Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 4 subscribers
  • Views 19028 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Network Usage not including Intrusion Prevention Exception

Jay Jay

Specifically, I have ftp (port 21) excluded from IPS monitoring because I don't need ftp content scanned (cpu @ 100% when enabled and sending/receiving at full speed).  As a side effect, logging & reporting, network usage, bandwidth usage does *NOT* include bw used by the ftp traffic.

What I'd like to do is keep the ftp traffic from being scanned, but include its volume in the bw usages totals.

How?



This thread was automatically locked due to age.
  • 0

    An interesting situation, Jay.  Show us a picture of the Edit of your Exception.  Is Application Control enabled?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Bob,

    Application control is disabled.  By design, should network usage indicate usage even for ips exceptions?

  • 0 in reply to Jay Jay

    I don't know what the intended design is, Jay.  What happens if you delete the FTP service in that Exception?

    Another thought, do all of the other graphs and reporting details indicate that there's no problem with a PostgreSQL database?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I'm not sure how to check the PostgreSQL database.  All the graphs (including daily, weekly, monthly and bw usage) populate properly.  They just don't reflect data transferred using ftp.  If I disable the exception (no need to even delete) then bw usage is reflected accordingly... albeit at the price of scanning data that doesn't need to be scanned.

  • 0 in reply to Jay Jay

    My thought was to have the exception apply to the server and not include the FTP service.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    There's other traffic on the server which should be monitored for so that solution wouldn't quite work.

    The exclusion has been disabled/turned off for a few days.  I turned it back on little bit ago and transfered ~10 GB worth.  BW usage is reporting it now.  Very strange.  There's been days when upwards of 50GB was transferred and no indication of such transfers in bw usage.   We'll see how long this lasts for.

  • 0 in reply to Jay Jay

    I just don't think I've seen a situation where skipping traffic for Snort resulted in Reporting not counting the traffic.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Had another large transfer over night.  Network usage not reflecting again.  IPS exception for the service was enabled.

    Any thoughts on how to troubleshoot?

  • 0 in reply to Jay Jay

    Time to get Sophos Support involved.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    As someone with the home license, what channel of support is appropriate?

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?