Solved

Track High Bandwidth Usage Across VPN

Posted on 2012-03-19
2
1,002 Views
Last Modified: 2012-03-19
I'm looking for something to track what is using up bandwidth from some of our remote offices.  It's causing the entire site to bottleneck, with ~500ms reply times, for what normally should be ~50ms across high speed cable and dsl links.  I'm using all Sonicwall VPN appliances.  Thank you.
0
Comment
Question by:fireguy1125
2 Comments
 
LVL 2

Accepted Solution

by:
BigRMV earned 500 total points
ID: 37738540
The first thing I would suggest is to contact your broadband provider and find out if they have a tool that tracks usage, high usage periods, and can show you whether or not your line is reaching the saturation point.

As for SonicWALL, you should log into the unit's GUI as the administrator.  Then use the system diagnostics to see who/what is using the most bandwidth.  For example:

-- Log into the GUI
-- Click the SYSTEM tab on the left
-- Click the DIAGNOSTICS item
-- At the DIAGNOSTICS TOOL pull down menu, select ACTIVE CONNECTIONS MONITOR
-- By default, the options will be Protocol: ALL PROTOCOLS, Src Interface: ALL INTERFACES, and DST Interface: ALL INTERFACES.
-- At the top-right of the generated list, you'll see TX BYTES and RX BYTES. You can click those title bar items to sort highest to lowest or vice versa.
-- Click the EXPORT RESULTS button to save these results to a CSV file for future reference.

The first few "hogs" on your list should be your most active machines (Exchange servers, SQL servers, etc.).  After that are you most active users.

You can filter the Active Connections results further by changing the options.  On most SonicWALL devices, X0 will be your LAN, X1 will be the WAN, and X2 and beyond will be VPNs DMZs and so on.

With these givens, you can track inbound VPN usage by selecting Protocol: ALL PROTOCOLS, Src Interface: X2, and Dst Interface: X0.  You can find outbound by switching the Src and Dst interface options.  (see attached).  Export these results for future reference, too.

Note that you can also choose the LOG tab to view your activity log.  Check this to make sure that you're not being attacked or if you think that one of your users' activities could be the root of your problems.

This can become a lengthy process because you have to do all of the checking/reviewing to try to isolate the cause.  So you'll have to be familiar with your system, the IP addresses in use, the protocols you allow or don't, and how much traffic you should expect from each versus what you see in these results in order to find any meaningful patterns.
0
 
LVL 1

Author Closing Comment

by:fireguy1125
ID: 37738562
Perfect, I saw that several PCs were pulling new antivirus definitions from the parent server over the VPN connection! Thanks!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question