We're monitoring our Palo Alto's public internet interface using NTA - however we're running into an issue where the NTA summary for the interface only shows our Public IP - not the private IP address of the internal clients using the internet. This makes it difficult to track down exactly which clients are utilising the link.
Just wondering if it's possible to get this information to show in NTA.
I would encourage you to upvote this feature request, and add any elaboration to that thread. We do review and prioritize the feature request threads to help shape the product roadmap - your voice is important!
We're going to report the view of traffic from each interface - there's not currently any ability to stitch together NAT conversations.
I would be very interested in speaking with you about what you would like to see - what would a feature like this present, and what workflows would this capability support? What do you have to do today to put these pieces together, how often are you doing that, and how much effort is involved?
Would you like to set up some time to chat? I can work with your timezone 😉
I am rather surprised if NTA does not have this feature on.
I think you are able to see the full conversation info if it is a Cisco ASA or a different UTM. All we need is to see who is saturating our link. we do this by analysing the netflow of the device and which one are your top 5 conversation endpoints
Below is the example of the ASA we have where you can clearly see which network endpoints are involved in the conversation as I can see it's private IP (10.202.28.x)
We want the same output from our Palo alto UTM netflows as it shows the interface's public ip
This is essential when our internet link gets saturated or is hitting a very high utilisation. Instead of us going on the actual UTM and run captures to determine which endpoint is hogging all the bandwidth,
There has to be a way to embed this info in NTA, I am happy to have a chat in regards to this.
I working hours are 9AM-5:30PM on the Australian Eastern Standard (Sydney) time\.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.