3 Replies Latest reply on Jan 31, 2013 9:15 AM by darragh.delaney

    Graphs based on source/destination IP

    mitchflossin

      Hey folks,

       

      I've been tasked with graphing some of our remote facilities' internet usage which gets long hauled back across our WAN through our HQ internet pipe.

       

      Any idea how to accomplish this?  This may be better suited for NTA, but I wasn't able to do exactly what I wanted with that either.  Is anyone else doing this?  Any tips or suggestions? 

       

      For our sites that have their own internet connection, I'm just graphing the port which faces our firewall's external interface.  Not sure how to graph based on the source and destination IP, or if it's possible.  Even if there's another tool better suited for this, any help would be great.

       

      Thanks, I appreciate it!, 

        • Re: Graphs based on source/destination IP
          Zak Kahl

          Hello,

           

          It sounds like NTA is your best bet for this.  For pretty graphs I would use the NTA Flow Navigator tab (on the left). You may already have tried this, sorry if this doesn't help.  Try filter on the end points you want and you can even save them to a new view.  You can also use Report writer to create a report, but it won't have the graphing that you are needing.

           

          2013-01-24_1402.png

          Thanks,

           

          Zak Kahl

          Loop1 Systems.

            • Re: Graphs based on source/destination IP
              mitchflossin

              Thanks for the reply Zak.  I was making some progress (although it's not exactly what I was looking for, but I'm trying to make it work) however I seem to have run into a major problem.

               

              What I've been doing is defining application groups in NTA (under Manage applications and service ports).

               

              For instance I defined one of our sites by entering the IP ranges of all the VLANS as the source IP and the destination is any public IP (I defined all public IP addresses) and for the port, I used 1-65535 as a catch all.  After entering 3 or 4 groups with "all ports", I can't add anymore.  I don't receive an error, but Orion just won't create the group.  As a less useful work around, I thought about defining 80 and 443 for these groups to catch most of the traffic - however this doesn't work at all.  It seems like it's only looking for these ports as the source AND destination - and of course the source port is some random high number which isn't being tracked.

               

              Does anyone have any suggestions?  Perhaps I'm doing something wrong.  Thanks.

            • Re: Graphs based on source/destination IP
              darragh.delaney

              Hi There,

              We have developed a tool called the LANGuardian which can operate standalone or it can be integrated with Orion. You can see a standalone version of it in operation here.

               

              It uses a SPAN port instead of flow data so in your case you would need to SPAN the internal interface of the firewall which links your Internet pipe. Once that is in place you can create custom graphs or reports to focus in on subnets associated with the remote facilities. You can see a sample of what the integration with Orion looks like at this link

               

              http://demo2.netfort.com/Orion/SummaryView.aspx?viewid=31

               

              Darragh