- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Is there a view where I can monitor the throughput traffic/bandwidth of an interface in real time, as well as over a defined period? I'm coming from the SonicWALL world and was looking to see if there is similar functionality. Also, is there a way to pull a report that has the bandwidth usage for a specific interface for a specific time period? Thanks for looking.
You can create a report for this in SmartView Monitor.
In R77.30 and earlier, there is an icon to launch the SmartView Monitor GUI installed with SmartDashboard, etc.
In R80+:
See also: Logging and Monitoring R80.10 (Part of Check Point Infinity)
Appreciate the quick reply Dameon! That is exactly what I was looking for. I will have to mess around with some of the settings here, but I believe I'll be able to create the view I need.
Hi @PhoneBoy , thanks for this. Sorry to revive this old thread, and I will start one if needed. This is related with the OP questions though and with SmartView Monitor.
Is it possible to still search by "History" and still have it provide "Interfaces" as an option? What I am trying to do is get a 30 day report of how much Mbps is going through Eth1.
My other option so far is looking at DiagnosticsViewer, but that is going to be a different thread.
Thank you!
Seems like it should be possible.
That said, you might want to start that separate thread about DiagnosticsViewer.
There is a very nice command name:
cpmonitor - it will show you in pick time useful information like top sources, ports, packets rates, destination, services and more. It's a build in command so you basically need to run it.
Example:
Suppose you want to monitor eth1:
First
tcpdump -nni eth1 -w ~admin/eth1snif
Let it run for a 30 seconds , then stop the tcpdump and make sure file was created. ( only see it created, you won't see the content as its tcpdump output and can be seen in wireshark or cpmonitor)
Note - you can change the tcpdump output to monitor all interface with the flag "any" but be carful with that.
Lastly, run:
cpmonitor ~admin/eth1snif
You will find there useful information regarding possible outage ....
Good luck and good decision for migrating SonicWall 🙂
Thank you Daniel. Now this is very interesting... I will try this method as well. Would it be advisable to run tcpdump for an extended period of time? Say 8 hours? I'm really interested in reporting on specific dates and times. If there is anyway this could be scheduled, that would be a plus.
Hey Nick,
I wouldn't use tcpdump for such amount of time as it can be nasty especially when you run it in flag "any".
Instead, I would use another extremely useful CP tool name:
cpview
first learn how to use it, it straight forward and then use it with the "-t" option to see history activity.
so for example if you would like to see today activity at 06:00 , you will use :
cpview -t 06:00
then, go to network - under that, you can see info like Traffic, Interfaces, Top procols and Top Connections.
The same thing you can find history lets say for the day before:
and to sample each minute, use the "+" and "-" key
good luck
Here is a screenshot of the cpview screen Daniel is talking about, very handy both in real-time and historical. Was using it just this week...
--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.
How do you use to view top connections for a particular time period using cpview.I do find real time data for top connections . Any idea how to get the historical data w.r.t top connections .
Also any way to find out if any blades are causing the spike
Is it possible to monitor bandwidth usage against a application control rule that uses a bandwidth limit object? The idea is to then determine if it's actually working and confirm the consumption of the limit, ideally this should be viewed in graph format so we can see real-time and historic information easily.
The most I can see is just the hit counts.
We are running R80.30 with JHFA 155
What a great feature, thanks for sharing. It works great in R80.10 (but in R77.30 it errors with missing shared libraries).
Hey Nick,
Here is more options to obtain some of the insight you're looking for with historical data.
Using the documentation: Logging and Monitoring R80.10 (Part of Check Point Infinity)
Read up more in the "traffic or system counters solution" section
To run a Traffic or System Counters view:
A list of available gateways shows.
The results of the selected view show in the SmartView Monitor client.
Recording a Traffic or Counter View
You can save a record of the Traffic or System Counter view results.
To record a traffic or counter view:
A Save As window shows.
The word Recording shows below the Traffic or Counter toolbar. The appearance of this word signifies that the view currently running is recorded and saved.
A record of the view results is saved in the directory you selected in step 3 above.
Play the Results of a Recorded Traffic or Counter View
After you record a view, you can play it back. You can select Play or Fast Play, to see results change faster.
To play the results:
The Select Recorded File window shows.
The results of the selected recorded view start to run. The word Playing shows below the toolbar.
Pause or Stop the Results of a Recorded View that is Playing
Pg 96
To creating a custom traffic view:
The Query Properties window opens.
The tabs that show depend on the Query Type you selected.
What other options are available if Monitoring blade is not enabled (license) now that is not possible like in 77.30 vsx to check the top connection with their bandwidth usage ?
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY