how to count data traffic on a firewall

Hi,

One of my clients has a network that has a very poor internet performance (meaning the internet goes very slow).
I would like to see the internet traffic to determine whether the problem is situated with a saturated internet line or elsewhere. The problem is that the modem of the provider is inaccessible to me and the firewall behind it doesn't have a decent counter. Somebody suggested me of putting up a simple PC client between the firewall and the rest of the network and to install a software bandwidth monitor to see what goes through the internet line, but I never did this and don't know how to start with that. Or perhaps there is a better solution?

The network is basically setup like this:

ISP ADSL line > Cisco 800 ADSL modem/router > Netscreen firewall > switch


Best regards,
Stijn
digital1steinAsked:
Who is Participating?
 
Sanga CollinsConnect With a Mentor Systems AdminCommented:
It definitely is available. I have about 40 ns5gts deployed in the field and they are all monitored using snmp. You can get really creative if you use nagios and pnp4nagios to graph bandwidth on interfaces, policies or rates of ping times.
Picture-1.png
0
 
Sanga CollinsSystems AdminCommented:
the netscreen firewall has an excellent counter. You can put counters on specific policies so that you can see what bandwidth is being used on a source/destination or protocol by protocol level. Also you can enable snmp on the netscreen and install PRTG traffic grapher (the free edition should be enough) This will give you interface bandwidth.

Between those two you can get all the information you want
0
 
digital1steinAuthor Commented:
I don't think SNMP is available on their model of firewall. It's a Netscreen NS5GT, quite old (http://www.juniper.net/us/en/products-services/end-of-sale/ns5gt/).
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
digital1steinAuthor Commented:
OK, to be honest, I'm not a firewall expert and so I never setup SNMP.

Any idea how I can activate this on a NS5GTS?

PRTG, nagios and pnp4nagios... are those applications that run on the firewall itself or that you install on a client (and thus feed themselves with data from the firewall through SNMP)?
Knipsel.JPG
0
 
Sanga CollinsSystems AdminCommented:
nagios is installed on a linux box, and pnp4nagios is a plugin. That would be something to tackle once you gain more experience. The easiest way is to follow this KB article from the juniper website:
http://kb.juniper.net/InfoCenter/index?page=content&id=Kb4714

then go to this site: http://www.paessler.com/prtg/ and download the free version. To configure monitoring once prtg is setup, just enter the ip address of the netscreen, and the snmp community you setup by following the KB article and you will be in business :)'


SNMP settings are in Configuration> Report Settings> SNMP
0
 
digital1steinAuthor Commented:
OK, I found SNMP under configuration > Reports > SNMP.
Guess that I need to add a new community.

Correct me if I'm wrong:
* host IP address is the address of the client on which I can install monitoring software such as PRTG, nagios and pnp4nagios?
* source interface should be the indication whether the host IP address is on the trusted or untrusted side of the firewall?
* is the community name important or can I choose whatever name that suits me well?
* the monitoring software will listen to the firewall on the ports that I set in the SNMP global settings?


Knipsel.JPG
Knipsel.JPG
0
 
digital1steinAuthor Commented:
our replies crossed each other :-)
Thanks for the KB, I'll try it out once I'm in the office this Friday.
0
 
Sanga CollinsSystems AdminCommented:
Global settings i just put the system name.

Host ip is the ip of the workstation that will have the monitoring software. you can also do something like 192.168.1.0 255.255.255.0 so that all ip addresses 1-254 have permission to send snmp querys.

Source interface is the interface that the computer will send query from. you can actually leave this as "not specified" and as long as the computer can ping the ip of the juniper it will work.

Community name is the key. It is the value that goes in the monitoring software when setting it up to get the bandwidth. I use netscreen as a community name to test then set a more complex one for devices going into the field.

The software will listen on the ports on the global page, but i recommend leaving them at 161 and 162 which are the default SNMP ports used by most software and hardware.
0
 
Sanga CollinsSystems AdminCommented:
once you setup your first device succesfully you will find it a breeze to use. most hardware from printers to routers, switches and even high end servers allow snmp monitoring. :)
0
 
digital1steinAuthor Commented:
swift, accurate and elaborate answer. thanks!
0
 
digital1steinAuthor Commented:
Just one more question: I try to install PRTG monitor on a laptop, but for some reason my connection to the firewall times out.

For the server, logically I fill in the IP address of the firewall.
For the port, I guess that should be 161 (no SSL)
For the username/pwd, do I have to fill in the username/pwd of the administrator on the firewall?
What's there to fill in for root?


Knipsel.JPG
0
 
Sanga CollinsSystems AdminCommented:
I havent seen that before in my current version of prtg. It looks like its a setting to connect to another PRTG server. i will install this version on my test box and let you know what the exact info to fill in should be in a few moments
0
 
Sanga CollinsSystems AdminCommented:
looks like there is alot more monitoring options since i last installed PRTG. SO to get around the confusion heres a quick run through.

I added a device and left everything except the device name and ip address generic. then i went back to the home page and for the device i added a sensor.

click on Bandwidth monitoring from the list of sensor options
choose snmp traffic and let it auto detect the sensor settings.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.