Blades > VPN

For more information, see the Site to Site VPN Administration Guide for your version.

In addition, see:

CPView Gauges

  1. Run: cpview

  2. From the top, click Software-blade > VPN.

  3. Click Overview.

  4. Click Detailed.

  5. Click Tunnel-Monitoring.

  6. Click SecureXL.

Metric Information

Metric ID

Metric Description

Metric Type

Metric Units

Metric Labels

Metric Label Description

VSX Behavior

system.network.blades.vpn.active_clients

Current number of connected Remote Access VPN clients.

AsyncUpDownCounter

{Counter}

 

 

The same data for VSX Gateway (VS0) and other Virtual Systems.

system.network.blades.vpn.all_ike_errors

Total number of all IKE errors.

AsyncCounter

{errors}

 

 

The same data for VSX Gateway (VS0) and other Virtual Systems.

system.network.blades.vpn.ike_sas

Number of concurrent IKE SAs.

AsyncUpDownCounter

{sas}

 

 

The same data for VSX Gateway (VS0) and other Virtual Systems.

system.network.blades.vpn.kernel_limit_reached_count

Sum of values from the VPN limit counters (ike2peer_reach_limit) and (vpn_queues_reach_limit).

AsyncUpDownCounter

{errors}

 

 

The same data for VSX Gateway (VS0) and other Virtual Systems.

system.network.blades.vpn.max_ike_sas

Maximum number of IKE SAs that this Security Gateway initiated.

Gauge

{sas}

 

 

The same data for VSX Gateway (VS0) and other Virtual Systems.

system.network.blades.vpn.total_sas

Total number of IKE SAs.

AsyncCounter

{sas}

 

 

The same data for VSX Gateway (VS0) and other Virtual Systems.

vpn.clients

Current number of connected Remote Access VPN clients.

AsyncUpDownCounter

{clients}

{'mode'}

  • mode

    The mode associated with the client:

    • Office

    • Visitor

    • SNX

    • L2TP

The same data for VSX Gateway (VS0) and other Virtual Systems.

vpn.compression.bytes

VPN Data related to packets compression.

AsyncCounter

By

{'state'}

  • state

    The compression status:

    • Before Compression

    • After Compression

    • Compression Overhead

    • Non Compressed

The same data for VSX Gateway (VS0) and other Virtual Systems.

vpn.compression.packets

VPN Data related to packets compression.

AsyncCounter

{clients}

{'state'}

  • state

    The compression status:

    • Before Compression

    • After Compression

    • Compression Overhead

    • Non Compressed

The same data for VSX Gateway (VS0) and other Virtual Systems.

vpn.errors

VPN errors (includes ESP, ESP/UDP, fragmentation, and other errors).

AsyncCounter

{errors}

{'type', 'state'}

  • type

    The type of the error:

    • General

    • IPSEC

    • IKE

    • Accelerated VPN

  • state

    The reason for this error.

    For example:

    • Encrypted

    • Decrypted

    • Should have been encrypted

    • Should be clear text packets

    • Authentication

    • No response from peer

The same data for VSX Gateway (VS0) and other Virtual Systems.

vpn.ike.concurrent

Concurrent IKE SAs.

AsyncUpDownCounter

{sas}

{'type'}

  • type

    The IKE SA type:

    • IKE v1

    • IKE v2

    • IKE SAs Interoperable Devices

    • IKE SAs Dynamically Assigned IP addresses

    • IKE SAs Remote Access Endpoints

    • IKE SAs IPv6

    • IKE SAs By Machine

    • IKE SAs By Peer

    • Concurrent IKE SA negotiations

    • Concurrent IKE SA exchange attempts

    • Concurrent IKE SA exchange attempts by machine

    • Concurrent IKE SAs with aggressive mode

The same data for VSX Gateway (VS0) and other Virtual Systems.

vpn.ike.count

Total number of IKE SAs.

AsyncCounter

{sas}

{'type'}

  • type

    The SA type:

    • SAs Init By Machine

    • SAs Init By Peer

    • IPSec Inbound SAs

    • IPSec Outbound SAs

The same data for VSX Gateway (VS0) and other Virtual Systems.

vpn.ike.max

Maximum number of concurrent IKE SAs that this Security Gateway initiated.

Gauge

{sas}

{'type'}

  • type

    The SA type:

    • SAs Init By Machine

    • SAs Init By Peer

The same data for VSX Gateway (VS0) and other Virtual Systems.

vpn.ike.negotiations.max

Maximum number of concurrent IKE SA negotiations.

Gauge

{sas}

 

 

The same data for VSX Gateway (VS0) and other Virtual Systems.

vpn.ike.peers

Number of concurrent IKE peers.

Gauge

{peers}

 

 

The same data for VSX Gateway (VS0) and other Virtual Systems.

vpn.ioctls

Total number of kernel IOCTL calls.

AsyncCounter

{ioctls}

 

 

The same data for VSX Gateway (VS0) and other Virtual Systems.

vpn.ipsec.fragmentation.count

Number of fragmentation's caused due to IPsec.

AsyncCounter

{fragmentations}

 

 

The same data for VSX Gateway (VS0) and other Virtual Systems.

vpn.ipsec.fragmentation.drops

Total number of times the Security Gateway dropped traffic that was fragmented because of IPsec.

AsyncCounter

{drops}

 

 

The same data for VSX Gateway (VS0) and other Virtual Systems.

vpn.kernel_traps

Total number of kernel trap calls.

AsyncCounter

{traps}

 

 

The same data for VSX Gateway (VS0) and other Virtual Systems.

vpn.packets

Total number of VPN related packets since the last boot.

AsyncCounter

{clients}

{'type'}

  • type

    The type of packets:

    • Encrypted

    • Decrypted

The same data for VSX Gateway (VS0) and other Virtual Systems.

vpn.restarts

Total number of VPN restarts or VPN policy reloads.

AsyncCounter

{restarts}

{'type', 'name'}

  • type

    What kind of entity is counted:

    • Process

    • Policy

  • name

    The name of the entity:

    • VPND

    • IKED

The same data for VSX Gateway (VS0) and other Virtual Systems.