View TS Agent Data

View Information About the TS Agent

Use the following procedure to view the current user sessions on the network and the port ranges assigned to each session. The data is read-only.

Procedure

Step 1

On the server where you installed the TS Agent, start the TS Agent interface as described in Start the TS Agent Configuration Interface.

Step 2

Click the Monitor tab. The following columns are displayed:

  • Source IP: Displays the user's IP address value in IPv4 and/or IPv6 format. When both IPv4 and IPv6 addresses are configured and a new session is just created, both IPv4 and IPv6 addresses are displayed in separate rows.
  • Status: Displays the status of assigning ports to the user. For more information, see View Connection Status.
  • Session ID: Number that identifies the user's session. A user can have more than one session at a time.
  • Username: Username associated with the session.
  • Domain: Active Directory domain in which the user logged in.
  • Port Range: Port range assigned to the user. (A value of 0 indicates an issue assigning ports; for more information, see View Connection Status).
  • TCP Ports Usage and UDP Ports Usage: Displays the percentage of allocated ports per user. When the percentage exceeds 50%, the field background is yellow. When the percentage exceeds 80%, the field background is red.
  • Login Date: Date the user logged in.

Step 3

The following table shows the actions you can perform:

Item

Description

Click column heading

Sort data in the table by that column.

Enter a portion of a username or a complete username in the Filter by Username search field.

Click to refresh sessions displayed on this tab page.

Export the following troubleshooting information about the TS Agent as text files:

  • XML file containing TS Agent configuration data

  • Output from the netstat -a -n -o command

  • Windows task list

  • List of running drivers

Check the box next to one or more sessions to restream those sessions to the Cloud-Delivered Firewall Management Center or . You can use this in the event the user service fails on the Cloud-Delivered Firewall Management Center or .

For example, suppose a user logs in to the TS Agent server after the user service fails on the Cloud-Delivered Firewall Management Center or . You can use this option to send the user session again after the user service is restored. This should cause Success to be displayed for that user in the Status column.

View Connection Status

When users have logged into Terminal Services where TS Agent is installed, a new system session is created, a port range is allocated for this session, and the results are sent to Cloud-Delivered Firewall Management Center or for propagation to managed devices.

The Monitor tab page enables you to confirm that the port range was successfully sent to the Cloud-Delivered Firewall Management Center or . Among the reasons why the process might have failed include:

  • Network connectivity issuess

  • Token expiration

  • Incorrect domain name configured for the realm

Procedure

Step 1

On the server where you installed the TS Agent, start the TS Agent interface as described in Start the TS Agent Configuration Interface.

Step 2

Click the Monitor tab.

Step 3

The Status column has one of the following values:

  • Pending: The action is pending but not yet completed.
  • Failed: The action failed. Click the word Failed to view an error message. If the error indicates a communication failure with the Cloud-Delivered Firewall Management Center or , try to restream traffic for that session as discussed in View Information About the TS Agent.
  • Success: The action completed successfully.

View TS Agent User, User Session, and TCP/UDP Connection Data on the Cloud-Delivered Firewall Management Center or

Use the following procedure to view data reported by the TS Agent. For more information about the user tables, see the Cisco Secure Firewall Management Center Administration Guide.

Procedure

Step 1

To access the information in the Secure Management Center, log in.

Step 2

Access the information in Security Cloud Control:

  1. Log in to the Cloud-Delivered Firewall Management Center or where you configured the realms targeting the users your server is monitoring.

  2. Click Policies > Firewall Threat Defense.

Step 3

To view users in the Users table, click Analysis > Users heading > Users.

Cloud-Delivered Firewall Management Center or populates the Current IP, End Port, and Start Port columns if a TS Agent user's session is currently active.

Step 4

To view user sessions in the User Activity table, choose Analysis > Users heading > User Activity.

The Cloud-Delivered Firewall Management Center or populates the Current IP, End Port, and Start Port columns if the TS Agent reported the user session.

Step 5

Log in to your Secure Management Center.

Step 6

To view TCP/UDP connections in the Connection Events table, click Analysis > Connections > Events.

The Cloud-Delivered Firewall Management Center or populates the Initiator/Responder IP field with the IP address of the TS Agent that reported the connection and the Source Port/ICMP Type field with the port the TS Agent assigned to the connection.