New Question

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

snmp traffic summary Cisco ASA firewall

Votes:

0

Your Vote:

Up

Down

Network manager is asking why there is a difference between live traffic counts on outside interface and inside and dmz interface. She believes the inside+dmz traffic counts should equal the outside traffic counts (inbound and outbound). She wants metrics on who is using Internet bandwidth. We are using snmp to monitor interface traffic. Is there a logical explanation for this? Are "denied" connections counted as traffic on the outside interface?

asa-firewall cisco snmp-traffic

Created on Apr 11, 2012 7:36:28 PM by gbennett (0) 1



4 Replies

Votes:

0

Your Vote:

Up

Down

Hello,

to see how is using internet bandwidth you would need to use Netflow for Traffic Monitoring, which is possible with an Cisco ASA.

best regards

Created on Apr 12, 2012 9:53:08 AM by Torsten Lindner [Paessler Support]



Votes:

0

Your Vote:

Up

Down

While Netflow will breakdown the type of traffic and SNMP does not, my experience has shown a large disparity in the total traffic indicated by each. And not just in the short term. 30 day period = 1.72:1, snmp is greater. 365 day period = 1.70:1, snmp is greater. I cannot find the reason for the disparity, and this, therefore, reduces the confidence factor in either, in my opinion. REF: https://kb.paessler.com/knowledgebase/en/topic/31573-prtg-netflow https://kb.paessler.com/knowledgebase/en/topic/12133-comparing-netflow-and-snmp-traffic-sensors

regards...

Created on Apr 12, 2012 11:44:06 PM by Scarabaeus (0) 1



Votes:

0

Your Vote:

Up

Down

Huge discrepancies between different "monitoring protocols" that should monitor the same are almost always configuration errors where then not the exact same is monitored. Of course Netflow and SNMP will likely never show 100% same values for the same interface and the same period of time, just simply probably due to the fact that the Netflow Packages do not account any traffic for themselves, while they are likely accounted in the SNMP Counters.

Created on Apr 13, 2012 1:34:22 PM by Torsten Lindner [Paessler Support]



Votes:

0

Your Vote:

Up

Down

The issue we are trying to resolve is only about snmp on a Cisco ASA 5550 firewall. For a given period of time, shouldn't the total traffic seen on the outside interface be the sum of the traffic seen on the inside and dmz interface? The totals never equal so trying to determine if dropped traffic via ACL will cause the unequal counts. For example denied traffic on the outside interface, does this count for SNMP traffic or does SNMP only count "allowed" traffic on outside interface? Same is true for inside traffic, if outbound ACL drops traffic is this still counted as SNMP traffic or is only what is allowed through counted in SNMP traffic?

Created on Apr 18, 2012 3:45:16 PM by gbennett (0) 1



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.