How can I collect traffic details by IP address on the firewall through Log Reports and AppFlow?
12/20/2019 64 24368
When encountering bandwidth shortage (Internet access speed is getting slower), you may want to check the bandwidth usage by IP or service for determining the solution. This article describes the way for you how to do the deep analysis for the traffic on your firewall. Before go through this article, you may require to start Data Collection at Log | Report page and also enable the option of AppFlow to Local Collector at AppFlow |Flow Reporting |Settings page.
NOTE:For function AppFlow Monitor, you are required to check whether you have the license (App Visualization).
For general overview. Navigate to Log | Reports, select the drop down menu Bandwidth Usage by IP address or Bandwidth Usage by Service, the details of used bandwidth for each IP address or service will be displayed.
For further analysis, if you intend to check which services does the IP address has used (e.g. 192.168.136.2 in the above picture which occupied most bandwidth), besides Global Management System (GMS) and Analyzer, this operation can be fulfilled on the firewall through AppFlow Monitor. Following are the steps for displaying the services by IP address.
Navigate to AppFlow |AppFlow Monitor (or Dashboard | AppFlow Monitor) | Click Initiators. This page displays details about connection initiators by IP address.
Tick the square for the item 192.168.136.2 | Click Filter View button. Only the selected item(s) will be displayed as below.
Click tab Applications. In this page, the items listed are all 192.168.136.2 associated. You can click link of the Sessions column to check the detail.