diff --git a/controller.rst b/controller.rst index 711d88c..8db726b 100644 --- a/controller.rst +++ b/controller.rst @@ -74,6 +74,14 @@ The administrator can also reset the user password and delete users. After logging in, each user can change their password and generate an SSH key pair for accessing the unit. +Two Factor Authentication (2FA) +------------------------------- + +Each controller user can enable Two Factor Authentication (2FA) to increase the security of the account. +To enable 2FA, follow the same steps documented inside the firewall web interface: :ref:`2fa-section`. + +The administrator can see the 2FA status of each user inside the user list. + Units ===== diff --git a/monitoring.rst b/monitoring.rst index 3ff93ba..a79f7de 100644 --- a/monitoring.rst +++ b/monitoring.rst @@ -74,7 +74,7 @@ The connectivity section provides an overview of WAN connections, including stat This page shows the following information: -- ``WANs``: list of the WAN connections with their current status (UP/DOWN). +- ``WANs``: list of the WAN connections with their current status (UP/DOWN) and public IP address. The status information helps ensure that critical network connections are online, and any downtime are immediately addressed. Data are sourced from the firewall mwan3 status. @@ -89,6 +89,14 @@ This page shows the following information: this histogram shows the traffic data for each WAN connection over the past 60 minutes, sourced from Netdata. It helps track real-time performance and diagnose issues such as uneven load balancing or WAN link saturation. +- ``Latency to
``: + this section provides real-time latency data for a specific IP address configured inside the :ref:`ping_latency-section` module. + The cart helps to monitor network performance and identify potential connectivity issues. + +- ``Packet delivery rate to
``: + this section provides real-time packet delivery rate data for a specific IP address configured inside the :ref:`ping_latency-section` module. + If the rate is below 100% it could indicate network congestion or connectivity issues. + VPN --- @@ -197,6 +205,8 @@ and click :guilabel:`Open report` button from the ``Real time report`` tab. Netdata metrics are saved in RAM and will be reset at very machine reboot. If the firewall is connected to the :ref:`remote controller `, metrics will be stored to the controller itself and preserved across reboots. +.. _ping_latency-section: + Ping latency monitoring ------------------------ diff --git a/openvpn_roadwarrior.rst b/openvpn_roadwarrior.rst index dc7681e..b2c8be3 100644 --- a/openvpn_roadwarrior.rst +++ b/openvpn_roadwarrior.rst @@ -185,3 +185,17 @@ Add these options to the Roadwarrior server configuration :: /etc/init.d/openvpn restart ns_roadwarrior1 The MTU values may need to be adjusted to fit your specific network environment. A lower MTU ensures packets fit within the limits of the VPN tunnel without fragmentation, but depending on network latency or overhead, slightly different values might be necessary. + +Connection history +------------------ + +Every time a client connects or disconnects from the server, the event is saved inside a SQLite database stored in RAM. +Such event history can be viewed by clicking on tab ``Connection History`` available on the top of the page. + +By default the page will display all connections from current day, but it is possible to filter the results by date and time and account name. + +To download all history in CSV format, click on the button :guilabel:`Download server history`. +The header of the CSV file explains the meaning of each column, including the units of measure. + +Once the server is rebooted, the local history is lost. +If the server is connected to a :ref:`controller-section`, the history is sent to the controller and can be viewed inside the :ref:`historical_monitoring-section`.