This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAN High Bandwidth Usage

Hi all,

I've a big problem on Sophos UTM 9.314-13. From few days I'm experiencing very high bandwidth usage from WAN interface (not internal hosts, directly from WAN interface) with HTTP protocol (many gigas at day), almost 100% bandwidth usage, inbound (99.55%).

What's the problem? I've checked internal network (60 users) and none of them is using massively internet during the day.

Plus, in System Log i've found strange messages about DNS resolver, like:

dns-resolver[5103]: DNS server failed to contact!

However I've configured DNS forwarders and internal domain correctly (as Sophos best practice).

What can I do? I have to downgrade it? To which version to avoid this issue?

Apparently the WAN interface "downloads" HTTP data but I can't see from which host it is downloading this data?

Can anyone help me?

Thanks


This thread was automatically locked due to age.
Parents
  • Hi, and welcome to the User BB!

    This sounds like the HTTP Proxy is trying to download a file, but the server keeps breaking the connection.  What happens if you disable/enable web Filtering?

    Cheers - Bob
    PS Sorry, I wrote that over an hour ago and just posted it.  Check the Web Filtering Live Log to see what access is causing this problem.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    Here I am facing same issue , tried by Disabling HTTP proxy and enabling but no luck.

  • Have you watched the Web Filtering Live Log to see if there's any hint there?  What about the Flow Monitor (on the Dashboard, click on the usage box to the right of the Interface name)?  If there's nothing there, try a reboot.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,


    While monitoring Flow i am getting usage of more by Unclassified Service in that most usage is take =n by akamaitechnologies.com servers, where these server are used by lot of guys for Update distribution.


    I tried to block these ip's by creating rule to frop packets from Akamai IP to any and vice versa, even tough i getting traffic from those servers.

  • The only solution is to find which updates are causing this problem and then create DNS groups in the 'Transparent Mode Skiplist'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • You mean to say DNS group of those SERVER's which is consuming bandwidth?

    Where is this 'Transparent Mode Skiplist'. option.

    NOTE: Even i created rule to drop some IPs but even tough its passing from that IP's as well.

Reply Children
  • Hi Bob,

    I did some more analysis and found that these Traffic was requested by One Specific Client, than i made black at Client end itself and now my bandwidth consumption is normal.

    Thanks for Support , This i was able to trace with the Help of  "FLOW MONITOR"


    Web Protection -> Application Firltering -> Flow Monitor or Just Click on All Interface on Dashboard to get "Flow Monitor Screen"