:30 AM
  • Hi Wakh,

     

    I think you may try to use Bandwidth Splitter. It is a program extension for ISA Server, and it will allow you to monitor the Internet connection bandwidth and distributing it among all users and servers according to preset rules.

     

    For more information, please refer to the following link .

    http://www.bsplitter.com/

     

    Hope this helps.

     

    Regards,


    Nick Gu - MSFT
    Friday, July 31, 2009 3:55 AM

All replies

  • Hi,

     

    Thank you for posting.

     

    Please refer to the following post. I think Marc has gave us a good explanation about monitoring the Internet usage .

     

    Monitor all Internet usage

    http://social.technet.microsoft.com/Forums/en-US/ForefrontedgeMLR/thread/4b7cb689-e832-403d-a27f-cc8598d0fb2a

     

    Regards,


    Nick Gu - MSFT
    Monday, July 27, 2009 9:02 AM
  • Thanks for the reply, but the link you posted points back to this thread only. If I am right, then the thread you meant to link doesn't discuss how to monitor vpn users' activity?

    Please share your response here, as it will avoid confusions for me.


    Best Regards,
    wakh
    Tuesday, July 28, 2009 5:36 PM
  • Hi,

     

    Thank you for update.

     

    As far as I know, ISA Server firewall allows you to monitor the VPN client connections. Please perform the following steps to see how you can view connections from VPN clients:

     

    1.      In the ISA management console, expand the computer name in the left pane of the console and click the Virtual Private Networks node. In the Task Pane, click the Tasks tab. Click the Monitor VPN Clients link.

    2.      You are moved to the Sessions tab in the Monitoring node. Here you can see that the sessions have been filtered to show only the VPN Client connections.

    3.      Click on the Dashboard tab. Here you can see in the Sessions pane the VPN Remote Client connections.

    4.      You can also use the real-time logging feature to see connections made by the VPN clients. Click on the Logging tab and then click the Tasks tab in the Task Pane. Click the Start Query link. Here you see all communications moving through the firewall. You can use the filter capabilities to focus on specific VPN clients or only the VPN clients network.

     

    Regards,

     


    Nick Gu - MSFT
    Wednesday, July 29, 2009 6:30 AM
  • Thanks Nick Gu, I will follow what you said. Is it possible to monitor their bandwidth consumption also?


    Regards,
    wakh
    Thursday, July 30, 2009 12:24 AM
  • Hi wakh,

    As far as i know, ISA cannot monitor the bandwidth consumption for the VPN users.

    Regards,
    Nick Gu - MSFT
    Thursday, July 30, 2009 7:18 AM
  • Hi Nick Gu,

    Are you aware of any solution or product with which it is possible to achieve this requirement?


    Regards,
    wakh
    Friday, July 31, 2009 12:13 AM
  • Hi Wakh,

     

    I think you may try to use Bandwidth Splitter. It is a program extension for ISA Server, and it will allow you to monitor the Internet connection bandwidth and distributing it among all users and servers according to preset rules.

     

    For more information, please refer to the following link .

    http://www.bsplitter.com/

     

    Hope this helps.

     

    Regards,


    Nick Gu - MSFT
    Friday, July 31, 2009 3:55 AM
  • Hi Nick Gu,

    Thanks for that link, that's exactly what I am looking for. One more thing though, is it possible to block certain kind of internet traffic with ISA? Such as p2p traffic for example?


    Regards,
    wakh
    • Edited by Wakh Friday, July 31, 2009 10:54 PM
    Friday, July 31, 2009 10:53 PM
  • Hi Wakh,

    I am glad to hear that Bandwidth Splitter is  helpful to you. And for your question, my answer is "yes". Of course you can create a HTTP Filter signature to block traffic, such as p2p and etc. Please refer to :
    http://technet.microsoft.com/en-us/library/cc302627.aspx

    Regards,


    Nick Gu - MSFT
    Saturday, August 01, 2009 6:30 AM
  • along with details like the duration of the vpn connection, when the connection was created & destroyed, as well as amount of bandwidth consumed by a particular user.

    Is it possible to achieve this with ISA 2004/2006?


    Regards,
    wakh


    Sure.... check my article : Creating Reports For VPN Clients


    HTH,
    Tarek


    Tarek Majdalani | MS Forefront Edge Security MVP | http://www.elmajdal.net

    Saturday, August 01, 2009 1:12 PM
  • is it possible to block certain kind of internet traffic with ISA? Such as p2p traffic for example?


