we are having network performance problems and when i look at my logs it seems that is always using alot of http traffic on our computers

from what i have read about it, alot of companies outsource to them to globally provide web services like streaming, downloads etc.

i would like to block it but hesitant.

also can some advise of a good way of monitoring what traffic each pc on the network is generating?
advise would be great please


Who is Participating?
If you are using the HTTP-Proxy filter for outbound traffic on your firewall you can turn on logging and check the "Send to Reports" box. Then you can use Watchguard's Report server to tell you exactly which hosts are generating what traffic and the volume. The Report Server software comes with the Watchguard Firebox.

Just realized that I am assuming you have a firebox since you posted in the Watchguard category...
Brian PringleSystems Analyst II, SCM, ERPCommented:
As for monitoring the traffic on the PCs, you will generate more overhead by trying to monitor what computer does what from a central location.  You might want to install some sort of tracking software on each computer and have them upload a log to a central computer nightly.

As for that domain, you are right that some legitimate companies use it, but do any of those uses meet your business needs/requirements?  If not, then block it.  It is better to block something that causes loss of productivity than to have users using network resources for something that is not business related.

If a user does complain, then you can look into a business case for that particular use.  You will learn soon enough if there is a legitimate need for that site.
I agree with BT.
One more thing to try is looking at the logs of your router. Some routers have logs that will list sites visited by individual IP's. I know Netgear ones used to do that.
Hope this helps.
Felicia KingCommented:
I have two large clients that have been having problems with various PCs tripping off the firewall policies for IP port scanning. Basically, when I look at the firewall logs, I see a bunch of https(443) and ICMP traffic that some, but not all, of the PCs are trying to send to (egress) one of the servers. It is not always the same akamai server.
Suffice to say that I have upped the default packet handling thresholds (doubled) the allowance and this has at least stopped the firewall from being so sensitive to it. However, the problem still exists. I haven't yet come up with a good way to block all
I have a central patch management strategy, so blocking it wouldn't be an issue in my mind unless it would block Microsoft Updates.
I have tested modifying the hosts file on one of the computers to route * to and have also tried just to The machine still gets replies from the public site on ping test. So trying to block it with the hosts file is not working.
I don't currently have http and https proxy turned on at the firewall and don't want to do that just to block this site.
All my clients use OpenDNS, so I may just try that. However, that is not going to stop the traffic from hitting the local firewall.
If anyone has any other ideas on this matter, I'd like to hear about them.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.