Traffic data

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Traffic data

L0 Member

we are on 4.1.4, noticed some very odd traffic data from ACC.

1, some internal traffic happened at 9am - 930am, PA ACC showed it happened at 3pm afternoon.

2. about 35G data from one machine out to the facebook within one hour, but our connection is only 40M, shared with 300 people, I dont think it could send that kind amount data out?

wondering if anyone has the same 'issue'?

Thank you.

2 REPLIES 2

L3 Networker

Hello, The traffic logs are logged at end of the session. So the entry is logged only after the session was ended which could have taken some time (security policy -> last option 'option' -> Log at session end). Check if you have threat/av profile configured for that rule.

The same could be applicable for internal traffic however the difference seems to be high.

Still sounds odd...

If you maximize 40Mbit/s to transmit 35GB of data you need approx at least 2hours 5minutes or so do accomplish this.

Even if the PAN logs at session end then the session start for that session should still be correct wouldnt it?

Could it be some NTP who malfunctioned or such?

  • 1736 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!