Sophos Firewall: Monitor bandwidth usage between IPs in realtime

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.

Table Of Contents

Overview
Product and Environment
Monitoring bandwidth usage between IPs in realtime

Overview

This article describes the steps to monitor Sophos Firewall traffic in real-time from the command line. For example, to identify what IP is using bandwidth.

Product and Environment

Sophos Firewall

Monitoring bandwidth usage between IPs in realtime

To monitor traffic usage in real-time, do as follows:

Sign in to the firewall using SSH.
Access the Advanced Shell (Option 5, option 3).
Enter the command:

iftop -i IFNAME
(Where IFNAME is the name of the interface, usually the LAN interface)
The description for the tool output is as follows:
To stop the tool, type Q to quit.
To show the traffic separated by source and destination port, append -P to the above command:

iftop -i IFNAME -P

Added Horizontal lines on Disclaimer and end of RR, Added table of contents
[edited by: Raphael Alganes at 2:48 PM (GMT -8) on 24 Nov 2023]

Top Replies

lferrara over 4 years ago +4

Iftop is an old tool that I still use on Linux Machines where UI is not even installed. On XG, We expect to see a complete flow monitor like UTM 9 has. 2 tabs where one shows the traffic in a grid…

rfcat_vk over 4 years ago

Thank you for the information. I hope this is an interim solution until a real feature is installed and part of the GUI?

Ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +2 Vote Down

Sign in to reply

Cancel
lferrara over 4 years ago

Iftop is an old tool that I still use on Linux Machines where UI is not even installed.

On XG, We expect to see a complete flow monitor like UTM 9 has.

2 tabs where one shows the traffic in a grid, one shows the diagrams.

Connection list is just useless at the moment on XG.

Iftop is much better than the connection list.
Cancel
Vote Up +4 Vote Down

Sign in to reply

Cancel
FormerMember over 2 years ago in reply to lferrara

If we want to see bandwidth usage per source IP, simply run the following:

iftop -i <interface_name>

then press s

This will sort the source IP bandwidth in descending order
Cancel
Vote Up +3 Vote Down

Sign in to reply

Cancel
NM_1987 over 2 years ago in reply to rfcat_vk

I agree that this is a workaround solution and I would urge all of you to cast your vote to increase the severity of this feature.

https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/43535607-monitor-utilization-bandwidth-for-every-subnet-vla

-----------------------

Thank & Regards,

Nilesh Mojidra

If a post solves your question, use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel
Raffa76 over 1 year ago

From a product that defines itself as high-end I was expecting a better tool, not a 20-year-old Linux tool, I hope Vega has developed a better and more immediate tool.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel