SD-WAN

JohnS86
Here to help

SD-WAN

Hi 

 

 

I have a technical question regarding Cisco Meraki SD-WAN MX solution

 

 

We using Terminal server to connect to four different windows server with multiple users.

 

The connect to the terminal server only provide one IP address for the connection so we want to track and report what each users activities are while logged on to the terminal server 

 

 

Is Cisco Meraki MX able to provide reporting that show the activities of that user once they logged onto the terminal server even when all the users are only provided a single and same IP address once connected to any of the terminal server 

 


Thanks 

 

John  

7 REPLIES 7
Network-dad
A model citizen

I don't think Meraki will be able to track the individual users. Meraki doesn't log user's information in that manner and would likely be masked when they login to the server and just aper as one of the servers. 

Dakota Snow | Network-dad Linkdedin
CMNO | A+ | ECMS2
Check out The Bearded I.T. Dad onThe Bearded I.T. DadThe Bearded I.T. Dad
jdsilva
Kind of a big deal

I'm pretty sure the answer here is No, it cannot report on that. But can you elaborate on what exactly you mean by "reporting"?

 

 

cmr
Kind of a big deal
Kind of a big deal

I think @JohnS86 wants to report on who is accessing what in each session.  Most NGFW have a terminal server agent that logs session info against ports and links the users that way.

PhilipDAth
Kind of a big deal
Kind of a big deal

You need to enable the "IP Virtualisation" option in your RDS farm.

http://www.virtualizationblog.com/why-we-need-remote-desktop-services-ip-virtualization/ 

 

This assigns each user a different IP address upong connect.  You would need to configure the MX to track users by IP address, and enable AD integration.

https://documentation.meraki.com/MX/Monitoring_and_Reporting/Client_Tracking_Options#Track_by_IP 

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Direc... 

 

Note you can not use a Meraki combined network when doing this.

 

 

So, yes it is possible - but it is a bit of a nightmare.

Hi All 


Thank you for you feedback 

 

 

Philip

 

 

We look at the IP Virtualization but the one issue we have is the same IP address might not be assigned to same person every day or the same IP address might be reassigned to other user that was used by previous user

 

So it might hard to track and monitor  

Am not sure if there workaround to resolve this issue   

 

 

Thanks

If anyone know the answer to my question let me know 

The Meraki gear would not be able to do this.

Dakota Snow | Network-dad Linkdedin
CMNO | A+ | ECMS2
Check out The Bearded I.T. Dad onThe Bearded I.T. DadThe Bearded I.T. Dad
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels