By Matthew Close, Senior Manager, IT Systems Engineering
In response to COVID-19, many CenturyLink customers have had large increases in the number of client VPNs, and this new demand has pushed the limits of some installed firewall models.
Client VPN usage has been historically small (50 to 100 users per site, per customer) because of how the service is normally deployed. Often just a handful of administrators will connect remotely to firewalls via a VPN. That has changed drastically, with some customers requiring 1,000s of remote users as their employees started working from home.
Engineering has seen escalations for real-time usage tracking. In instances where usage was reaching platform limits, customers have wanted to upgrade to larger platforms or direct some users to other installed sites.
In less than a week, engineering implemented three new monitoring points — client VPN connection count, IPSec VPN tunnel count, and IPSec VPN traffic count — to the devices. We were able to also rapidly deploy the graphed data into the customer’s portal.
The graph below shows client VPN connections. The red line indicates the platform’s VPN connection maximum. The firewall in this example is a Cisco ASA 5525 with a platform maximum of 750 remote users. From this graph, it’s easy to see...