Thread Info
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 2848 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM In & Out Traffic

feroz syed

Hello,

Today i found something weird on my UTM logs, the client downloaded some files from Internet and i see the the traffic it show opposite direction, the download content should appear as Inbound traffic but below screenshot show totally wrong.

Any suggestion would be appreciated



This thread was automatically locked due to age.
Parents

  • Hello,

    this is quite normal: the traffic is counted on every interface, the sums are shown here. So when downloading some fles form the internet to internal LAN, this counts as "IN" traffic on "WAN" and as "OUT" on "LAN". If you have more than one internal interfaces, which communicate with each other, then you may have a lot more of traffic counting as "OUT" than you have on the "IN" side.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • in reply to PhilippRusch

    Thanks for the reply sir, this happened only today and i can't predict the user Uploaded file or download, if upload means i have no issue but now logs totally show different ...this not only for that user but all users. Is there any way to make outgoing traffic as outside and income as inbound.

  • in reply to feroz syed

    Hello,

    the info regarding traffic leaving and arriving at the interfaces is correct. There is no need to change anything.

    Without nowing your network topology, I cannot tell where this traffic is coming from and going to.

    My experience with admins is, that the often see all internal networks as a whole and then "the internet" on the other side of the firewall and expactation is, this is seen as "IN" is coming in from "the internet" and "OUT" is what is outgoing in direction TO "the internet".

    This is NOT what you are seeing here. This is the sum of all traffic of all interfaces. You could have an (internal) interface connected to WiFI and another (internal) connected to yur production LAN, When printing (as an example) from WiFI Clients to internal printers in "LAN" this counts as "outgoing" traffic from the LAN interface.

    HTH.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • in reply to feroz syed

    Hello,

    the info regarding traffic leaving and arriving at the interfaces is correct. There is no need to change anything.

    Without nowing your network topology, I cannot tell where this traffic is coming from and going to.

    My experience with admins is, that the often see all internal networks as a whole and then "the internet" on the other side of the firewall and expactation is, this is seen as "IN" is coming in from "the internet" and "OUT" is what is outgoing in direction TO "the internet".

    This is NOT what you are seeing here. This is the sum of all traffic of all interfaces. You could have an (internal) interface connected to WiFI and another (internal) connected to yur production LAN, When printing (as an example) from WiFI Clients to internal printers in "LAN" this counts as "outgoing" traffic from the LAN interface.

    HTH.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Unfiltered HTML