Real-time throughput info
cancel
Showing results for 
Search instead for 
Did you mean: 

Real-time throughput info

L1 Bithead

Hello,

We recently transitioned from a Checkpoint NG to a Palo Alto 4020 and I'm in the process of learning the new interface and management capabilities of the PA.  When we were using the Checkpoint NG I frequently used Checkpoint Monitor to view the Top 10 Sessions when our Internet bandwidth was being gobbled up... it had a live line graph that updated every couple of seconds and showed who was currently using the most bandwidth and how much they were using.  I've looked through the PA GUI but haven't found anything that provides me with this type of real-time information... I also looked at the CLI but need something more visual.  Does anyone know if the PA GUI has what I'm looking for... and where it is?

Thanks in advance for your help!

-Dave

7 REPLIES 7

L6 Presenter

Hi,

How about using the ACC(Application Command Center) per the attached screen shot. In this instance, I set a filter for a specific IP with a time frame of the last 15 minutes which can be customized to fit your needs as well. This example provides the top applications in addition to the top destinations which includes Bytes and Sessions. Hope this helps.

Thanks,

Renato

Just wanted to add that you may also filter by source zone. I've attached a screen shot of that as well.

Thanks,

Renato

Not applicable

Unfortunately there isn't too many real-time tools int the GUI. Even when we have the Smartmonitor in Checkpoint, we tend to use our netflow monitoring, combined with firewall logs to pinpoint offenders.

I'm thinking we could do something near realtime with a combination of log exports and Splunk. If I am successful, i'll post back.

L4 Transporter

The closest I've found is show system statistics in the CLI and under the Monitor tab, using the App Scope reports.

Not real time, but good enough to find the people moving large ammounts of traffic.

L3 Networker

Im not sure if this would be helpful to you Dave but you might take a look at the Quality of Service and use it with what rkalugdan stated in his post There is a link to it from the Supports portal page.

I was able to find the url for you.

https://live.paloaltonetworks.com/docs/DOC-1162

L1 Bithead

Thanks for the replies everyone... I believe I will end up using a little bit of everything that was recommended.  I should be able to isolate offenders fairly quickly with ACC filtering... and was already planning on setting up QOS so that should help control traffic as well.  I did find something similar to what I was looking for in the QOS config... once QOS is enabled on an interface you can go to Network-QOS and click on Statistics next to an interface... there you can find more detailed info on Bandwidth, Applications, Users, Rules.  I just wish Applications, Users, and Rules sections had the same type of running chart that the Bandwidth section does.

Thanks again for all the help!

-Dave

Thanks,

I am so happy for this article.

I did this with Version 4 and now I have Statistical graphs of Total  Bandwidth by Applications, Users and Rules. For the active graphs go to  NETWORK/Qos tab and select "Statistics" next to the interface the QoS  profile activated on the specific interface.

Photo attached of Statistics page.

I love Palo Alto!!!!!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!