bandwidth saturated, but by what or whom?

Hi All,
Recently each morning our internet line hits 50MB/s and everything webby grinds to a halt for about 3 hours. I suspected Outlook because it starts at approx 8AM, but this just doesn't ring true to be maxed out for 3 hours, although we are 150 ish Office 365 users? I've looked in the Dimension server and narrowed down the search to the time frame but it only has 8GB downloaded during that 3 hour interval. Also, looking into firewatch doesn't give me much idea either. I also have watchguard cloud, but that shows no alerts. What would be the best way to track my connections tomorrow morning? We only use the web gui by the way. My next idea is to wireshark but before I get to that I hope to use the firewall to pin point what or who is using all my bandwidth!
TIA
Stuart

Comments

  • edited October 2019

    "We only use the web gui"
    Then you are missing some tools which may point out the issue -
    WSM Firebox System Manager:
    . Service Watch will show you the policies which are using the most bandwidth in real time
    . HostWatch will show you the connections on the selected interface between internal hosts and to whatever they are connected. You can sort the list by any of the columns, including Bytes, Rate and Interface.

  • Also, are you using the proxy policies - such as HTTP, HTTPS & FTP, and if so, do you have "Enable logging for reports" selected on each ?
    If not, do so as that will give data to Dimension which may end up showing high use domains.
    Also in Dimension, you can select the time of interest: 8 - 11 AM - if you are not doing this already.

  • Looking at Firewatch and the interfaces at that time period should really narrow it down. I've seen activity like this before and then forgot some system was doing a large download or backup.

Sign In to comment.