Support Center > Search Results > SecureKnowledge Details
How to check the names of remote access users that have sent traffic through the Security Gateway in the last 15 minutes Technical Level

To see the username of each "connected" remote access user (in the last 15 minutes), run this command (in Expert mode) on the VPN Security Gateway:

[Expert@HostName]# fw tab -t userc_rules -f

The following three kernel tables on the Security Gateway contain the remote access users' connection information:

  • userc_users: This table contains remote access client's IP address. All connections from this IP address are expected to be encrypted.

  • userc_rules: This table contains a list of rules that are relevant for remote access client, and a list of IP addresses and sessions keys (for optimization). Client encrypt rules check this table to see if the connection belongs to remote access clients. This table is accessed in order to verify that incoming packets from a remote access client are allowed. The entries in this table are based on the remote access client's internal (encapsulated) IP address, which may be different from the source IP address if the remote access client is behind NAT.

  • userc_key - This table is a map between the remote access IP address and the cryptographic aspect of the connection. This table maps the scheme (FWZ or ISAKMP), the client user name, the user DN, the last time the client was authenticated, whether subnets are used with this client, and IKE authentication methods.
Related commands
#fw tab -t userc_users -f -u
To Check the number of Office Mode IP addresses that are currently assigned by the Gateway:
# fw tab -t om_assigned_ips -s
To  identify which user was allocated what ip address by running the -f flag to get more information
#fw tab -t om_assigned_ips -f
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document