Figuring out IP of High Inbound Traffic

travis_tmbtravis_tmb
in Technical Discussion

Hello,

For the last few months, on different periods, we are seeing high amounts of inbound traffic which is causing disruptions on one of our circuits. I can see the high inbound received traffic on the watchguard but I am not able to find the source destination IP.

Can someone direct me to the best place to see that?

Thanks

Comments

  • Bruce_BriggsBruce_Briggs

    Web UI -> Dashboard -> Front Panel - shows Top Clients and Top Destinations.
    You can sort on the Bytes & Rate columns

    Web UI -> Dashboard -> FireWatch should show high source IP addrs. You can select Source or Interface (In) and select Connections to see a list with Bytes & Rates info

    WatchGuard System Manager (WSM) -> Firebox System Manager (FSM) -> HostWatch - select the External interface, then sort by the Bytes or Rates column to see the highest source IP addrs

  • james.carsonjames.carson Moderator, WatchGuard Representative

    In addition to what Bruce mentioned, Firewatch in the WebUI is a good place to look at connection specific traffic.

    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/system_status/firewatch_web.html

    The larger the square, the more bandwidth is being consumed by that process. Each square has buttons to allow you to filter down traffic based on what you're looking at.

    -James Carson
    WatchGuard Customer Support

  • travis_tmbtravis_tmb

    Okay thank you!

Sign In to comment.