Solved

how to count data traffic on a firewall

Posted on 2010-11-10
13
854 Views
Last Modified: 2012-05-10
Hi,

One of my clients has a network that has a very poor internet performance (meaning the internet goes very slow).
I would like to see the internet traffic to determine whether the problem is situated with a saturated internet line or elsewhere. The problem is that the modem of the provider is inaccessible to me and the firewall behind it doesn't have a decent counter. Somebody suggested me of putting up a simple PC client between the firewall and the rest of the network and to install a software bandwidth monitor to see what goes through the internet line, but I never did this and don't know how to start with that. Or perhaps there is a better solution?

The network is basically setup like this:

ISP ADSL line > Cisco 800 ADSL modem/router > Netscreen firewall > switch


Best regards,
Stijn
0
Comment
Question by:digital1stein
  • 7
  • 6
13 Comments
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 34102796
the netscreen firewall has an excellent counter. You can put counters on specific policies so that you can see what bandwidth is being used on a source/destination or protocol by protocol level. Also you can enable snmp on the netscreen and install PRTG traffic grapher (the free edition should be enough) This will give you interface bandwidth.

Between those two you can get all the information you want
0
 

Author Comment

by:digital1stein
ID: 34106206
I don't think SNMP is available on their model of firewall. It's a Netscreen NS5GT, quite old (http://www.juniper.net/us/en/products-services/end-of-sale/ns5gt/).
0
 
LVL 18

Accepted Solution

by:
Sanga Collins earned 125 total points
ID: 34106962
It definitely is available. I have about 40 ns5gts deployed in the field and they are all monitored using snmp. You can get really creative if you use nagios and pnp4nagios to graph bandwidth on interfaces, policies or rates of ping times.
Picture-1.png
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:digital1stein
ID: 34107041
OK, to be honest, I'm not a firewall expert and so I never setup SNMP.

Any idea how I can activate this on a NS5GTS?

PRTG, nagios and pnp4nagios... are those applications that run on the firewall itself or that you install on a client (and thus feed themselves with data from the firewall through SNMP)?
Knipsel.JPG
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 34107145
nagios is installed on a linux box, and pnp4nagios is a plugin. That would be something to tackle once you gain more experience. The easiest way is to follow this KB article from the juniper website:
http://kb.juniper.net/InfoCenter/index?page=content&id=Kb4714

then go to this site: http://www.paessler.com/prtg/ and download the free version. To configure monitoring once prtg is setup, just enter the ip address of the netscreen, and the snmp community you setup by following the KB article and you will be in business :)'


SNMP settings are in Configuration> Report Settings> SNMP
0
 

Author Comment

by:digital1stein
ID: 34107147
OK, I found SNMP under configuration > Reports > SNMP.
Guess that I need to add a new community.

Correct me if I'm wrong:
* host IP address is the address of the client on which I can install monitoring software such as PRTG, nagios and pnp4nagios?
* source interface should be the indication whether the host IP address is on the trusted or untrusted side of the firewall?
* is the community name important or can I choose whatever name that suits me well?
* the monitoring software will listen to the firewall on the ports that I set in the SNMP global settings?


Knipsel.JPG
Knipsel.JPG
0
 

Author Comment

by:digital1stein
ID: 34107177
our replies crossed each other :-)
Thanks for the KB, I'll try it out once I'm in the office this Friday.
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 34107222
Global settings i just put the system name.

Host ip is the ip of the workstation that will have the monitoring software. you can also do something like 192.168.1.0 255.255.255.0 so that all ip addresses 1-254 have permission to send snmp querys.

Source interface is the interface that the computer will send query from. you can actually leave this as "not specified" and as long as the computer can ping the ip of the juniper it will work.

Community name is the key. It is the value that goes in the monitoring software when setting it up to get the bandwidth. I use netscreen as a community name to test then set a more complex one for devices going into the field.

The software will listen on the ports on the global page, but i recommend leaving them at 161 and 162 which are the default SNMP ports used by most software and hardware.
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 34107226
once you setup your first device succesfully you will find it a breeze to use. most hardware from printers to routers, switches and even high end servers allow snmp monitoring. :)
0
 

Author Closing Comment

by:digital1stein
ID: 34116539
swift, accurate and elaborate answer. thanks!
0
 

Author Comment

by:digital1stein
ID: 34119774
Just one more question: I try to install PRTG monitor on a laptop, but for some reason my connection to the firewall times out.

For the server, logically I fill in the IP address of the firewall.
For the port, I guess that should be 161 (no SSL)
For the username/pwd, do I have to fill in the username/pwd of the administrator on the firewall?
What's there to fill in for root?


Knipsel.JPG
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 34120589
I havent seen that before in my current version of prtg. It looks like its a setting to connect to another PRTG server. i will install this version on my test box and let you know what the exact info to fill in should be in a few moments
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 34121245
looks like there is alot more monitoring options since i last installed PRTG. SO to get around the confusion heres a quick run through.

I added a device and left everything except the device name and ip address generic. then i went back to the home page and for the device i added a sensor.

click on Bandwidth monitoring from the list of sensor options
choose snmp traffic and let it auto detect the sensor settings.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Large and small networks have one same need, Service monitoring. Service monitoring consists of watch services of the several servers in the network. To monitor means that the administrator will receive an alert when a service is down or it's state …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question