Table Of Contents
WebVPN Services Module Statistics
Viewing the Statistics Main Page
Viewing Virtual Context Statistics
User Session Tab
Mangling Tab
Port Forward Tab
CIFS Tab
Tunnel Tab
Socket Tab
Viewing SSL Statistics
Viewing SSL Server/Client Statistics
Viewing TCP Statistics
WebVPN Services Module Statistics
CVDM-WebVPNSM 1.1 allows you to view statistical information about the virtual contexts and SSL/TCP connections configured on the WebVPN Services Module (WebVPNSM).
This chapter contains the following topics:
•
Viewing the Statistics Main Page
•Viewing Virtual Context Statistics
•Viewing SSL Statistics
•Viewing TCP Statistics
Viewing the Statistics Main Page
To access the Statistics main page, click Setup at the top of the window and then click Statistics (see Figure 7-1).
Figure 7-1 Statistics Main Page
Viewing Virtual Context Statistics
CVDM-WebVPNSM 1.1 allows you to view both global and context-specific information about the virtual contexts configured on the WebVPNSM.
•To view global virtual context information, click Setup at the top of the window, click Statistics, and then click Virtual Context Statistics from the selector.
•To view information about a specific virtual context, click Setup at the top of the window, click Statistics, and then click the appropriate context from the selector.
The information provided by the Virtual Context Statistics page is divided among the following tabs:
•User Session Tab
•Mangling Tab
•Port Forward Tab
•CIFS Tab
•Tunnel Tab
•Socket Tab
User Session Tab
GUI Element
|
Description
|
Active user sessions field
|
Number of active user sessions.
|
AAA pending requests field
|
Number of authentication requests pending with the authentication, authorization, and accounting (AAA) server.
|
Peak user sessions field
|
Number of active user sessions when the system was running at its peak.
|
Peak time field
|
Date and time the system last ran at its peak.
|
Active user TCP connections field
|
Number of active user TCP connections.
|
Terminated user sessions field
|
Number of sessions that were logged out since the last time the clear webvpn session command was issued.
|
Session alloc failures field
|
Number of sessions closed because the system ran out of memory.
|
Authentication failures field
|
Number of authentication failures that have occurred.
|
VPN session timeout field
|
Number of VPN sessions cleared because the session timeout period had expired.
|
VPN idle timeout field
|
Number of VPN sessions cleared because the idle timeout period had expired.
|
User cleared VPN sessions field
|
Number of VPN sessions cleared the last time the clear webvpn session command was issued.
|
Exceeded context user limit field
|
Number of sessions rejected because the maximum number of users configured for a context had been exceeded.
|
Exceeded Total user limit field
|
Number of sessions rejected because the system user limit had been exceeded.
Note This object is displayed only when the root Virtual Context Statistics node is selected.
|
Mangling Tab
GUI Element
|
Description
|
HTTP/1.0 requests field
|
Number of HTTP 1.0 requests.
|
HTTP/1.1 requests field
|
Number of HTTP 1.1 requests.
|
HTTP requests with unknown version field
|
Number of requests with an HTTP version other than 1.0 or 1.1.
|
GET requests field
|
Number of GET requests.
|
POST requests field
|
Number of POST requests.
|
CONNECT requests field
|
Number of CONNECT requests.
|
Other request methods field
|
Number of HTTP request methods used other than GET, POST, and CONNECT.
|
HTTP requests proxied by gateway field
|
Number of HTTP requests proxied by the gateway.
|
HTTP requests serviced by gateway field
|
Number of HTTP requests serviced by the gateway.
|
Pipelined requests field
|
Number of HTTP requests pipelined by the gateway.
|
Request with header size >1K field
|
Number of HTTP request header lines exceeding 1024 bytes.
|
Processed request header bytes field
|
Number of bytes processed in an HTTP request header.
|
Processed request body bytes field
|
Number of bytes processed in an HTTP request body.
