Today i found something weird on my UTM logs, the client downloaded some files from Internet and i see the the traffic it show opposite direction, the download content should appear as Inbound traffic but below screenshot show totally wrong.
Any suggestion would be appreciated
this is quite normal: the traffic is counted on every interface, the sums are shown here. So when downloading some fles form the internet to internal LAN, this counts as "IN" traffic on "WAN" and as "OUT" on "LAN". If you have more than one internal interfaces, which communicate with each other, then you may have a lot more of traffic counting as "OUT" than you have on the "IN" side.
Mit freundlichem Gruß, best regards from Germany,
New Vision GmbH, GermanySophos Silver-Partner
If a post solves your question please use the 'Verify Answer' button.
Thanks for the reply sir, this happened only today and i can't predict the user Uploaded file or download, if upload means i have no issue but now logs totally show different ...this not only for that user but all users. Is there any way to make outgoing traffic as outside and income as inbound.
the info regarding traffic leaving and arriving at the interfaces is correct. There is no need to change anything.
Without nowing your network topology, I cannot tell where this traffic is coming from and going to.
My experience with admins is, that the often see all internal networks as a whole and then "the internet" on the other side of the firewall and expactation is, this is seen as "IN" is coming in from "the internet" and "OUT" is what is outgoing in direction TO "the internet".
This is NOT what you are seeing here. This is the sum of all traffic of all interfaces. You could have an (internal) interface connected to WiFI and another (internal) connected to yur production LAN, When printing (as an example) from WiFI Clients to internal printers in "LAN" this counts as "outgoing" traffic from the LAN interface.