The active sessions list summarizes the current users within the Collective. The list includes information such as the username, identity provider, and the client type for each session.
Filtering and sorting
The search box can be used to filter the view of the Active Sessions page (Usage > Active Sessions). Most columns are sortable; click on a column heading to change the item order.
Actions Button
The Actions button in the Active Sessions page displays the following options:
Analyze Policy Assignments. Runs a simulation of the policy assignment process using the user's currently reported claims. This will allow you to see which policies are being applied as well as the resulting device settings - which may come from a number of different policies.
Download Client Logs. Triggers a log bundle download from the device being used. Requires client v6.1 or later. This will download a zip archive of the user's client logs.
Renew Tokens. Will refresh the tokens for this device. This might be used to push an entitlement update to a user's device. It is possible to use bulk actions on active sessions to renew tokens. This can also be done from Registered Devices.
Add User to Denylist. Removes access from all devices for this user by revoking all related tokens and adds them to the denylist preventing them from signing in again. This can also be done from Registered Devices.
Active Session Details
Click on any row in the Active Sessions page to access Active Session Details. This page displays session details for the selected user or device and provides additional details for the selected Site.
General session details
The top of the Active Session Details page includes a set of fixed non-Site-specific details about the chosen session:
Username
Identity Provider
Time to Connect to All Sites, in ms.
Hostname
Sign-in Time, including the date.
Number of DNS Errors. The number of times the client failed to resolve the Gateway's public IP when trying to connect.
Tunnel IPv4
Tunnel IPv6
Total Transferred Data (Sent/Received), in MB.
Device ID
Operating System and version number.
Number of Unreachable Protected Hosts. When there are unreachable protected hosts reported, you can obtain more details from the App Health Reports page.
This section may also include warnings about IP address conflicts. AppGate ZTNA routes traffic to multiple Sites simultaneously. It is therefore important to avoid having the same IP address appear on multiple Sites. If a conflict is detected, a message detailing the offending Sites will appear so action can be taken.
Site-specific details
The Action Session Details page contains the following information about the selected session:
Select Site. The user may be connected to multiple Sites. The seven additional details tabs display the information for only the Site chosen from the drop-down.
NOTE
During failover or client reconnection (moving from one Gateway to another) both Gateways may report that the same user is attached.This will resolve itself within five minutes.
Entitlements. The entitlements shown are those which are allowed by policies.
| Entitlements show:
|
System Claims. The current claim values used for this session. The appendix contains more information about Claims in detail.
User Claims. The current claim values used for this session. The appendix contains more information about Claims in detail.
Device Claims. The current claim values used for this session. The appendix contains more information about Claims in detail.
Gateway Stats. Detailed statistics from the Gateway for the user's session, such as total bytes read and written through the VPN daemon servicing this user.
Session Stats. Details about the session's connection, including time to connect, round-trip time, and traffic mode.