|
HTTP/1.0 responses field
|
Number of HTTP 1.0 server responses.
|
HTTP/1.1 responses field
|
Number of HTTP 1.1 server responses.
|
HTML responses field
|
Number of responses that contain HTML.
|
CSS responses field
|
Number of responses that contain a cascaded style sheet (CSS).
|
XML responses field
|
Number of responses that contain XML.
|
JS responses field
|
Number of responses that contain Javascript.
|
Other content type resp field
|
Number of responses that do not need to be mangled.
|
Chunked encoding resp field
|
Number of responses with chunked encoding.
|
Response with encoded content field
|
Number of responses with encoded (compressed) contents.
|
Response with content length field
|
Number of responses with a content length header.
|
Chunked encoding requests field
|
Number of requests with a chunked-encoded body.
|
Response with header size >1K field
|
Number of HTTP response header lines exceeding 1024 bytes.
|
Processed response header size field
|
Number of bytes processed in an HTTP response header.
|
Processed response body bytes field
|
Number of bytes processed in an HTTP response body.
|
Backend https response field
|
Number of HTTPS requests proxied by the gateway.
|
Port Forward Tab
GUI Element
|
Description
|
Client pane
|
TCP packets received from Client field
|
Number of TCP packets received from the client.
|
TCP traffic received from Client in bytes field
|
Amount of TCP traffic received from the client, in bytes.
|
TCP packets sent to Server field
|
Number of TCP packets sent to the client.
|
TCP traffic sent to Server in bytes field
|
Amount of TCP traffic sent to the client, in bytes.
|
Server pane
|
TCP packets sent to Client field
|
Number of TCP packets sent to the server.
|
TCP traffic sent to Client in bytes field
|
Amount of TCP traffic sent to the server, in bytes.
|
TCP packets received from Server field
|
Number of TCP packets received from the server.
|
TCP traffic received from Server in bytes field
|
Amount of TCP traffic received from the server, in bytes.
|
CIFS Tab
Common Internet File Sharing (CIFS) defines a remote file-access protocol that allows multiple clients to access and modify the same files, while at the same time preventing file-sharing conflicts.
GUI Element
|
Description
|
SMB-Related Global pane
This section is displayed only when the root node is selected.
|
SMB sessions in use field
|
Number of SMB sessions currently in use.
|
Application buffers in use field
|
Number of application buffers in use.
|
Active SMB connections field
|
Number of active SMB connections.
|
Active CIFS SMB contexts field
|
Number of active CIFS SMB contexts.
|
HTTP-Related Global pane
This section is displayed only when the root node is selected.
|
Total connections in the system field
|
Total number of connections in the system.
|
Active CIFS HTTP contexts field
|
Number of active CIFS HTTP contexts.
|
CIFS authentication failures field
|
Number of CIFS authentication failures.
|
Backend CIFS Operations aborted field
|
Number of backend CIFS operations aborted.
|
SMB-Related Per Context pane
|
TCP connections established field
|
Number of TCP connections established.
|
UDP connections established field
|
Number of UDP connections established.
|
Active TCP/UDP Connections field
|
Number of active TCP and UDP connections.
|
Active SMB contexts field
|
Number of active Server Message Block (SMB) contexts.
SMB is a file-system protocol used in LAN manager and similar network operating systems to package data and exchange information with other systems.
|
TCP connections aborted field
|
Number of aborted TCP connections.
|
NetBIOS-Related Per Context pane
|
NBNS name queries field
|
Number of NetBIOS Name Service (NBNS) name queries.
|
NBNS name query replies field
|
Number of NBNS name query replies.
|
NB datagram queries field
|
Number of NetBIOS (NB) datagram requests.
|
NB datagram replies field
|
Number of NB datagram replies.
|
NB TCP Connect Fails field
|
Number of TCP connections that failed.
|
NB Name Resolution Fails field
|
Number of NB name resolutions that failed.
|
HTTP-Related Per Context pane
|
CIFS HTTP requests field
|
Number of CIFS HTTP requests.
