When looking at the top conversations in my NPM/NTA software it shows that a majority of all the conversation is between the Riverbed Appliances instead of between the users. Is there a way to make NPM/NTA to show the traffic between the users and not between the Riverbeds themselves?
By default, all traffic on Riverbed Steelheads is proxied with the IP addresses of the in-path interface on the Steelhead, so that's all NetFlow sees.
To fix this, you need to change your Riverbeds to "Full Transparency" mode. On the Steelhead, you go to Configure > Optimization > In-Path Rules, and add a new Auto Discover Rule just above the default rule (so, it should usually be the second-to-last rule) with the "WAN Visibility Mode" setting set to "Full Transparency".
This causes the Steelhead to send traffic with the original L3/L4 headers instead of rewriting them.
I think your suggestion will work great. I also checked with Riverbed to see what they thought about this and they did suggest doing this. Riverbed did say some firewalls with Stateful inspection may cause issues but the issue is fixable.
Thank You for your response
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.