It sounds like NTA is your best bet for this. For pretty graphs I would use the NTA Flow Navigator tab (on the left). You may already have tried this, sorry if this doesn't help. Try filter on the end points you want and you can even save them to a new view. You can also use Report writer to create a report, but it won't have the graphing that you are needing.
Thanks for the reply Zak. I was making some progress (although it's not exactly what I was looking for, but I'm trying to make it work) however I seem to have run into a major problem.
What I've been doing is defining application groups in NTA (under Manage applications and service ports).
For instance I defined one of our sites by entering the IP ranges of all the VLANS as the source IP and the destination is any public IP (I defined all public IP addresses) and for the port, I used 1-65535 as a catch all. After entering 3 or 4 groups with "all ports", I can't add anymore. I don't receive an error, but Orion just won't create the group. As a less useful work around, I thought about defining 80 and 443 for these groups to catch most of the traffic - however this doesn't work at all. It seems like it's only looking for these ports as the source AND destination - and of course the source port is some random high number which isn't being tracked.
Does anyone have any suggestions? Perhaps I'm doing something wrong. Thanks.
We have developed a tool called the LANGuardian which can operate standalone or it can be integrated with Orion. You can see a standalone version of it in operation here.
It uses a SPAN port instead of flow data so in your case you would need to SPAN the internal interface of the firewall which links your Internet pipe. Once that is in place you can create custom graphs or reports to focus in on subnets associated with the remote facilities. You can see a sample of what the integration with Orion looks like at this link