08-02-2018 06:33 AM
How can we troubleshoot high transmit utilization or high utilization issue on interface?
we recieved alert from solarwind like below for our palo firewalls:
Summary: itsg_GSOC-XXXXX-Priority:-P3 ALERT: | Hostname | ip address | PA-3020 | serial number | 7.1.18 | 2 | 83 % High Transmit Percent Utilization
Description: Interface ethernet1/1 · Inside network for node hostname has a transmitted utilization of 83 % which is greater than the threshold of 80%.
or
Summary: itsg_GSOC-XXXX-Priority:-P3 ALERT: | Hostname | ip address | PA-500 | serial number | 7.1.9 | 2 | 84 % High Receive Percent Utilization
Description: Interface ethernet1/1 · INET_Untrust for node hostname has a received utilization of 84 % which is greater than the threshold of 80%.
08-03-2018 12:01 PM
Hello,
Do you have the NTA module for Solarwinds? If not then you cannot receive netflow from the PAN and see the top talkers, converstations, etc. You could try and use the traffic log to see if anyone is transferring large files. But ultimatly Netflow is your firend and should show you.
Regards,
08-03-2018 01:01 PM
As @OtakarKlier Netflow is really where you are going to get this identified without any guessing work. Logging, ACS, and pan(w)achrome can give you a rough estimate of who may be causing this, but it's hard to actively get a reliable answer with just traffic logging since you only get the begging and end information.
Really though I wouldn't be relying on SolarWinds to properly identify this, just because I've seen it be very wrong in the past. Look at the firewall itself and see if you actually have a utilization issue; if you do then setup netflow and figure out what exactly is causing it and whether you simply have a host passing lots of data or if you are actually pushing the limits of the 1-Gig interface on the firewall.
08-10-2018 05:19 AM
Thanks for your suggestions.
no, we dont have NTA module in solarwind.. would this provide source and destination information to identify who is consuming bandwidth? what are the thing we can check at palo alto level. one thing is we can montitor traffic based on the alert time which ip/user consuming bandwidth. also i know we can check which application consuming Bndwidth under ACC tab. but so far its not helping me to identify actual cause.
08-10-2018 06:14 AM
Hello,
Yes the NTA module will show you excatly what you are looking for. You can install it at no charge for 30 days as a free trail. Also the granularity has been hard set in the newest version and is as follows:
1 min for the first 60 minutes then 15 minute averages after that.
Also the newest version requires server 2016 and sql 2016 :(.
Good Luck!
08-10-2018 06:26 AM
There are other open-source (free) solutions that does exactly the same thing as NTA; however seeing as you already have SolarWinds that's probably the best path to go. Since you aren't getting what you need from the logs to see what's actually causing your utilization issues you'll need something that can actually receive the netflow info.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
