Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 15 replies
  • Answers 2 answers
  • Subscribers 4 subscribers
  • Views 19374 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

net traffic

AreshAreshi

Hi,

Could someone put me in right direction?

in the network usage log what is the top client and what is the top server? does the top client means the incoming traffice and the top server means uit goinig traffice?

this really confuing and we cannot find any documantion on this?

is the total traffice that we see in the daily report is outgoing and incoming data? how can we know how much of this data is outgoing or incoming?

Any hint would be appreciated.



This thread was automatically locked due to age.
  • 0

    Hi Aresh,

    Greetings.

    Top Client will give you report for the total traffic consumed by internal clients through UTM. Alongside, Top Server will give you report for the incoming server traffic.

    Please note that the labels IN and OUT for traffic may vary depending on the point of view. When running in proxy mode, the client connects to port 8080 on UTM, so data sent by the client (the request) is seen as incoming traffic and the data sent to the client (the response) is seen as outgoing traffic on the internal interface.

    The total traffic the daily report reflects is the total consumption of data IN and OUT.

    As of now, there is no provision to check the data consumption individually i.e., IN and OUT separately.

    Hope that helps:)

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi Sachin,

    Thank you for explaining the net usage,

    I really like to know how network usage works. We are an hosting company, security and data usage is very important to us. As security point of view we are very happy with the utm.

    You said "Top Client will give you report for the total traffic consumed by internal clients through UTM"

    But when we check the top clients I can see the external IP of one of our customers that access our FTP server to upload daily data to our FTP server!! I also see more external IP's that thier destnation is to the servers at our LAN.

    Also I dont undrestand the network usage of the NICs in daily Reports,

    The report shows the Total trafiic is 45.8GB, but when I check the graphs of all the NICs I dont understand how Sophos comeup with this number, this is my graph of a daily report:

    Total eth0 (LAN):57.95

    Total eth1 (WAN): 23.99

    Total eth 3: 2.53

    is there some good documantion on this subject?

  • 0

    Another way to think of it is to consider that the client makes requests and the server responds.  So, you can have servers and clients both internally and externally.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    Thank you as alwyay for your reply,

    Any idea why in the report the totaal net traffic is not the same as totaal intern en extern traffice?

    Thanks

  • 0 in reply to AreshAreshi

    Without a picture, I'm not sure to which items you're referring, Aresh.  Maybe the following will help - when a client goes to Google, the browser sends packets to the Internal interface where they are counted as incoming, when the packets are sent to Google, they are counted as outgoing from the External interface, thus appearing to count the traffic twice.  Was that your question?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    Thank you for the reply,

    Your explanation regarding the double couning is helpful.

    I upload the graph of yesterday daliy report, why the traffice processed said 24.4 gb? how utm come to this number?

    the report says:

    network usage:

    Traffic process: 24..4 Gb

    eth0(lan): 30.45 gb

    eth1(wan) : 15.80

    eth3: 2.42

  • 0 in reply to AreshAreshi

    Hi Aresh,

    I checked the screenshots you shared. I am unable to figure out where did you discovered traffice processed said 24.4 Gb ?

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi Sachin,

    Thank you for the update,

    I see the 24.4 in the same daily Report that see the graphs:

    If you like I can send you the that daily Report

  • 0 in reply to AreshAreshi

    Hi Aresh,

    Yes, please share it!

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi Sachin,

    Please let me know if I can mail it to you, because it has information that we dont want to become public.

    Thanks

Unfiltered HTML