VPN Tunnel Status and Subscription Services

The front panel of Firebox System Manager (FSM) includes statistics about current VPN tunnels. 

In the Firebox Status area at the right side of the window is a section on BOVPN tunnels. Firebox System Manager shows the current tunnel status and gateway information for each VPN tunnel as well as data sent and received, creation and expiration information, type of authentication and encryption used, and the number of rekeys.

For a virtual BOVPN interface, Firebox System Manager also shows information about the route. In Fireware v12.8.1 or higher, if you add a BOVPN virtual interface to your configuration, IPv6 is enabled by default. The IPv6 link-local route fe80::/64 automatically appears in the Route To section. This route enables IPv6 routing capability on the BOVPN virtual interface and does not affect tunnel functionality.

screenshot of BOVPN detail

Each BOVPN tunnel is shown in one of three states:

Active

The BOVPN tunnel operates correctly and passes traffic.

Inactive

The BOVPN tunnel has been created, but no tunnel negotiation has occurred. No traffic has been sent through the VPN tunnel.

Expired

The BOVPN tunnel was active, but is no longer active because the tunnel has no traffic or because the link between the gateways was lost.

VPN diagnostic messages also appear on the Front Panel tab. VPN diagnostic messages for a tunnel include the tunnel name, and indicate a problem with tunnel route or Phase 2 settings. VPN diagnostic messages related to a VPN gateway refer to the gateway endpoint by number. For example, if a gateway has two gateway endpoint pairs, VPN diagnostic messages refer to the first gateway endpoint as Endpoint 1, and the second as Endpoint 2. VPN diagnostic messages can be errors or warnings.

Errors

VPN diagnostic errors indicate the VPN failed because of a configuration or connection issue. Error messages appear in red text and indicate that a gateway or tunnel has a diagnostic error.

Warnings

VPN diagnostic warnings indicate a that a VPN is down because of an abnormal condition, such as dead peer detection (DPD) failure. Warning messages appear in orange text and indicate that a gateway or tunnel has a diagnostic warning.

This information also appears on the Device Status tab in WatchGuard System Manager.

To find more information about the diagnostic messages for your VPN tunnels and gateways, you can run the VPN Diagnostic Report. For information about how to run the report, go to Run Diagnostic Tasks to Learn More About Log Messages.

For more information about some of the log messages generated by your Firebox, go to the Fireware Log Catalog, available on the WatchGuard Firebox and Dimension documentation page.

Mobile VPN Tunnel Status 

Firebox System Manager shows the user name, IP address information, login from information, login to information (Fireware v12.10.2 or higher), and the quantity of sent and received packets for each type of mobile VPN tunnel:

  • Mobile VPN with IKEv2
  • Mobile VPN with L2TP
  • Mobile VPN with SSL
  • Mobile VPN with IPSec

To disconnect mobile VPN users, right-click a user and select Logoff selected user.

Subscription Services Status 

In the Subscription Services section, Firebox System Manager shows this information about the Subscription Services enabled on your Firebox:

  • Number of viruses found
  • Number of intrusions
  • Number of email messages confirmed as spam
  • Number of HTTP requests denied by WebBlocker since the last restart
  • Number of requests denied by Reputation Enabled Defense
  • Number of objects blocked by Data Loss Prevention
  • Number of threats identified by APT Blocker
  • Number of application requests denied by Application Control

screenshot of security services

Related Topics

Start Firebox System Manager