Viewing user traffic on the USG2000 series

45

You can view traffic of only authenticated online users on the USG2000 series.
1. Choose User > Internet Access User > Monitor.
2. Use one of the following methods to view information about online users of a specified user group:
2.1 Enter the keywords of a user group in the search box and click Query. Select your desired user group from the search result.
2.2 Expand the navigation tree and select user groups to be checked.
If you select the root group, the online user list displays information about all online users that are authenticated by the device. If you select the non-root group, the online user list displays information about all online users in this user group and its subgroups.

Other related questions:
How to view the user's traffic in the USG2000 series?
The USG2000 series can only view online users who have already been authenticated by the device. 1, select "users> Internet users> monitoring". 2. In the Organizational Structure, use one of the following ways to view the information of the online user for the specified user group: 2.1 In the search bar, enter the keyword of the user group to be viewed, click "Query", and select the group of users to be viewed in the query result. 2.2 Expand the Organizational Navigation tree and select the group of users you want to view. When the user group to be viewed selects the root group (that is, the root group of the organization), the online user list will display all online user information authenticated by the device. When the user group to be viewed is a non-root group, the online user list displays all the online user information for the user group, subgroup, and subgroup of subgroups.

Viewing users of QQ on the USG2000 series
The USG2000 series does not have the audit policy for QQ and therefore cannot display users of QQ.

Method used to view an online L2TP user on the USG2000 and USG5000
The method used to view an online L2TP user on the USG2000 and USG5000 is as follows: You can run the display access-user command to view an online user. HRP_M[Slave-aaa] display access-user Total users : 1 Wait authen-ack : 0 Authentication success : 1 Accounting ready : 1 Accounting state : 0 Wait leaving-flow-query : 0 Wait accounting-start : 0 Wait accounting-stop : 0 Wait authorization-client : 0 Wait authorization-server : 0 Domain-name Online-user default : 1 The used CID table are : 0 To view specific user information, run the display access-user [ domain domain-name | ip-address ip-address | mac-address mac-address | user-id user-id | user-name user-name] command: HRP_M[Slave-aaa] display access-user user-id 0 User access index : 0 State : Used User name : jtq User access VLAN/PVC : 0 User MAC : ffff-ffff-ffff User IP address : 1.1.1.2 User access type : PPP User authentication type : PPP authentication Current authen method : Local authentication Authen result : Success Current author method : Local authorization Author result : Success Action flag : Idle Authen state : Authed Author state : Idle Accounting method : No accounting Accounting start time : 2008-03-15 06:09:39 Accounting state : Ready ACL-number : 255 Priority : - Up CAR enable : NO Up average rate : 0(bps) Up peak rate : 0(bps) Down CAR enable : NO Down average rate : 0(bps) Down peak rate : 0(bps) Up packets number(high,low) : (0,771) Up bytes number(high,low) : (0,42360) Down packets number(high,low) : (0,761) Down bytes number(high,low) : (0,42616)

Traffic statistics configuration on the USG2000&5000 series
You can configure traffic statistics on the CLI of the USG2000&5000 series: 1. Configure an ACL to define packets to be debugged. 2. Run the firewall statistic acl 3333 enable command in the diagnose view. [USG-diagnose] firewall statistic acl 3333 enable 3. Run the display firewall statistic acl command in the diagnose view. [USG-diagnose] display firewall statistic acl 14:33:26 2010/03/27 Current Show sessions count: 1 Protocol(ICMP) SourceIp(172.16.1.156) DestinationIp(172.16.1.25) SourcePort(1) DestinationPort(2048) VpnIndex(public) Receive Forward Discard Obverse : 4 pkt(s) 4 pkt(s) 0 pkt(s) Reverse : 4 pkt(s) 4 pkt(s) 0 pkt(s) Discard detail information: Check whether the firewall receives packets, forwards the packets, and receives return packets. If some packets are dropped, determine the packet loss location. View packet discard possible causes to identify the cause. 4. After debugging is complete, disable traffic statistics as soon as possible because long-term traffic statistics affect firewall performance. 5. Run the undo firewall statistic command to disable traffic statistics. 6. Run the reset firewall statistic acl all command to clear statistics. 7. If necessary, run the undo acl xxxx command to delete the configured ACL.

Whether the USG2000 series records websites accessed by a user
The USG2000 series records only websites in compliance with the URL audit log configuration instead of all websites accessed by a user.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top