|
CIFS HTTP requests received bytes field
|
Number of CIFS HTTP requests received, in bytes.
|
CIFS HTTP requests received packets field
|
Number of CIFS HTTP requests received, in packets.
|
CIFS HTTP responses sent bytes field
|
Number of CIFS HTTP responses sent, in bytes.
|
CIFS HTTP responses sent packets field
|
Number of CIFS HTTP responses sent, in packets.
|
Active CIFS HTTP connections field
|
Number of active CIFS HTTP connections.
|
Active CIFS HTTP contexts field
|
Number of active CIFS HTTP contexts.
|
Tunnel Tab
GUI Element
|
Description
|
Common pane
|
Active tunnel connections field
|
Number of active tunnel connections.
|
Peak active tunnel connections field
|
Number of active tunnel connections when the system was running at its peak.
|
Active connections Peak Time field
|
Date and time the system last ran at its peak.
|
Tunnel Connection attempts succeed field
|
Number of tunnel connection attempts that succeeded.
|
Tunnel Connection attempts failed field
|
Number of tunnel connection attempts that failed.
|
Reconnection attempts succeed field
|
Number of reconnection attempts that succeeded.
|
Reconnection attempts failed field
|
Number of reconnection attempts that failed.
|
Tunnel connections DPD timed out field
|
Number of tunnel connections where the Dead Peer Detection (DPD) interval expired.
|
Client pane
|
CSTP frames received from Client field
|
Number of Cisco SSL Tunnel Protocol (CSTP) frames received from the client.
|
CSTP data frames received from Client field
|
Number of CSTP data frames received from the client.
|
CSTP control frames received from Client field
|
Number of CSTP control frames received from the client.
|
CSTP traffic received from Client in Bytes field
|
Amount of CSTP traffic received from the client, in bytes.
|
CSTP frames sent to Client field
|
Number of CSTP frames sent to the client.
|
CSTP data frames sent to Client field
|
Number of CSTP data frames sent to the client.
|
CSTP control frames sent to Client field
|
Number of CSTP control frames sent to the client.
|
CSTP traffic sent to Client in Bytes field
|
Amount of CSTP traffic sent to the client, in bytes.
|
Server pane
|
IP packets sent to Server field
|
Number of IP packets sent to the server.
|
IP traffic sent to Server in bytes field
|
Amount of IP traffic sent to the server, in bytes.
|
IP packets received from Server field
|
Number of IP packets received from the server.
|
IP traffic received from Server in bytes field
|
Amount of IP traffic received from the server, in bytes.
|
Socket Tab
This table is displayed only when the root node is selected.
GUI Element
|
Description
|
Sockets in Use field
|
Number of sockets currently in use.
|
Socket Premature Close field
|
Number of times a WebVPN device closed a connection before it had been established.
|
Socket Send Blocked field
|
Number of times data transmission was blocked by TCP congestion control.
|
Socket Send Unblocked field
|
Number of times data transmission resumed after initially being blocked by TCP congestion control.
When the number of times data transmission was blocked and unblocked do not sync up after a sufficient period of time has passed, it indicates that the transaction in question has stalled.
|
Socket Receive Blocked field
|
Number of times a WebVPN device blocked the reception of data from the TCP layer.
When data reception is blocked, it indicates that either buffer starvation has taken place or the processing limit has been exceeded.
|
Socket Receive Unblocked field
|
Number of times a WebVPN device resumed the reception of data from the TCP layer.
When the number of times data reception is blocked and unblocked do not sync up after a sufficient period of time has passed, it indicates that the transaction in question has stalled.
|
Socket UDP Connects field
|
Number of UDP connect sockets.
|
Socket UDP Disconnects field
|
Number of UDP disconnect sockets.
|
Viewing SSL Statistics
From the SSL Statistics page, you can view global information about the SSL connections configured on the WebVPNSM. To access this page, click Setup at the top of the window, click Statistics, and then click SSL Statistics from the selector.
