I see in the User App Risks & Usage reports for today that the WAN bytes is 299.88 GB which is impossible as the WAN up-link is only 8 Mbps.
So I went to check which hosts made these bytes and found that only 2 hosts made 95% of these bytes
Again, it's impossible for those 2 hosts to make all these bytes as the have a very limited internet access.
The rule that allows internet for them only allows HTTP & HTTPS (scanning is enabled) with the below Web Policy and App Policy is allow all
As you can see the web policy allows only a white list of domains and everything else is blocked.
Then when I checked the Blocked Web Attempts report I found that these 2 hosts have millions of blocked web attempts
So I concluded that the User App Risks & Usage counts these blocked attempts as used bytes and I think that this is very misleading and not accurate.
Now, Is there a better way to see an accurate bytes usage report for each IP host?
This thread was automatically locked due to age.
