Hello Sirs,

We are using Firewall Analyzer 7 (build7000) to gather reports from Cisco ASA firewalls.
I added another device which is Juniper SRX210 firewall. I easily got it up and reporting to Analyzer server. All the traffic is being reported perfectly.

On SRX – nothing is showing up. I do policy logging, exporting and see VPN traffic reports from the particular VPN subnets in „Traffic reports” section, but there is no report „per user”.

I believe it might be more difficult to implement than in ASA firewall as SRX in its session init/closed records does not show the particular username which is making traffic.

1. Mar 16 13:01:54  FW_Hostname RT_FLOW: RT_FLOW_SESSION_CREATE: session created 10.100.46.15/49554->72.163.4.161/80 junos-http 87.110.182.166/20936->72.163.4.161/80 source-nat-VPNiem None 6 DYN-VPN-POLICY untrust untrust 13063
2. Mar 16 13:02:27  FW_Hostname RT_FLOW: RT_FLOW_SESSION_CLOSE: session closed TCP RST: 10.100.46.15/49560->72.163.4.161/80 junos-http 87.110.182.166/7655->72.163.4.161/80 source-nat-VPNiem None 6 DYN-VPN-POLICY untrust untrust 21793 6(986) 4(602) 6

Therefore I’m curious what do you think and is it even possible to use this „VPN reports”  section to track VPN user traffic.