No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

The incorrect traffic report problem on the USG6650 case

Publication Date:  2015-03-04 Views:  238 Downloads:  0
Issue Description

The customer meet the problem is that one of the application [PPlive] which was recognized by firewall, the total traffic is not same as the total traffic with source Address and destination address.

Image 1 shows the application [pplive] is using 5.12GB

 

Image 2: show the source address of application [PPLIVE] is using only about 200M

 

 

Image 3: show the Destination address of application [PPLIVE] is using only about 200M

Handling Process

1.  Firstly, I suspect the traffic report are different maybe caused by the time range are selected differently in the two traffic report, so I suggest the customer to check if the time range are same. After customer confirm the time range are same.

2.  And then I let customer feedback the diagnose information, After I analyzed the diagnose information, I find that there are no hard disk on the firewall, as following:

 

Disk information:

-------------------------------------------------------------------------

Filesystem Status                           :    Un-Mounted

Filesystem Total                            :    0MB

Filesystem Free                             :    0MB

DiskRaidMode                                :    INACTIVE

DiskIOC_Vendor                              :   

DiskIOC_SN                                  :   

DiskIOC_FirmwareVer                         :    0

-------------------------------------------------------------------------

 

At that situation without hard disk, the traffic logs will be stored in the firewall memory, but the memory is small and limited for so many logs, after the logs exceed the memory capacitance, the old logs will be covered by the new logs. So when you create the traffic report, some logs data has lost. The reports show the traffics are different.
Root Cause
In conclusion, the root cause is there is no hard disk on the firewall, this dues to the old logs were covered by the new logs.
Solution
So if the customer wants to create the exact traffic report, The solution is t to mount the hard disk on the firewall.

END