Network manager is asking why there is a difference between live traffic counts on outside interface and inside and dmz interface. She believes the inside+dmz traffic counts should equal the outside traffic counts (inbound and outbound). She wants metrics on who is using Internet bandwidth. We are using snmp to monitor interface traffic. Is there a logical explanation for this? Are "denied" connections counted as traffic on the outside interface?