I have a question about how can I get a more accurate measure of the data going from the LAN in to the firewall (Cisco ASA), through the firewall, and then out from the firewall to the ISP. We are running NTA 4.1.1 and NPM 11.5.2. I have Netflow set up for the firewall interfaces. The stock reporting widget shows the same amount of data going across both interfaces, which makes some sense since any data going into a firewall will go out of it. But I want to know the amount of traffic that is going out of the firewall to the ISP on a daily basis. That way we can figure out roughly what our actual bandwidth use from the ISP is. If we could also get the rough speed of data going through the interface, that would also be useful for some of our purposes.
I don't care how much data user 1 is getting or sending to a Google Drive or YouTube (at least not at this point in time). I want to know how much, in total, is going out to the ISP? Breaking it down in more detail can come later if needed.
Let us say (for the sake of discussion) that the LAN's interface to the firewall is 10.10.100.1 and the connection to the ISP currently is 209.x1.y1.z1. I would like to have either the stock widget or some derivative of it report how much data went through 10.10.100.1 into the firewall and how much of it actually went out through 209.x1.y1.z1 to the ISP. If that isn't possible, I would like some help in building a new widget within Solarwinds to allow me to get the information graphically and/or give us a message daily letting us know how much data went to (and through) the ISP the previous day.
Here is a (poor) illustration of my view of this:
LAN --> 10.10.100.1 [Firewall] 209.x1.y1.z1 --> ISP
| | |
| | |
internal mail server ----| | |
internal web server --------| |
other internal content --------|
I don't care about the firewall traffic coming back to my internal destinations. I am only interested in the firewall traffic actually going out through the ISP to other destinations. If X is the amount of traffic going to 10.10.100.1, Y is the amount of traffic sent back in to our servers, and Z is the amount of traffic that goes to other Internet via the ISP, then I am presuming that Z < X due to some of the traffic being people checking email or times of meetings (if nothing else). I'm interested in a very close estimate of Z in (prefereably) megabytes. We know that we will have higher rates of data during 7am - 10pm than the overnight hours as a general rule. We also know that a sizable chunk of the data going out will be backup data from the night before going to an offsite location in the cloud.
Could someone give me some help in getting this broken down so I can get the data that I'm interested in seeing? I would appreciate the help. I also apologize for my ugly diagram of the problem.