The following table describes the information provided on this page.
GUI Element
|
Description
|
Connection Statistics pane
|
Active Connections field
|
Number of active SSL connections.
|
Active Sessions field
|
Number of session IDs currently in use.
|
Connections in Handshake phase field
|
Number of connections in the handshake phase.
|
Connections in Data phase field
|
Number of connections in the data phase.
|
Connections in Renegotiation phase field
|
Number of connections in the renegotiation phase.
|
Connections Attempted field
|
Number of connections attempted.
|
Connections Completed field
|
Number of connections completed.
|
Renegotiations Attempted field
|
Number of renegotiations attempted.
|
Session entries prematurely timed out field
|
Number of session entries that were prematurely timed out by the system.
When this happens, it indicates that the incoming SSL session rate does not match with the configured session timeout value.
|
Full Handshakes field
|
Number of full handshakes that have occurred.
|
Resumed Handshakes field
|
Number of resumed handshakes that have occurred.
|
Error Statistics pane
|
No-Cipher Alerts field
|
Number of Handshake Failure alerts sent due to an unsupported Cipher suite.
|
No-Compress Alerts field
|
Number of Handshake Failure alerts sent due to an unsupported compression scheme.
|
Version Mismatch Alerts field
|
Number of Handshake Failure alerts sent due to an unsupported SSL version.
|
Fatal Alerts Sent field
|
Number of fatal alerts sent.
|
Fatal Alerts Received field
|
Number of fatal alerts received.
|
Renegotiation Failures field
|
Number of renegotiation failures that have occurred.
|
Handshake limit exceeded field
|
Number of times the handshake limit has been exceeded.
|
Overload Drops field
|
Number of connections dropped due to an overload in the system.
|
Session Allocation Failures field
|
Number of SSL session allocation failures.
|
Failures during Data phase field
|
Number of connections that failed due to data errors, such as a padding error or a bad MAC error.
|
Pad Errors field
|
Number of SSL records received with a padding error.
|
Bad MAC Errors field
|
Number of SSL records received with a bad MAC error.
|
Average Statistics pane
This section displays the average statistics for the following objects, based on the past 5 seconds, 1 minute, and 5 minutes.
|
Connection Rate (conns/sec)
|
Number of connections established per second.
|
Failures during Handshake phase
|
Number of failures that occurred during the Handshake phase.
|
Full Handshakes/sec
|
Number of full handshakes that occurred per second.
|
Resumed Handshakes/sec
|
Number of resumed handshakes that occurred per second.
|
SSLv3 Statistics pane
|
Connections Established field
|
Number of SSLv3 connections established.
|
Failures during Handshake phase field
|
Number of failures that occurred during the handshake phase.
|
TLSv1 Statistics pane
|
Connections Established field
|
Number of TLSv1 connections established.
|
Failures during Handshake phase field
|
Number of failures that occurred during the handshake phase.
|
Clear button
|
Click to clear the statistics displayed on this page.
|
Update button
|
Click to update the statistics displayed on this page.
|
Viewing SSL Server/Client Statistics
In addition to viewing global SSL connection information, you can also view information specific to both the SSL servers and clients configured on the WebVPNSM. To access this page, click Setup at the top of the window, click Statistics, and then click either SSL Server Statistics or SSL Client Statistics from the selector.
The following table describes the information provided on this page.
GUI Element
|
Description
|
Connection Statistics pane
|
Active Sessions field
|
Number of session IDs currently in use.
|
Connections in Handshake phase field
|
Number of connections in the handshake phase.
|
Connections in Data phase field
|
Number of connections in the data phase.
|
Connections in Renegotiation phase field
|
Number of connections in the renegotiation phase.
|
Connections Attempted field
|
Number of connections attempted.
|
Connections Completed field
|
Number of connections that were completed.
|
Renegotiations Attempted field
|
Number of renegotiations attempted.
|
Session entries prematurely timed out field
|
Number of session entries that were prematurely timed out by the system.
