Traffic on untrust interface - problem

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Traffic on untrust interface - problem

L4 Transporter

I have a problem. I have 8Mb internet connections some of my servers are directly connected to internet (I have a switch connected to servers and PA200).

Every day throught untrust interface are made backups of this servers. So the traffic on untrust interface dramatically rise from few Mb to about 100Mbit during the time where backups are made.

Im looking for ability to exclude traffic from policy thats allow traffic from backup servers to servers thats are on untrust interface.

I made diagrams of traffic using PRTG tools using SNMP protocol.

Any other idea to solve my problem are also welcome.

With regards

SLawek

4 REPLIES 4

L6 Presenter

What do you mean by that you want to exclude traffic from policy?

What comes to mind is to setup QoS on your PA box to lower the priority of your backup traffic so production traffic will have it easier to function when the backups are being transmitted.

My traffic (during the day) looks like this.

2012-10-16_125546.png

But at night because of backup traffic the scale of vertical changing to 100Mbit and my traffic looks:

2012-10-16_125603.png

and I cant  see details of my real internet traffic.

I wouldn't count backup traffic on untrust interface- is it possible?

p.s. sorry for my bad english ...

Hi,

Looking at the primary requirement that you would like to see the real internet traffic and not see the traffic when backup takes place as this is causing to consume a lot of bandwidth.

> One method is to have a security rule for backup traffic for servers but do not log them( Each security policy has log at session end which can be disabled). This makes sure that the PA 200 inline will have logs only for real internet traffic and you can monitor it. But the fact is backup server traffic is flowing through the same untrust interface. If the monitoring is done by external device other than PAN then we have to make changes on that device not to see back up traffic.

Hope this makes sense.

As You sugested I unchecked Log on session start and log on session end - but it doesn't help.

Are you sure that traffic counting on interface is depended on logging by policy?

  • 2172 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!