Hello,
i'm having an issue in a customer deploy that the wan is showing CONSTANT very high usage, but the corresponding LAN traffic is not there.
if i open the flow monitor on the WAN port, i see that application HTTP is consuming all the BW with 3 clients, when i click the client it shows the PUBLIC IP address of the WAN port as the offending culprit.(~800KBPS/8mbits of download traffic)
But if i open the flow monitor for the LAN port i have less than 1mbit of traffic either direction.
i have no PF rules or internal web servers, in fact there are NO port forwards open.
¿how do i troubleshoot this?, the PF livelog is not showing any blocked traffic on http port.
Web filtering is active with AV scan, could this be files being downloaded by the proxy(but it's happening throughout the entire workday!) before the utm allowing the download?, but i have a 30MB file limit set...
i also don't see anyway to monitor what current files are being downloaded by the web proxy.
edit: i even blocked HTTP from the flow control, which created an app control rule... well, it's not working!, it's not blocking anything and traffic still is maxed out
This thread was automatically locked due to age.
