Better visibility for Client VPN connections and attempts
I am looking for a way of getting better visibility on our client VPN connections and wondering if any of you have found better solutions.
Currently, to see the successful connections I go to the Event log and in the "Event type include:" box I add VPN client connected & VPN client disconnected. The active connections also show well on the clients page. When you sort by "Status" it groups them nicely. This is great for showing the successful connections but no help for viewing any failed (legitimate of otherwise) attempts.
To see all connection attempts, I am adding "All Non-Meraki / Client VPN" to the include box. However, the sheer volume of Client VPN negotiation events does make sorting this all out into a bit of a chore. Unfortunately, there is currently no way that I know of to better refine these results such as searching for specific text in the Details column.
Alternatively, it would be nice if the client VPN connection information showed on the "VPN Status" page or had its own separate page.
With more and more people working from home, the bad-actors are definitely shifting focus to try and attack all the new VPN connections popping up everywhere. The more we can do to detect and stop any malicious activity on our VPNs the better.
I have never had much luck with syslog servers and would rather not rely on them. With as important as IDS is to security, I was really hoping Meraki would have better reporting without relying on 3rd-party tools.