Solved

how to count data traffic on a firewall

Posted on 2010-11-10
13
852 Views
Last Modified: 2012-05-10
Hi,

One of my clients has a network that has a very poor internet performance (meaning the internet goes very slow).
I would like to see the internet traffic to determine whether the problem is situated with a saturated internet line or elsewhere. The problem is that the modem of the provider is inaccessible to me and the firewall behind it doesn't have a decent counter. Somebody suggested me of putting up a simple PC client between the firewall and the rest of the network and to install a software bandwidth monitor to see what goes through the internet line, but I never did this and don't know how to start with that. Or perhaps there is a better solution?

The network is basically setup like this:

ISP ADSL line > Cisco 800 ADSL modem/router > Netscreen firewall > switch


Best regards,
Stijn
0
Comment
Question by:digital1stein
  • 7
  • 6
13 Comments
 
LVL 18

Expert Comment

by:Sanga Collins
Comment Utility
the netscreen firewall has an excellent counter. You can put counters on specific policies so that you can see what bandwidth is being used on a source/destination or protocol by protocol level. Also you can enable snmp on the netscreen and install PRTG traffic grapher (the free edition should be enough) This will give you interface bandwidth.

Between those two you can get all the information you want
0
 

Author Comment

by:digital1stein
Comment Utility
I don't think SNMP is available on their model of firewall. It's a Netscreen NS5GT, quite old (http://www.juniper.net/us/en/products-services/end-of-sale/ns5gt/).
0
 
LVL 18

Accepted Solution

by:
Sanga Collins earned 125 total points
Comment Utility
It definitely is available. I have about 40 ns5gts deployed in the field and they are all monitored using snmp. You can get really creative if you use nagios and pnp4nagios to graph bandwidth on interfaces, policies or rates of ping times.
Picture-1.png
0
 

Author Comment

by:digital1stein
Comment Utility
OK, to be honest, I'm not a firewall expert and so I never setup SNMP.

Any idea how I can activate this on a NS5GTS?

PRTG, nagios and pnp4nagios... are those applications that run on the firewall itself or that you install on a client (and thus feed themselves with data from the firewall through SNMP)?
Knipsel.JPG
0
 
LVL 18

Expert Comment

by:Sanga Collins
Comment Utility
nagios is installed on a linux box, and pnp4nagios is a plugin. That would be something to tackle once you gain more experience. The easiest way is to follow this KB article from the juniper website:
http://kb.juniper.net/InfoCenter/index?page=content&id=Kb4714

then go to this site: http://www.paessler.com/prtg/ and download the free version. To configure monitoring once prtg is setup, just enter the ip address of the netscreen, and the snmp community you setup by following the KB article and you will be in business :)'


SNMP settings are in Configuration> Report Settings> SNMP
0
 

Author Comment

by:digital1stein
Comment Utility
OK, I found SNMP under configuration > Reports > SNMP.
Guess that I need to add a new community.

Correct me if I'm wrong:
* host IP address is the address of the client on which I can install monitoring software such as PRTG, nagios and pnp4nagios?
* source interface should be the indication whether the host IP address is on the trusted or untrusted side of the firewall?
* is the community name important or can I choose whatever name that suits me well?
* the monitoring software will listen to the firewall on the ports that I set in the SNMP global settings?


Knipsel.JPG
Knipsel.JPG
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:digital1stein
Comment Utility
our replies crossed each other :-)
Thanks for the KB, I'll try it out once I'm in the office this Friday.
0
 
LVL 18

Expert Comment

by:Sanga Collins
Comment Utility
Global settings i just put the system name.

Host ip is the ip of the workstation that will have the monitoring software. you can also do something like 192.168.1.0 255.255.255.0 so that all ip addresses 1-254 have permission to send snmp querys.

Source interface is the interface that the computer will send query from. you can actually leave this as "not specified" and as long as the computer can ping the ip of the juniper it will work.

Community name is the key. It is the value that goes in the monitoring software when setting it up to get the bandwidth. I use netscreen as a community name to test then set a more complex one for devices going into the field.

The software will listen on the ports on the global page, but i recommend leaving them at 161 and 162 which are the default SNMP ports used by most software and hardware.
0
 
LVL 18

Expert Comment

by:Sanga Collins
Comment Utility
once you setup your first device succesfully you will find it a breeze to use. most hardware from printers to routers, switches and even high end servers allow snmp monitoring. :)
0
 

Author Closing Comment

by:digital1stein
Comment Utility
swift, accurate and elaborate answer. thanks!
0
 

Author Comment

by:digital1stein
Comment Utility
Just one more question: I try to install PRTG monitor on a laptop, but for some reason my connection to the firewall times out.

For the server, logically I fill in the IP address of the firewall.
For the port, I guess that should be 161 (no SSL)
For the username/pwd, do I have to fill in the username/pwd of the administrator on the firewall?
What's there to fill in for root?


Knipsel.JPG
0
 
LVL 18

Expert Comment

by:Sanga Collins
Comment Utility
I havent seen that before in my current version of prtg. It looks like its a setting to connect to another PRTG server. i will install this version on my test box and let you know what the exact info to fill in should be in a few moments
0
 
LVL 18

Expert Comment

by:Sanga Collins
Comment Utility
looks like there is alot more monitoring options since i last installed PRTG. SO to get around the confusion heres a quick run through.

I added a device and left everything except the device name and ip address generic. then i went back to the home page and for the device i added a sensor.

click on Bandwidth monitoring from the list of sensor options
choose snmp traffic and let it auto detect the sensor settings.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Many network operators, engineers, and administrators do not take several factors into consideration when troubleshooting network throughput and latency issues.  They often  measure the throughput by performing a measurement  by transferring a large…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now