VPN Gateway device details
To display detailed information about a VPN Gateway device:
- On the Navigation Bar, click Devices.
- Select VPN Gateway.
The VPN Gateway Devices page displays.
- Click the Device ID for a VPN Gateway device.
The Device Details panel displays.
NOTE: The Device Details panel can also be displayed from any device event panel, which are available in various places throughout the ARMT graphical interface (the Dashboard, Maps page, etc.). Click the Device ID to display the Device Details panel.
The majority of details provided on the VPN Gateway Device Details panel are applicable for all categories of devices. The device details specific to VPN Gateway devices are listed below.
- Primary IP: The IP address of the current WAN network connection of the VPN Gateway device.
- Firmware CAT Reset:
- Firmware Rollback: The version of firmware that will be used when the Rollback remote command is issued to this VPN Gateway device.
- Management IP: The IP address of the VPN Gateway device's management tunnel.
- Primary Interface: The currently used WAN connection interface. For example, eth1 corresponds to the WAN1 port of the VPN Gateway.
- Primary Connection Type: The type of network configuration of the current WAN connection.
- Static IP IPv4: The static IPv4 address. Only displayed if the primary connection type is Static.
- Static IP Subnet IPv4: The static IPv4 subnet. Only displayed if the primary connection type is Static.
- Static IP Gateway IPv4: The static IPv4 gateway. Only displayed if the primary connection type is Static.
- Static IP IPv6: The static IPv6 address. Only displayed if the primary connection type is Static.
- Static IP Prefix IPv6: The static IPv6 subnet. Only displayed if the primary connection type is Static.
- Static IP Gateway IPv6: The static IPv6 gateway. Only displayed if the primary connection type is Static.
- Transport Address IPv4: The IPv4 transport address.
- Transport Address IPv6: The IPv6 transport address.
-
WAN 1 Cell Extender: Indicates if the WAN via Cell Extender option is enabled in the VPN Gateway device's AT&T Service Manager profile.
- Note: This field will only appear if there is a valid value entered in the Service Manager profile (not blank).
-
WAN 2 Cell Extender: Indicates if the WAN2 via Cell Extender option is enabled in the VPN Gateway device's AT&T Service Manager profile.
- Note: This field will only appear if there is a valid value entered in the Service Manager profile (not blank).
- LAN Status: The status of the eight LAN ports of the VPN Gateway. A black color status indicates that nothing is physically connected to the LAN port. A green status indicates that some network device is physically connected to the LAN port. A red color status indicates the port has been powered off. A red color status with an X indicates the port has been powered off indefinitely. A user can hover over each port to display a popup text with network details about the port.
WAN Utilization chart
If a VPN Gateway's Service Manager profile has COS or non-COS bandwidth monitoring enabled and the WAN Utilization SNMP inform enabled, a WAN Utilization chart will be displayed detailing the amount of bandwidth used by the device. Either configuration change can be requested from an AT&T Sales team or submitted via the Customer Point Of Contact (CPOC) website at https://www.businessdirect.att.com/portal/index.jsp. Select VPN Services > SOHO Devices > All Other Requests.
Select the range from the Range drop-down:
- 24 hours: For a range of 24 hours, the time interval for each data point is one hour.
- 7 days: For a range of 7 days, the time interval for each data point is one day.
- 30 days: For a range of 30 days, the time interval for each data point is one day.
- Custom: Select From and To dates to define the custom range for the report. If the custom range is 3 or fewer days, the time interval for each data point is one hour. If the custom range is over 3 days, the time interval for each data point is one day.
The legend of your graph dynamically adjusts to your data usage and shows either Kb/s or Mb/s. The mouse-over popup will show more details of the measurements and uses always Kb/s
Upload and Download are displayed separately because the WAN link capacity can differ in both directions. Compare the lines High Water Mark and Average Used for a visual representation of how much of the available bandwidth the WAN link is consuming.
The WAN Utilization chart shows you how much of the available bandwidth of your WAN link you are consuming. Because capacity of your WAN link might not always be the same in both directions, two charts are provided Upload and Download.
