Track High Bandwidth Usage Across VPN

I'm looking for something to track what is using up bandwidth from some of our remote offices.  It's causing the entire site to bottleneck, with ~500ms reply times, for what normally should be ~50ms across high speed cable and dsl links.  I'm using all Sonicwall VPN appliances.  Thank you.
LVL 1
fireguy1125Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BigRMVCommented:
The first thing I would suggest is to contact your broadband provider and find out if they have a tool that tracks usage, high usage periods, and can show you whether or not your line is reaching the saturation point.

As for SonicWALL, you should log into the unit's GUI as the administrator.  Then use the system diagnostics to see who/what is using the most bandwidth.  For example:

-- Log into the GUI
-- Click the SYSTEM tab on the left
-- Click the DIAGNOSTICS item
-- At the DIAGNOSTICS TOOL pull down menu, select ACTIVE CONNECTIONS MONITOR
-- By default, the options will be Protocol: ALL PROTOCOLS, Src Interface: ALL INTERFACES, and DST Interface: ALL INTERFACES.
-- At the top-right of the generated list, you'll see TX BYTES and RX BYTES. You can click those title bar items to sort highest to lowest or vice versa.
-- Click the EXPORT RESULTS button to save these results to a CSV file for future reference.

The first few "hogs" on your list should be your most active machines (Exchange servers, SQL servers, etc.).  After that are you most active users.

You can filter the Active Connections results further by changing the options.  On most SonicWALL devices, X0 will be your LAN, X1 will be the WAN, and X2 and beyond will be VPNs DMZs and so on.

With these givens, you can track inbound VPN usage by selecting Protocol: ALL PROTOCOLS, Src Interface: X2, and Dst Interface: X0.  You can find outbound by switching the Src and Dst interface options.  (see attached).  Export these results for future reference, too.

Note that you can also choose the LOG tab to view your activity log.  Check this to make sure that you're not being attacked or if you think that one of your users' activities could be the root of your problems.

This can become a lengthy process because you have to do all of the checking/reviewing to try to isolate the cause.  So you'll have to be familiar with your system, the IP addresses in use, the protocols you allow or don't, and how much traffic you should expect from each versus what you see in these results in order to find any meaningful patterns.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
fireguy1125Author Commented:
Perfect, I saw that several PCs were pulling new antivirus definitions from the parent server over the VPN connection! Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.