Solved

Track High Bandwidth Usage Across VPN

Posted on 2012-03-19
2
988 Views
Last Modified: 2012-03-19
I'm looking for something to track what is using up bandwidth from some of our remote offices.  It's causing the entire site to bottleneck, with ~500ms reply times, for what normally should be ~50ms across high speed cable and dsl links.  I'm using all Sonicwall VPN appliances.  Thank you.
0
Comment
Question by:fireguy1125
2 Comments
 
LVL 2

Accepted Solution

by:
BigRMV earned 500 total points
Comment Utility
The first thing I would suggest is to contact your broadband provider and find out if they have a tool that tracks usage, high usage periods, and can show you whether or not your line is reaching the saturation point.

As for SonicWALL, you should log into the unit's GUI as the administrator.  Then use the system diagnostics to see who/what is using the most bandwidth.  For example:

-- Log into the GUI
-- Click the SYSTEM tab on the left
-- Click the DIAGNOSTICS item
-- At the DIAGNOSTICS TOOL pull down menu, select ACTIVE CONNECTIONS MONITOR
-- By default, the options will be Protocol: ALL PROTOCOLS, Src Interface: ALL INTERFACES, and DST Interface: ALL INTERFACES.
-- At the top-right of the generated list, you'll see TX BYTES and RX BYTES. You can click those title bar items to sort highest to lowest or vice versa.
-- Click the EXPORT RESULTS button to save these results to a CSV file for future reference.

The first few "hogs" on your list should be your most active machines (Exchange servers, SQL servers, etc.).  After that are you most active users.

You can filter the Active Connections results further by changing the options.  On most SonicWALL devices, X0 will be your LAN, X1 will be the WAN, and X2 and beyond will be VPNs DMZs and so on.

With these givens, you can track inbound VPN usage by selecting Protocol: ALL PROTOCOLS, Src Interface: X2, and Dst Interface: X0.  You can find outbound by switching the Src and Dst interface options.  (see attached).  Export these results for future reference, too.

Note that you can also choose the LOG tab to view your activity log.  Check this to make sure that you're not being attacked or if you think that one of your users' activities could be the root of your problems.

This can become a lengthy process because you have to do all of the checking/reviewing to try to isolate the cause.  So you'll have to be familiar with your system, the IP addresses in use, the protocols you allow or don't, and how much traffic you should expect from each versus what you see in these results in order to find any meaningful patterns.
0
 
LVL 1

Author Closing Comment

by:fireguy1125
Comment Utility
Perfect, I saw that several PCs were pulling new antivirus definitions from the parent server over the VPN connection! Thanks!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now