We’re all feeling it.

As a confident NetOps leader, you’ve made sure your business continuity plan had allowances for remote workers but BAM: in the blink of an eye, your company’s work-from-home policies became mandatory for everyone and your battleship of a plan now feels like it’s taking on water.

Overnight, you had to scale your VPN presence in an unprecedented way. Sure, after a sleepless night or two, everyone is connected via VPN, but people are still complaining about performance issues. Without full VPN visibility, you have no idea what applications are being used during their session or what’s eating up that tunnel.

The good news is that there’s a high chance that you can easily leverage contextual metadata, like NetFlow and IPFIX, from your firewalls/VPN concentrators to monitor your company’s traffic.

In this situation, the company is using split VPN tunnels. So, there is a range of applications that shouldn’t be on the company’s side of the tunnel. Now, as a benevolent digital dictator, your goal isn’t to put anyone in a company timeout for using non-business-related applications like Netflix, but you do want to identify these apps and help the user move them over to the other side of the tunnel.

As I mentioned earlier, there is a good chance that you have access to contextual metadata, like NetFlow and IPFIX, to get better visibility of your networks traffic. . Since your VPN is an extension of your network, you can easily build a report to show you what applications are being used in that tunnel, how much bandwidth they are consuming, and who belongs to that traffic.

Let me show you how.

Step 1: Filter for the subnet assigned to your VPN.

VPN visibility: Filter for subnet

From this image you’ll notice that I am looking at my firewall and the interface that supports the VPN connection. Now I need to make sure that I’m only seeing traffic from the IPs that are assigned to that VPN pool.

In the upper left-hand side, click the blue button labeled “Filters/Details.” In the Add New Filter section, select IP Subnet and fill things in accordingly. Click the Add Filter button and update the report. Now you are only seeing traffic from the IPs that are part of the VPN pool.

Step 2: We need to see things by application.

Now that we’ve established VPN visibility, we want to view what applications they are using.

Autonomous Systems by IP report

With Scrutinizer, you can switch to any of the available reports by clicking on the report menu. Remember: when you change to a different report, Scrutinizer respects the filters you have already applied.

To see what applications are being used, select Destination Reports > Autonomous Systems by IP. Now we not only see the traffic associated to our VPN pool, but also what applications are consuming that bandwidth.

Step 3: Identify the user.

VPN visibility: identify the user

Now that I have identified a non-business application and determined that it’s consuming a good amount of the tunnel’s bandwidth, I really need to identify who is using that application.

Again, seeing this level of flow data is simple. Just click on the Application/AS name and select Source Reports > User Name by IP as your report. Now I can see which users are associated with that IP address. In this example, Scrutinizer can inject the session username via Active Directory integration and it’s just another way it can enhance your flow data.

BONUS: Add a threshold!

Scrutinizer: Add a threshold

Now that you have found an application that is notoriously eating up your remote employees’ bandwidth, you probably want to monitor and be alerted if it happens again. Since we’ve already built a report that shows us what applications are being used, it’s pretty simple to filter for a specific application and then add a threshold. Now you’ll know when there is an issue before everyone else!

In today’s ever-changing world, we are faced with an increased number of remote employees. Making sure that those employees have access to their day-to-day applications has become priority. Are you looking for conversation-rich VPN visibility along with the flexibility to integrate that data into your current environment? Why not evaluate Scrutinizer (and see my live video of this example!)?

James Dougherty

I have worn many hats in my professional life. Support engineer, developer, network admin and manager are all points on my resume, but the one common thread with all of these jobs is that I enjoy working with people; that is what I do here at Plixer. I make sure that everyone understands our product and can get the most out of it. It's just simple 'no bull' support!

Let me know if you have any questions, I would be happy to help.

- Jimmy D