Screen OS

Hi,

I have a SSG140 firewall and I would like to know a method by wich I can find out the IPs(hosts) in my internal network that are consuming Internet bandwidth.

Is there a way to find it in real time? Is there a way to create a NSM report for it? Where can I find an example?

Thank you for your answers.

TCP.

Hi,

There is no such feature available on SSG to find out which IPs are consuming Internet BW.

Regards,

Sarab

Hello.

Unfortunately, ScreenOS has no netflow.  Your best bet will be to parse the syslog traffic logs, which includes bytes sent/received for each session.

I believe you posted a question on how to do this in NSM... i believe that would be easiest (or splunk...)

One thing to keep in mind is that the bytes sent/received are only recorded when a session is closed.  So if there is a long lasting session that lasts for days... these won't be reflected in the report.

Hope this helps.

Regards,

Sam

Hi,

Thank you for your answer it helped me a lot.

By the way the Log on Session-init is necessary for this or not.

Regards.

Hello.

No, session-init is not a requirement.

session-close also has a field showing the 'elapsed' time, so if needed, you can backtrack how long the session was active.

Hope this helps.

Regards,

Sam