I'm sure I've probably posted this before when we were using MWG6, but since moving to MWG7 I thought I'd ask again.
Is there any way possible to get real time charts / graphs that would show ingress and egress traffic through MWG and be able to break it down by endpoint and conversation? If this sounds a lot like netflow, that's because that's really what MWG7 needs to be useful IMO. Similar to the way Netflow works on an ASA or SRX firewall.
We are really struggling to be able to pinpoint bandwidth issues from the firewall through MWG to the network. I'm wondering how others are handling it? In our environment, we are using MWG7 in explicit proxy mode and I am wondering if we should look at deploying it differently to give us more visibility. Would we loose any features / functionality moving from explicit proxy?Message was edited by: jspanitz on 8/14/12 8:13:46 AM CDT
There is no real-time reporting capibility yet in our current reporting products (Web Reporter and Content Security Reporter). However, you have a lot of flexability over how often logs get rotated on the Gateway. Assuming your Reporter isn't overloaded, data is available for reporting shortly after rotation. Therefore, you could rotate ever 5 minutes, and force rotation anytime you need more current information. I'd keep from rotating too often since each log file would become a new log parsing job. Just 2 appliances pushing every minute would create up to 2 x 60 x 24 = 2880 log parsing jobs per day. That many jobs has a tendency to weigh down the config where the log parsing history is stored. You can purge those with the system maintenance config, but it will also delete server logs which are important for diagnosing any issues you may have with the system.
While we have Web Reporter, it's doesn't have the reports we are looking for either. And rotating the logs every 5 minutes makes finding events in the logs nearly impossible, as users never know what time the problem actually occurred.
We really need to do be able to be on the MWG box, click on the graph and see who and what are taking up the bandwidth. Ideally we would also be able to get this information via a network management solution, most likely as netflow info. We may need to look into on firewall filtering at some point if we can't find a suitable solution.
You should be able to zero in on what traffic takes up the most bandwidth pretty easily by sorting the quick views by Bytes and time of day.
Then drill down into the details to tell you what site or what user is using up the bandwidth.