The device records utilization measurements every minute. If Data Usage is enabled in the settings, the device calculates averages every five minutes resulting in twelve measurements per hour. The Average Used line averages those twelve measurements each hour. If bandwidth testing has been turned on for this device in the Class of Service settings, then the device will perform bandwidth tests and the High Water Mark and Maximum Used lines are also displayed. If this setting is turned off, ARMT will only display the Average Used line.
The graphs depict several types of bandwidth measurements over your chosen time range:
- High Water Mark: Each data point of this line shows the maximum value of the High Water Mark measurements from the bandwidth tests during the time interval. This provides an estimate of available bandwidth during the time interval. Click on High Water Mark below the chart to toggle on or off the High Water Mark line in the chart.
- Maximum Used: Each data point of this line shows the most data usage that was observed per time interval. Click on Maximum Used below the chart to toggle on or off the Maximum Used line in the chart.
- Average Used: Each data point of this line shows the average data usage that was measured during the time interval, in accordance with the Data Usage settings for the device. Click on Average Used below the chart to toggle on or off the Average Used line in the chart.
- Max Percentage Used: Mouse-over each data point of this on the chart to display a Maximum Percentage Used. This percentage indicates how close the actual bandwidth is compared to the tested bandwidth, and is determined by calculating the Maximum Used as a percentage of the High Water Mark during the time interval.
- Max Percentage by Range: This represents the highest recorded value for the Max Percentage Used over the selected time range.
Configuration tab
ARMT offers the ability to view and update certain fields of a VPN Gateway’s Service Manager profile. The Configuration tab lists the available profile settings you can change. A two-way sync between ARMT and the AT&T Service Manager is performed, so that when a user updates one of the listed configured settings here, the updated settings are pushed to Service Manager. Similarly, if profile settings are updated in the Service Manager, those changes will be pushed from the Service Manager to ARMT, and the settings listed on this tab will be updated accordingly.
The configuration tab also lists VLAN data from Service Manager. While in other cases there is a bidirectional flow, for VLANs the data flow is unidirectional; that is, data flows only from Service Manager to ARMT.
Settings tab
The Settings tap identifies the Site ID.
Tunnels tab
The Tunnels tab lists details for each VPN tunnel established by the VPN Gateway device
For each tunnel, the drop-down tunnel interface name offers the available tunnel commands for the tunnel. Possible tunnel commands include the following: Up, Down, Status, Bounce.
To view a complete list of details for a tunnel, click on the down arrow character in the upper right corner of the tunnel's detail display window.
The following details are provided:
- Name: The name of the tunnel, as specified in the Service Manager profile.
- Mode: Indicates if the user can control the tunnel.
- Tunnel State: The state of the tunnel. Possible values are: Down, Coming Up, Pending Dial Connection, Up, Coming Down, or Restarting.
- Endpoint Type: The authentication server that will be used by the tunnel endpoint.
- Endpoint IP: The IP address of the tunnel endpoint.
- Initiator: Indicates how the tunnel was initiated.
- Last Updated: The last time ARMT received an update concerning this tunnel.
- Connection ID: The unique identifier for the current tunnel connection.
- Connection Type: The type of network connection the tunnel is established over.
- Account: The account that the tunnel settings are registered under.
- User ID: The ATTUID that the tunnel settings are registered under.
- Duration: The total time that the current tunnel has been established as of when this page was loaded.
- WAN Connection: The network configured for the current WAN connection (WAN1, WAN2, etc.).
- AGNS Managed: The service the tunnel is authenticated for.
- Auth Server: The server where the tunnel details are configured.
- Auth Protocol: The authentication protocol for the tunnel.
- VPN Service IP: The IPv4 or IPv6 address that the VPN Gateway received as its local IP address for the tunnel.
Networks tab
The Networks tab lists details for eight LAN network interfaces that belong to the VPN Gateway device. If a field is listed with a value of “N/A”, that field is not applicable to the interface.
- Connection Type: The type of network connection for the interface.
- IP/Range: The IP addresses for the network.
- Ethernet Speed: If the network type is an Ethernet interface, then this indicates the speed of the Ethernet port.
- Ethernet Status: If the network type is an Ethernet interface, then this indicates the status of the physical connection on the Ethernet port.
- Priority: The priority of this LAN connection
- Metric: Specifies the priority
- MTU: The maximum transmission unit for an IPv4 packet.
