https://live.paloaltonetworks.com/t5/general-topics/traffic-on-untrust-interface-problem/m-p/9603#M7037 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Looking at the primary requirement that you would like to see the real internet traffic and not see the traffic when backup takes place as this is causing to consume a lot of bandwidth.</P><P>&gt; One method is to have a security rule for backup traffic for servers but do not log them( Each security policy has log at session end which can be disabled). This makes sure that the PA 200 inline will have logs only for real internet traffic and you can monitor it. But the fact is backup server traffic is flowing through the same untrust interface. If the monitoring is done by external device other than PAN then we have to make changes on that device not to see back up traffic.</P><P>Hope this makes sense.</P></BODY></HTML> Tue, 16 Oct 2012 12:47:50 GMT Phoenix 2012-10-16T12:47:50Z https://live.paloaltonetworks.com/t5/general-topics/traffic-on-untrust-interface-problem/m-p/9600#M7034 <HTML><HEAD></HEAD><BODY><P>I have a problem. I have 8Mb internet connections some of my servers are directly connected to internet (I have a switch connected to servers and PA200).</P><P>Every day throught untrust interface are made backups of this servers. So the traffic on untrust interface dramatically rise from few Mb to about 100Mbit during the time where backups are made.</P><P></P><P>Im looking for ability to exclude traffic from policy thats allow traffic from backup servers to servers thats are on untrust interface.</P><P>I made diagrams of traffic using PRTG tools using SNMP protocol.</P><P>Any other idea to solve my problem are also welcome.</P><P></P><P>With regards</P><P>SLawek</P></BODY></HTML> Fri, 12 Oct 2012 13:31:44 GMT https://live.paloaltonetworks.com/t5/general-topics/traffic-on-untrust-interface-problem/m-p/9600#M7034 _slv_ 2012-10-12T13:31:44Z https://live.paloaltonetworks.com/t5/general-topics/traffic-on-untrust-interface-problem/m-p/9601#M7035 <HTML><HEAD></HEAD><BODY><P>What do you mean by that you want to exclude traffic from policy?</P><P></P><P>What comes to mind is to setup QoS on your PA box to lower the priority of your backup traffic so production traffic will have it easier to function when the backups are being transmitted.</P></BODY></HTML> Tue, 16 Oct 2012 03:12:53 GMT https://live.paloaltonetworks.com/t5/general-topics/traffic-on-untrust-interface-problem/m-p/9601#M7035 mikand 2012-10-16T03:12:53Z https://live.paloaltonetworks.com/t5/general-topics/traffic-on-untrust-interface-problem/m-p/9602#M7036 <HTML><HEAD></HEAD><BODY><P>My traffic (during the day) looks like this.</P><P> <IMG alt="2012-10-16_125546.png" class="jive-image-thumbnail jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/4511_2012-10-16_125546.png" width="450" /></P><P>But at night because of backup traffic the scale of vertical changing to 100Mbit and my traffic looks:</P><P><IMG alt="2012-10-16_125603.png" class="jive-image-thumbnail jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/4513_2012-10-16_125603.png" width="450" /></P><P>and I cant&nbsp; see details of my real internet traffic.</P><P>I wouldn't count backup traffic on untrust interface- is it possible?</P><P></P><P>p.s. sorry for my bad english ...</P></BODY></HTML> Tue, 16 Oct 2012 11:04:33 GMT https://live.paloaltonetworks.com/t5/general-topics/traffic-on-untrust-interface-problem/m-p/9602#M7036 _slv_ 2012-10-16T11:04:33Z https://live.paloaltonetworks.com/t5/general-topics/traffic-on-untrust-interface-problem/m-p/9603#M7037 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Looking at the primary requirement that you would like to see the real internet traffic and not see the traffic when backup takes place as this is causing to consume a lot of bandwidth.</P><P>&gt; One method is to have a security rule for backup traffic for servers but do not log them( Each security policy has log at session end which can be disabled). This makes sure that the PA 200 inline will have logs only for real internet traffic and you can monitor it. But the fact is backup server traffic is flowing through the same untrust interface. If the monitoring is done by external device other than PAN then we have to make changes on that device not to see back up traffic.</P><P>Hope this makes sense.</P></BODY></HTML> Tue, 16 Oct 2012 12:47:50 GMT https://live.paloaltonetworks.com/t5/general-topics/traffic-on-untrust-interface-problem/m-p/9603#M7037 Phoenix 2012-10-16T12:47:50Z https://live.paloaltonetworks.com/t5/general-topics/traffic-on-untrust-interface-problem/m-p/9604#M7038 <HTML><HEAD></HEAD><BODY><P>As You sugested I unchecked Log on session start and log on session end - but it doesn't help.</P><P></P><P>Are you sure that traffic counting on interface is depended on logging by policy?</P></BODY></HTML> Mon, 12 Nov 2012 10:12:54 GMT https://live.paloaltonetworks.com/t5/general-topics/traffic-on-untrust-interface-problem/m-p/9604#M7038 _slv_ 2012-11-12T10:12:54Z