Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 11955 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Live traffic use

Rob Grafton

So I have moved from the Cyberoam OS to the XG SFOS (the hardware we have is a number of CR iNG series devices). live traffic reporting in the cyberoam was terrible and I was hoping that the XG firmware was going to improve this.

I am not sure why the data shown on Current Activities > Live Conenctions (sorted by IP) is so useless. If you sort by downstream bandwidth the totals do not add up to anywhere near the activity. The images in this post are from a 10up 10down line. The system graphs in diagnostics show very high use (between 9 and 10 mb consistently) but as you can see the current activities is pretty poor. If you view by application it is even worse.

 

 

How do you identify in a live environment which IP address is using the majority of the bandwith? Drayteks have a simple data flow monitor that lets you know the bandwidth usage of each active host making it easy to pick out bandwidth hogs. I have assumed that the SFOS alternative was the current activities menus but the data they dispaly is just a waste of time. How do other people identify bandwidth hogs on their XG firewall?



This thread was automatically locked due to age.
  • 0

    The images I realise are useless an example of the data they display is below:

    These are the first 2 entries expanded, clearly the 828 Bytes /Sec is not the total of each application added together

    (2.92 KB + 952 Bytes + 67 Bytes is definitely more than 828 Bytes)

  • 0 in reply to Rob Grafton

    Rob,

    I remember another thread where the sum was not correct on the live connections. It is a bug and it should be fixed.

  • 0 in reply to lferrara

    Its a bug that I have seen on every cyberoam that we have been using since the ia devices and the most up to date firmware on sophos and cyberoam.

    One hell of a bug in something that should be used to quickly identify traffic on the network. I was really hoping that it would be fixed on the sophos OS.

     

    Does anyone have a work around or another simple (ish) way to see the high bandwidth offenders?

  • 0 in reply to Rob Grafton

    Hey Rob, 

    I agree with you and feel your pain, i have also been using cyberoam devices for the last 4 years and they all add this problem. And the new XG OS does also. I have asked support many times about the validity of the data shown but no one seems to have a good answer or proper knowledge about it. 

    I doubt its a bug because its been this way for the last 4 years and maybe even longer for people that have been using it longer. 

    I think this is a very important feature that should be accurate and not useless like it is right now. 

    I hope they get it right in v17