how to count data traffic on a firewall
Hi,
One of my clients has a network that has a very poor internet performance (meaning the internet goes very slow).
I would like to see the internet traffic to determine whether the problem is situated with a saturated internet line or elsewhere. The problem is that the modem of the provider is inaccessible to me and the firewall behind it doesn't have a decent counter. Somebody suggested me of putting up a simple PC client between the firewall and the rest of the network and to install a software bandwidth monitor to see what goes through the internet line, but I never did this and don't know how to start with that. Or perhaps there is a better solution?
The network is basically setup like this:
ISP ADSL line > Cisco 800 ADSL modem/router > Netscreen firewall > switch
Best regards,
Stijn
One of my clients has a network that has a very poor internet performance (meaning the internet goes very slow).
I would like to see the internet traffic to determine whether the problem is situated with a saturated internet line or elsewhere. The problem is that the modem of the provider is inaccessible to me and the firewall behind it doesn't have a decent counter. Somebody suggested me of putting up a simple PC client between the firewall and the rest of the network and to install a software bandwidth monitor to see what goes through the internet line, but I never did this and don't know how to start with that. Or perhaps there is a better solution?
The network is basically setup like this:
ISP ADSL line > Cisco 800 ADSL modem/router > Netscreen firewall > switch
Best regards,
Stijn
ASKER
I don't think SNMP is available on their model of firewall. It's a Netscreen NS5GT, quite old (http://www.juniper.net/us/en/products-services/end-of-sale/ns5gt/).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK, to be honest, I'm not a firewall expert and so I never setup SNMP.
Any idea how I can activate this on a NS5GTS?
PRTG, nagios and pnp4nagios... are those applications that run on the firewall itself or that you install on a client (and thus feed themselves with data from the firewall through SNMP)?
Knipsel.JPG
Any idea how I can activate this on a NS5GTS?
PRTG, nagios and pnp4nagios... are those applications that run on the firewall itself or that you install on a client (and thus feed themselves with data from the firewall through SNMP)?
Knipsel.JPG
nagios is installed on a linux box, and pnp4nagios is a plugin. That would be something to tackle once you gain more experience. The easiest way is to follow this KB article from the juniper website:
http://kb.juniper.net/InfoCenter/index?page=content&id=Kb4714
then go to this site: http://www.paessler.com/prtg/ and download the free version. To configure monitoring once prtg is setup, just enter the ip address of the netscreen, and the snmp community you setup by following the KB article and you will be in business :)'
SNMP settings are in Configuration> Report Settings> SNMP
http://kb.juniper.net/InfoCenter/index?page=content&id=Kb4714
then go to this site: http://www.paessler.com/prtg/ and download the free version. To configure monitoring once prtg is setup, just enter the ip address of the netscreen, and the snmp community you setup by following the KB article and you will be in business :)'
SNMP settings are in Configuration> Report Settings> SNMP
ASKER
OK, I found SNMP under configuration > Reports > SNMP.
Guess that I need to add a new community.
Correct me if I'm wrong:
* host IP address is the address of the client on which I can install monitoring software such as PRTG, nagios and pnp4nagios?
* source interface should be the indication whether the host IP address is on the trusted or untrusted side of the firewall?
* is the community name important or can I choose whatever name that suits me well?
* the monitoring software will listen to the firewall on the ports that I set in the SNMP global settings?
Knipsel.JPG
Knipsel.JPG
Guess that I need to add a new community.
Correct me if I'm wrong:
* host IP address is the address of the client on which I can install monitoring software such as PRTG, nagios and pnp4nagios?
* source interface should be the indication whether the host IP address is on the trusted or untrusted side of the firewall?
* is the community name important or can I choose whatever name that suits me well?
* the monitoring software will listen to the firewall on the ports that I set in the SNMP global settings?
Knipsel.JPG
Knipsel.JPG
ASKER
our replies crossed each other :-)
Thanks for the KB, I'll try it out once I'm in the office this Friday.
Thanks for the KB, I'll try it out once I'm in the office this Friday.
Global settings i just put the system name.
Host ip is the ip of the workstation that will have the monitoring software. you can also do something like 192.168.1.0 255.255.255.0 so that all ip addresses 1-254 have permission to send snmp querys.
Source interface is the interface that the computer will send query from. you can actually leave this as "not specified" and as long as the computer can ping the ip of the juniper it will work.
Community name is the key. It is the value that goes in the monitoring software when setting it up to get the bandwidth. I use netscreen as a community name to test then set a more complex one for devices going into the field.
The software will listen on the ports on the global page, but i recommend leaving them at 161 and 162 which are the default SNMP ports used by most software and hardware.
Host ip is the ip of the workstation that will have the monitoring software. you can also do something like 192.168.1.0 255.255.255.0 so that all ip addresses 1-254 have permission to send snmp querys.
Source interface is the interface that the computer will send query from. you can actually leave this as "not specified" and as long as the computer can ping the ip of the juniper it will work.
Community name is the key. It is the value that goes in the monitoring software when setting it up to get the bandwidth. I use netscreen as a community name to test then set a more complex one for devices going into the field.
The software will listen on the ports on the global page, but i recommend leaving them at 161 and 162 which are the default SNMP ports used by most software and hardware.
once you setup your first device succesfully you will find it a breeze to use. most hardware from printers to routers, switches and even high end servers allow snmp monitoring. :)
ASKER
swift, accurate and elaborate answer. thanks!
ASKER
Just one more question: I try to install PRTG monitor on a laptop, but for some reason my connection to the firewall times out.
For the server, logically I fill in the IP address of the firewall.
For the port, I guess that should be 161 (no SSL)
For the username/pwd, do I have to fill in the username/pwd of the administrator on the firewall?
What's there to fill in for root?
Knipsel.JPG
For the server, logically I fill in the IP address of the firewall.
For the port, I guess that should be 161 (no SSL)
For the username/pwd, do I have to fill in the username/pwd of the administrator on the firewall?
What's there to fill in for root?
Knipsel.JPG
I havent seen that before in my current version of prtg. It looks like its a setting to connect to another PRTG server. i will install this version on my test box and let you know what the exact info to fill in should be in a few moments
looks like there is alot more monitoring options since i last installed PRTG. SO to get around the confusion heres a quick run through.
I added a device and left everything except the device name and ip address generic. then i went back to the home page and for the device i added a sensor.
click on Bandwidth monitoring from the list of sensor options
choose snmp traffic and let it auto detect the sensor settings.
I added a device and left everything except the device name and ip address generic. then i went back to the home page and for the device i added a sensor.
click on Bandwidth monitoring from the list of sensor options
choose snmp traffic and let it auto detect the sensor settings.
Between those two you can get all the information you want