Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 2 answers
  • Subscribers 26 subscribers
  • Views 18307 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Top talkers and bandwidth usage in general

DavidMcLaughlin1

Had an issue yesterday where I noticed a lot of packet loss from an external ping test to the WAN side. Logged into the XG210 and saw that the link was maxed out by looking at the dashboard widget, this was also causing a LCP timeout error and dropping the gateway every 5-10 minutes or so. Neither I or support could work out

1. What direction was the maxed out traffic.
2. What host(s) were generating all the traffic.
3. Despite having shaping on all rules they seemed to get ignored.
4. Why the traffic made the link so unstable

I ended up guessing it was a newly plugged in Surface Pro as the issue only started that morning. Shutting it down got everything back to normal. 

I also found the Wan Link Manager page and it showed 32GB download for the day when 3 to 4 is normal.

How do the seasoned Sophos folk track down issues like this? Is traffic only logged in reports if you have the relevant rule? No reports show that amount of traffic. 

Also, where do you see all dropped packets?

Cheers
Dave 



This thread was automatically locked due to age.
Parents
  • 0

    Hi David,

    Greetings.

    I suspect that the Surface Pro devices were generating traffic due to updates. You can investigate this through the Custom Report option in XG. Navigate through Reports> Custom & Special Reports> Custom Web Report, and configure the IP address, Surface Pro received on the incident day.

    Next, I suspect some Applications might be utilizing higher bandwidth, which chokes the bandwidth. In such instance, if the bandwidth's threshold is breached, drops can be observed.

    To check the Application Usage report you can navigate to Reports>Application and browse through the options depending on your requirement.

    Drop packet's reports are not available in reports, you can check the value of drops on an interface. To check this login to UTM's CLI and go to option 4. Device Console.

    Type "show network interfaces"

    This will show you the error and drops captured on an interface. 

    Hope that helps:)

Reply
  • 0

    Hi David,

    Greetings.

    I suspect that the Surface Pro devices were generating traffic due to updates. You can investigate this through the Custom Report option in XG. Navigate through Reports> Custom & Special Reports> Custom Web Report, and configure the IP address, Surface Pro received on the incident day.

    Next, I suspect some Applications might be utilizing higher bandwidth, which chokes the bandwidth. In such instance, if the bandwidth's threshold is breached, drops can be observed.

    To check the Application Usage report you can navigate to Reports>Application and browse through the options depending on your requirement.

    Drop packet's reports are not available in reports, you can check the value of drops on an interface. To check this login to UTM's CLI and go to option 4. Device Console.

    Type "show network interfaces"

    This will show you the error and drops captured on an interface. 

    Hope that helps:)

Children
No Data