Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

a small question about understanding network statistics (CLI)

on a sophos firewall (e.g. xgs136) I can view the interface statistics via the CLI. (command: show network interfaces)

At the output I notice that there are many dropped packets at RX state (receive).(LAN Interface)

Port1            Zonetype:LAN  MAC Address:XX:XX:XX:XX:XX  MTU:1500
                 IPv6 Addr(s): XXXXX::XXXXX:XXXXXX:XXXXX:1/64 (link-local)
                 Speed:1000Mb/s Full Duplex  Auto Negotiation:yes
                 UP BROADCAST RUNNING SLAVE MULTICAST
                 RX State: packets:2682687049 bytes:531478369640 (494.9 GiB)
                           errors:0 dropped:62795887 overruns:0 frame:0
                 TX State: packets:3826280005 bytes:3010216377751 (2.7 TiB)
                           errors:0 dropped:0 overruns:0 carrier:0

Does this statistic include the dropped packets that were blocked due to the firewall rules?

What period does this statistic cover and can I reset it via cli without impact?

many thanks for a hint

Rgd,

Tom



Added TAGs
[edited by: Raphael Alganes at 11:15 AM (GMT -8) on 25 Nov 2024]
Parents Reply Children
  • Hello Raphael,

    first of all, thank you very much for your reply.

    a little more information as background:
    we have 9 branches, each with 1 HA cluster. (2 nodes) Different Firewalls (XGS116+126+136+2300+4300)
    Each cluster has 1 LAN interface and 2 WAN interfaces.
    If I look at the statistics for all interfaces, ‘all’ have many dropped packets. On the LAN and WAN side.
    We use Cisco switches on the LAN side and Sophos switches on the WAN side. The cables are all new and shielded (CAT6A)
    I don't see any errors on the Cisco switches on the corresponding interfaces. Neither drops nor errors. Unfortunately I cannot check the Sophos switches as they are not managed.
    In fact, we have complaints at one location that the performance fluctuates from time to time. That's why I wanted to take a look at the statistics. But these are also resource-hungry CAD programs that run via Citrix virtualisation.
    Otherwise, we have no complaints at all about performance problems at any of our 9 locations.

    Since we have the dropped packets at each location, LAN and WAN side and also with different switches and new cables, I can't imagine having a layer 1 or 2 problem here.