Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 2 answers
  • Subscribers 5 subscribers
  • Views 12006 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Flow monitor inconsistencies between interfaces

DanielBarnes

I was using flow monitor to try and identify traffic going over our internet link.

eth0 is wan, eth1 is lan.

I was monitoring some traffic in flow control,

I opened eth0 in flow control, and then opened eth1.

I viewed some HD youtube videos for about 5 minutes then checked to see if I could find the result.

One interface identifies some traffic as Soundcloud, and the other identifies around the same amount of traffic ~190mb as youtube:

Has anyone else seen this behaviour before? Is it simply the UTM misidentifying the traffic as Soundcloud?

Cheers



This thread was automatically locked due to age.
  • 0

    Hi Daneil,

    Provide us some time to verify this and we will revert back with an update.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0

    I have the same problem. UTM 9 takes Youtube as Soundcloud.

  • 0 in reply to IgnacioRubial

    Glad to know I am not alone!
    This is just the traffic I have noticed is misidentified, and I havn't looked very hard. What else could also be misidentified?

    This issue has prevented our company from using any Application based traffic control and throttling. I don't have enough trust in the Application identification to start limiting and throttling users traffic based on it...

  • 0 in reply to DanielBarnes

    I haven't identified other mistaken traffic, but now my entire report module just stopped working.....im waiting for the supports technicians to connect to my UTM

  • 0

    I also have the same problem - traffic to Apple (17.0.0.0/8) which is clearly not Soundcloud is being categorized as Soundcloud traffic.

  • 0 in reply to IgnacioRubial

    Hi,

    Please provide me the Case# in support. I want to followup on this issue.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to DanielBarnes

    Daniel, most applications are correctly recognized, and avoiding making rules for those that you're not confidant of is easily done.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to sachingurung

    The support team repair my report module, but the youtube = soundcloud issue remains

  • 0 in reply to IgnacioRubial

    Hi,

    Sounds great that support has a fix to this. As per my observation, there is traffic that is incorrectly recognized as SoundCloud. I want to check what TS steps did support took to resolve the categorization issue. Alongside, I will speak to the development team over this matter.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0

    >Has anyone else seen this behaviour before? Is it simply the UTM misidentifying the traffic as Soundcloud?

    We have the same issue here with UTM Version 9.406.3, which is the latest release. We have a software appliance running the Filtering.

    How can we re-define the Soundcloud Pattern with label "youtube" ?

    Which is the correct Pattern for Soundcloud ? can this be adjusted only by support or can we configure this somwhere inside the UTM ?

    I played  with soundcloud streaming and youtube streaming  - the traffic is both https encrypted, if i block SoundCloud in Application control Rules, the website is blocked, but Youtube website can be accessed.

    If I switch of the application Control Rule for Soundcloud and play 2 streams in youtube and soundcloud simultaniously from my test client, I see only Traffic labeled as "Soundcloud" .

    If I switch it on again, I cannot access the soundcloud Website at all.

    Then I shaped the Traffic labelled "Soundcloud" with button from Traffic monitor and created a throttling rule in QOS panel (Interfaces & Routing > QoS). This throttling definetly works fine on Youtube traffic, and gives all flexible control on Bandwith, shared bandwith, each session bandwith etc.

    We will appreciate very much, if the algorithms for traffic patterns will be improved in the future, as the throttling is an easy way to control company internet bandwith.

    Best Regards from Hamburg, Germany.

Unfiltered HTML