Appendix 6. Vrpt 3.0 Support - ZyXEL Communications ZyWALL 1050 Release Note

www.zyxel.com

Appendix 6. VRPT 3.0 Support

VRPT standing for Vantage Report is used to collect logs generated by device and provide a
clear and comprehensive report instead of viewing massive logs. In VRPT 3.0, ZyWALL supports
the interface statistics, more detailed traffic log, and IKE logs.
Interface statistics provides the detailed information like, interface status, Rx packets, Tx
packets, collisions, rx byte/s, tx byte/s, and up time. Now the supporting interfaces of this function
include the physical ports, Ethernet interface, VLAN interfaces and PPP interfaces. To show
interface statistics in enable mode and configure mode, the command syntax is like this:
show { ETH_IFACE | PPP_IFACE | VLAN_IFACE | Port } status
Argument
ETH_IFACE
PPP_IFACE
VLAN_IFACE
Port
Users can use adjust the interval (seconds) to send statistic logs. To configure the send log
internal timer in configure mode, the command syntax is like this:
interface send statistics interval <15..3600>
show interface send statistics internal
User can disable the interface-statistics in syslog category to stop sending logs to remote server.
For example:
Router(config)# logging syslog 1 category interface-statistics disable
There are two enhancements of VRPT 3.0 in traffic logs. One is the extension of direction field.
The other is the expected connection which uses the same proto name as the one its parents used.
The direction in VRPT 3.0 supports the tunnel name of IPsec VPN. The traffic connection may
come from some IPsec tunnels, or come from some tunnels and go to some tunnels in VPN
concentrator case. For example, the connection is from interface to tunnel, the direction field will
be like this:
dir="ge1:tunnel/VPN_CONN:0x2958a81f"
"ge1" means the interface name and "tunnel/VPN_CONN:0x2958a81f" means the tunnel
name is VPN_CONN, and its SPI is 0x2958a81f. This enhancement for direction field provides
more precise information, such as the tunnel name and SPI to indicate which IPsec SA is used to
encrypt or decrypt the VPN traffic.
Another enhancement for traffic log is the expected connection will use the same proto name
as the one its parent use. For example, the FTP can be thought as signal connection and data
connection. However both connections belong to the FTP. But in original design, the data
connection will be thought as "others" in proto name because the destination port number may be
21. Original design may cause incorrect traffic statistic for FTP connections.
There are some log changes for IKE in VRPT 3.0. The target of these modifications is to
provide more correct information to indicate which IPsec SA or IKE has caused the events.
Another log changes are to identify if the VPN tunnel is for site-to-site or remote access, and to
provide the xauth user name when VPN tunnel is built or re-key successfully.
Description
The name of 132thernet
interface
The name of ppp interface
The name of vlan interface
Physical port
Valid Value
ge[1-5]
ppp[0-11]
vlan[0-31]
1-5
132/142
Default
Value
N/A
N/A
N/A
N/A