Fix Virtual Network Gateway IKEv2 Security Logging
Ok, so logging access to enterprise networks is a basic security control which we shouldn't be asking for in year 2018.
If we deploy P2S/Virtual Network Gateway w/IKEv2/certificate authentication in its current state, we open our networks to the internet and have no idea who logs into it and from where. There are basically NO events logged for an authenticated user. In addition, the "Connection Count" doesn't increment. So If I have 100 users connect via IKEv2, Connection Count still shows 0.
THIS IS A SIGNIFICANT SECURITY HOLE.
Microsoft - this product shouldn't have been released, not in its current state. WTF are you guys thinking!?
Thanks for the feedback – the work has started on the more detailed logs. The current plan is to expose the logs and metrics through Azure Monitor. We will post an update once the logs are available.
Is there any update on this? We have a similar issue at a client I am on, where we need to see the connection information in the NPS logs when using Azure P2S VPN (using IKEv2). If we use SSTP we fully see the client connection information in the logs. I understand the Radius attributes are going to be added, but no time frame mentioned. Can we be updated as to when? It is a potentially blocker to using the Azure VPN.
Vahan Galachyan commented
This is good news, thanks Yushun.