cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Bandwidth Monitoring of Specific Interface?

Is there a view where I can monitor the throughput traffic/bandwidth of an interface in real time, as well as over a defined period?  I'm coming from the SonicWALL world and was looking to see if there is similar functionality.  Also, is there a way to pull a report that has the bandwidth usage for a specific interface for a specific time period?  Thanks for looking.

0 Kudos
9 Replies
Admin
Admin

Re: Bandwidth Monitoring of Specific Interface?

You can create a report for this in SmartView Monitor.

In R77.30 and earlier, there is an icon to launch the SmartView Monitor GUI installed with SmartDashboard, etc.

In R80+: 

  • Open SmartConsole > Logs & Monitor.
  • Open the catalog (new tab).
  • Click Tunnel & User Monitoring.

See also: Logging and Monitoring R80.10 (Part of Check Point Infinity) 

Re: Bandwidth Monitoring of Specific Interface?

Appreciate the quick reply Dameon!  That is exactly what I was looking for.  I will have to mess around with some of the settings here, but I believe I'll be able to create the view I need.

0 Kudos
Employee
Employee

Re: Bandwidth Monitoring of Specific Interface?

There is a very nice command name: 

cpmonitor - it will show you in pick time useful information like top sources, ports, packets rates, destination, services and more. It's a build in command so you basically need to run it. 

Example: 

Suppose you want to monitor eth1: 

First 

tcpdump -nni eth1 -w ~admin/eth1snif

Let it run for a 30 seconds , then stop the tcpdump and make sure file was created. ( only see it created, you won't see the content as its tcpdump output and can be seen in wireshark or cpmonitor) 

Note - you can change the tcpdump output to monitor all interface with the flag "any" but be carful with that. 

Lastly, run: 

cpmonitor ~admin/eth1snif 

You will find there useful information regarding possible outage .... 


Good luck and good decision for migrating SonicWall 🙂 

Re: Bandwidth Monitoring of Specific Interface?

Thank you Daniel.  Now this is very interesting... I will try this method as well.  Would it be advisable to run tcpdump for an extended period of time?  Say 8 hours?  I'm really interested in reporting on specific dates and times.  If there is anyway this could be scheduled, that would be a plus.

0 Kudos
Employee
Employee

Re: Bandwidth Monitoring of Specific Interface?

Hey Nick, 

I wouldn't use tcpdump for such amount of time as it can be nasty especially when you run it in flag "any".

Instead, I would use another extremely useful CP tool name:

cpview

first learn how to use it, it straight forward and then use it with the "-t" option to see history activity. 

so for example if you would like to see today activity at 06:00 , you will use :

cpview -t  06:00 

then, go to network - under that, you can see info like Traffic, Interfaces, Top procols and Top Connections. 

The same thing you can find history lets say for the day before: 

and to sample each minute, use the "+" and "-" key 

good luck 

Re: Bandwidth Monitoring of Specific Interface?

Here is a screenshot of the cpview screen Daniel is talking about, very handy both in real-time and historical.  Was using it just this week...

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

Re: Bandwidth Monitoring of Specific Interface?

How do you use to view top connections for a particular time period  using cpview.I do find real time data for top connections . Any idea how to get the historical data w.r.t top connections .

Also any way to find out if any blades are causing the spike

0 Kudos

Re: Bandwidth Monitoring of Specific Interface?

What a great feature, thanks for sharing.  It works great in R80.10 (but in R77.30 it errors with missing shared libraries).

0 Kudos
Employee
Employee

Re: Bandwidth Monitoring of Specific Interface?

Hey Nick, 

Here is more options to obtain some of the insight you're looking for with historical data.  

Using the documentation: Logging and Monitoring R80.10 (Part of Check Point Infinity) 

Read up more in the "traffic or system counters solution" section

To run a Traffic or System Counters view:

  1. In the SmartView Monitor client, select the Traffic or System Counter branch in the Tree View.
  2. Double-click the Traffic or System Counter view that you want to run.

A list of available gateways shows.

  1. Select the gateway for which you want to run the selected Traffic or System Counter view.
  2. Click OK.

The results of the selected view show in the SmartView Monitor client.

 

Recording a Traffic or Counter View

You can save a record of the Traffic or System Counter view results.

To record a traffic or counter view:

  1. Run the Traffic or System Counters view.
  2. Select the Traffic menu.
  3. Select Recording > Record.

A Save As window shows.

  1. Name the record.
  2. Save it in the related directory.
  3. Click Save.

The word Recording shows below the Traffic or Counter toolbar. The appearance of this word signifies that the view currently running is recorded and saved.

  1. To stop recording, open the Traffic menu and select Recording > Stop.

A record of the view results is saved in the directory you selected in step 3 above.

 

Play the Results of a Recorded Traffic or Counter View

After you record a view, you can play it back. You can select Play or Fast Play, to see results change faster.

To play the results:

  1. In the SmartView Monitor client, select Traffic > Recording > Play.

The Select Recorded File window shows.

  1. Access the directory in which the recorded file is kept and select the related record.
  2. Click Open.

The results of the selected recorded view start to run. The word Playing shows below the toolbar.

 

Pause or Stop the Results of a Recorded View that is Playing

  • To pause the record select Traffic > Recording > Pause.
  • Click Recording > Play to resume to play the Traffic or Counter view results recorded before.
  • To stop the record select Traffic > Recording > Stop.

Pg 96

To creating a custom traffic view:

  1. In the Tree, right-click Custom and select New Traffic View.

The Query Properties window opens.

  1. Select History or Real Time.
  2. If you select Real Time, select what you want to see:
  • Interfaces
  • Services
  • IPs / Network Objects
  • QoS Rules
  • Security Rules
  • Connections
  • Tunnels
  • Virtual Links
  • Packet Size Distribution
  1. Select the Target gateway.
  • If you often need results for on gateway, select it in Specific Gateway.
  • If you have a small number of gateways, you can create a custom view for each one.
  • If not, select Prompt for Gateway before run.
  1. Open the next tabs.

The tabs that show depend on the Query Type you selected.

  • If you select History, the next tab is Traffic History, where you select the Time Frame and type of report.
  • If you select Real Time, the next tabs let you set services or objects to monitor, gateways or specified IP addresses to monitor, update interval, result type, and chart settings.
  1. Click Save.
  2. Right-click the new Custom view and select Rename.
  3. Enter a name for the view.