    Regards,
    wakh

    Sure as well.... check this article : Preventing P2P and Instant Messaging programs from hijacking your network with ISA 2004 Firewalls

    HTH,
    Tarek
    Tarek Majdalani | MS Forefront Edge Security MVP | http://www.elmajdal.net
    Saturday, August 01, 2009 1:14 PM
  • Nick Gu:
    Thanks for that article.

    ElMajdal:
    Thanks for your input. The VPN article is helpful. However, in the P2P article I noticed that it can be used to block IM and P2P softwares that use single known ports, but what about torrents for example where users can change the port to bypass the filtering? How to block torrents on the network?


    Best Regards,
    wakh
    Saturday, August 01, 2009 10:21 PM
  • Hi,

     

    The article does not show you how to block by port, on the contrary, it shows you how to block application by using Signature. Even application that uses dynamic ports, still they will be blocked because you blocked their own signature.


    Tarek Majdalani | MS Forefront Edge Security MVP | http://www.elmajdal.net
    Sunday, August 02, 2009 9:31 AM
  • Hi ElMajdal,

    Thanks for pointing that out. I read the article again, and yes it is using HTTP Filtering to block P2P softwares. I did some experiments with different programs to find out their signatures, but what I noticed is that as filtering is based on HTTP protocol and if a certain application is not using HTTP protocol during its connection initiation or establishment then it will simply bypass the restrictions?

    For example, I tested an IRC chatting software mIRC and noticed that its not using HTTP protocol at all. Similarly there will be P2P softwares that are not using HTTP protocol, how to go about blocking such P2P softwares?

    Regards,
    wakh

    • Edited by Wakh Sunday, August 02, 2009 7:47 PM
    Sunday, August 02, 2009 7:39 PM
  • For example, I tested an IRC chatting software mIRC and noticed that its not using HTTP protocol at all. Similarly there will be P2P softwares that are not using HTTP protocol, how to go about blocking such P2P softwares?

    Hi,

    By Default, once you install ISA Server, it blocks everything by default, using its default Deny Rule.

    So, anything later that can have successfull outbound connection through ISA, will be through one of the rules you have created.

    So check your rules, and make sure its as tight as you can  , example do not use the ALL Outbound Protocols, and replace it with only selected protocol.

    By the way, what is your clients type ? Firewall clients ?
    Tarek Majdalani | MS Forefront Edge Security MVP | http://www.elmajdal.net
    Sunday, August 02, 2009 9:55 PM
  • Hi,

    I have not implemented this solution yet. Want to be sure that it will work and won't create any problems later on. Actually, I want to allow everything except usage of P2P softwares. I think firewall client is only an option for local clients, not for vpn users because they can log on from any machine which has got internet connection?

     

    Regards,
    wakh

     

    Monday, August 03, 2009 2:34 PM
  • Hi Again,

    So your ISA Server will be dedicate for VPN Users ??

    Will these users be having internet connection ONLY through ISA Server once they are connected or they will be using their own internetc connection and they will using ISA Server only to connect to internal resources ?
    Tarek Majdalani | MS Forefront Edge Security MVP | http://www.elmajdal.net
    Monday, August 03, 2009 4:46 PM
  • Hi,

    Yes, ISA Server will be dedicated for VPN Users and they will be having internet connection only through ISA Server.


    Regards,
    wakh
    Monday, August 03, 2009 6:50 PM
  • mmmmmm..... if you are going to mainly concern about Inbound access ... to publish internal resources and to allow external users to connect to your internal lan and much more...... then i suggest you take a look at UAG, which is currently available in Beta 2.


    Tarek Majdalani | MS Forefront Edge Security MVP | http://www.elmajdal.net
    Monday, August 03, 2009 7:05 PM
  • OK, I would like to add that the requirement is to impose restrictions on and control and montior access of vpn users as I mentioned earlier, i.e. block P2P usage for example and other stuff as needed, control their bandwidth consumption etc. Internal resource access control is not much of a requirement here.

    So you think UAG will be better suited for these requirements than ISA Server?


    Best Regards,
    wakh
    Monday, August 03, 2009 7:44 PM
  • You can monitor Internet usage using third party software. In our case we are using WorkTime - we monitor all computers usage in the company (software usage, Internet usage etc.). Employees work under Citrix. I think this soft can also track VPN if you install a tracking client on each PC.

    • Edited by LenaPr Wednesday, September 16, 2009 7:40 PM mistyping
    Wednesday, September 16, 2009 2:41 AM