This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Flow monitor inconsistencies between interfaces

I was using flow monitor to try and identify traffic going over our internet link.

eth0 is wan, eth1 is lan.

I was monitoring some traffic in flow control,

I opened eth0 in flow control, and then opened eth1.

I viewed some HD youtube videos for about 5 minutes then checked to see if I could find the result.

One interface identifies some traffic as Soundcloud, and the other identifies around the same amount of traffic ~190mb as youtube:

Has anyone else seen this behaviour before? Is it simply the UTM misidentifying the traffic as Soundcloud?

Cheers



This thread was automatically locked due to age.
Parents
  • >Has anyone else seen this behaviour before? Is it simply the UTM misidentifying the traffic as Soundcloud?

    We have the same issue here with UTM Version 9.406.3, which is the latest release. We have a software appliance running the Filtering.

    How can we re-define the Soundcloud Pattern with label "youtube" ?

    Which is the correct Pattern for Soundcloud ? can this be adjusted only by support or can we configure this somwhere inside the UTM ?

    I played  with soundcloud streaming and youtube streaming  - the traffic is both https encrypted, if i block SoundCloud in Application control Rules, the website is blocked, but Youtube website can be accessed.

    If I switch of the application Control Rule for Soundcloud and play 2 streams in youtube and soundcloud simultaniously from my test client, I see only Traffic labeled as "Soundcloud" .

    If I switch it on again, I cannot access the soundcloud Website at all.

    Then I shaped the Traffic labelled "Soundcloud" with button from Traffic monitor and created a throttling rule in QOS panel (Interfaces & Routing > QoS). This throttling definetly works fine on Youtube traffic, and gives all flexible control on Bandwith, shared bandwith, each session bandwith etc.

    We will appreciate very much, if the algorithms for traffic patterns will be improved in the future, as the throttling is an easy way to control company internet bandwith.

    Best Regards from Hamburg, Germany.

  • Hi mate. I've resolved the issue by enabling the HTTPS scan and decrypt on the Web Proxy module. We have complete reports now with all the website being categorized and tagged correctly. If you have trouble with the certificate on the web browsers afyer enabling the decrypt and scan let me know

Reply
  • Hi mate. I've resolved the issue by enabling the HTTPS scan and decrypt on the Web Proxy module. We have complete reports now with all the website being categorized and tagged correctly. If you have trouble with the certificate on the web browsers afyer enabling the decrypt and scan let me know

Children
No Data