Endpoint Agent VPN Support
The ThousandEyes Endpoint Agent supports end-to-end visibility of network nodes and metrics for traffic that traverses a number of virtual private networks (VPNs). When present, the VPN will be displayed on the path visualization, and the client will populate the VPN Vendor attribute visible in the various Endpoint Agent views. VPN filters can also be applied to each view.
ThousandEyes supports the following VPNs for the Endpoint Agent:
- Cisco AnyConnect
- F5 BIG-IP APM VPN
- Palo Alto Global Protect
- Pulse Secure Connect
- ZScaler Internet Access (ZIA)
No additional configuration is required to enable VPN support.
- ThousandEyes recommends using TCP-based testing, as some VPNs block ICMP traffic.
- Full-tunnel VPNs will not allow any traffic outside the tunnel. As such, ThousandEyes may be unable to provide visibility to the underlay (the physical connection between the endpoint and the VPN gateway).
The Endpoint Agent passively monitors the VPN’s state by inspecting the VPN client’s logs. If an Endpoint Agent stops working or doesn’t work as expected, ThousandEyes recommends that you open a Support case, and include the specific VPN client version and the VPN client’s logs in the case.