When this happens, it indicates that the incoming SSL session rate does not match with the configured session timeout value.
|
Error Statistics pane
|
No-Cipher Alerts field
|
Number of Handshake Failure alerts sent due to an unsupported Cipher suite.
|
No-Compress Alerts field
|
Number of Handshake Failure alerts sent due to an unsupported compression scheme.
|
Version Mismatch Alerts field
|
Number of Handshake Failure alerts sent due to an unsupported SSL version.
|
Fatal Alerts Sent field
|
Number of fatal alerts sent.
|
Fatal Alerts Received field
|
Number of fatal alerts received.
|
Unsupported Certificates field
|
Number of unsupported certificates with the WebVPNSM acting as an SSL server/client.
|
SSLv3 Statistics pane
|
Connections Established field
|
Number of SSLv3 connections established.
|
Full Handshakes field
|
Number of full handshakes performed.
|
Resumed Handshakes field
|
Number of resumed handshakes performed.
|
Failures during Handshake phase field
|
Number of failures that occurred during the handshake phase.
|
Failures during Data phase field
|
Number of connections that failed due to data errors, such as a padding error or a bad MAC error.
|
Pad Errors field
|
Number of SSL records received with a padding error.
|
Bad MAC Errors field
|
Number of SSL records received with a bad MAC error.
|
TLSv1 Statistics pane
|
Connections Established field
|
Number of TLSv1 connections established.
|
Full Handshakes field
|
Number of full handshakes performed.
|
Resumed Handshakes field
|
Number of resumed handshakes performed.
|
Failures during Handshake phase field
|
Number of failures that occurred during the handshake phase.
|
Failures during Data phase field
|
Number of connections that failed due to data errors, such as a padding error or a bad MAC error.
|
Pad Errors field
|
Number of TLSv1 records received with a padding error.
|
Bad MAC Errors field
|
Number of TLSv1 records received with a bad MAC error.
|
Update button
|
Click to update the statistics provided on this page.
|
Viewing TCP Statistics
From the TCP Statistics page, you can view information about the TCP connections configured on the WebVPNSM. To access this page, click Setup at the top of the window, click Statistics, and then click TCP Statistics from the selector.
The following table describes the information provided on this page.
GUI Element
|
Description
|
Connection Statistics pane
|
Connections in ESTABLISHED State field
|
Number of connections in the ESTABLISHED state.
|
Connections in TIME-WAIT State field
|
Number of connections in the TIME-WAIT state.
|
Connections Initiated field
|
Number of TCP connections initiated by the WebVPN Services Module (WebVPNSM).
|
Connections Dropped field
|
Number of connections that were dropped.
|
Connections Closed field
|
Number of connections that were closed.
|
Connections Accepted field
|
Number of TCP connections accepted by the WebVPNSM.
|
Timeout Statistics pane
|
SYN Timeouts field
|
Number of SYN timeouts that have occurred.
|
Idle Timeouts field
|
Number of Idle timeouts that have occurred.
|
Reassembly Timeouts field
|
Number of Reassembly timeouts that have occurred.
|
FIN-WAIT2 Timeouts field
|
Number of FIN-WAIT2 timeouts that have occurred.
|
Drop Statistics pane
|
Invalid MSS Drops field
|
Number of connections dropped due to an unsupported maximum segment size (MSS).
|
Connection Buffer Pool Drops field
|
Number of connection buffer pool drops.
|
Packet Statistics (Transmit) pane
|
Total Packets field
|
Total number of packets transmitted.
|
Data Packets field
|
Number of packets transmitted.
|
Retransmitted Packets field
|
Number of packets retransmitted.
|
Packet Statistics (Receive) pane
|
Total Packets field
|
Total number of packets received.
|
Packets in Sequence field
|
Number of packets received in sequence.
|
Packets Out of Sequence field
|
Number of packets received out of sequence.
|