- MTU IPv6: The maximum transmission unit for an IPv6 packet
- Gateway IP: The IP address of the network interface
- Gateway IPv6: The IPv6 address of the network interface
- Bytes Received: The number of bytes this network interface has received
- Bytes Transmitted: The number of bytes this network interface has been transmitted
- Last Updated: The most recent time these details about this network interface were updated.
Location tab
The location details for a VPN Gateway device are provided through the AT&T Service Manager profile of the device.
If there is no location information for the device on the Service Manager, or if the information is incorrect, you can update the location details here and the information will be pushed to the Service Manager.
ARMT uses the address of the device to query for the device's latitude and longitude coordinates and then uses the coordinates to indicate the device's location on the included map. At minimum, the first line of the Street Address field must exist for ARMT to discover the location coordinates. If the address is not found, the device's location will not be included on the map, but the address information will continue to be included in the ARMT information.
Contacts tab
The Contacts tab provides the name, phone number, and email address for the primary contact for the device.
To add contact information for this device:
- Click Add.
- In the New Contact window, either:
- Select an existing contact and click Add.
- Enter information for a new contact and click Create, then select the new contact an click Add.
Click Edit to change the contact information, and click Delete to delete the contact.
Intelliflow tab
The Intelliflow tab displays metrics gathered from the summarized netflows sent from the VPN Gateway device to the ARMT netflow collector. For these netflows to be sent, the VPN Gateway’s Service Manager profile must:
- Use version 10 of netflow.
- Send its netflows to the ARMT netflow collector.
- Add a firewall rule to the VPN Gateway device’s policy list to allow netflow packets to pass out through the maintenance tunnel to ARMT.
There are four time ranges available in the Range drop-down:
- 24 hours: For a range of 24 hours, the time interval for each data point is one hour.
- 7 days: For a range of 7 days, the time interval for each data point is one day.
- 30 days: For a range of 30 days, the time interval for each data point is one day.
- Custom: Select From and To dates to define the custom range for the report. If the custom range is 3 or fewer days, the time interval for each data point is one hour. If the custom range is over 3 days, the time interval for each data point is one day.
The metrics displayed on the Intelliflow tab detail the top 10 sources and destinations.
- Source: A source is an endpoint that clients request data from.
- Destintation: A client connected to the VPN Gateway devices’s LAN ports, or the VPN Gateway device itself.
The source/destination labeling is used, because most network traffic is clients downloading traffic from the Internet. If a customer’s VPN Gateway traffic is instead mostly uploading data, the source/destination labels will be reversed, meaning the clients connected to the VPN Gateway will be the source, and the destination will be the endpoints the clients are uploading data to.
NOTE: Only IPv4 traffic is captured by the VPN Gateway and sent as summarized netflows to ARMT.
Connectivity Tests tab
The Connectivity Tests tab displays the 10 most recent WAN backup connectivity tests reported by the VPN Gateway device. The results include:
- Result: Whether the test passed or failed.
- Reason: The error code (if applicable).
- Category: The category of the failed test (if applicable).
- Source: Whether the test was manually triggered or automated.
- Date: When the test was executed.
These tests are either performed automatically (the frequency being specified by the dial window in the device’s Service Manage profile) or manually through the locally web UI of the VPN Gateway or by issuing a Backup WAN Test command from ARMT.
Advanced Info tab
The Advanced Info tab allows you to view additional information about your VPN Gateway device.
- Click the checkbox for the sections about which you would like to view additional information. You can also click Check All or Uncheck All.
- Click Generate Sections.
- After the sections have been generated, click Display Results.
The results are displayed in a new tab on the browser. The URL used to display the information will expire after 60 minutes and will no longer be available.
IDS tab
This tab lists a count of IDS (intrustion detection) alerts detected by the VPN Gateway. The alerts are broken down by IDS type and displayed in tabular form, showing details for each type of alert and how many of each alert type was received.
The alerts are sent from the VPN Gateway device as SNMP informs to ARMT. The VPN Gateway must be running firmware version 6.5.0 or higher to send these informs. The chart on the IDS tab lists the total number of IDS alerts received per day (if any) over the past 30 days. Click on the number in the Count column to open a window providing detailed information about each alert.