I have a firewall with a two sensors, one for the LAN facing interface and another for the WAN facing interface.
For all intents and purposes they should be equal, the traffic entering the LAN interface should be about the same as the traffic leaving the WAN interface - UNLESS something is hitting the firewall and being dropped by the firewall rules.
If I could compare the two interfaces at the same I would be able to see if there were substantial differences between the amount of traffic coming in versus the amount going out. I would then know that there was a problem on the network.
My issue is that although the two sensors are polling every 30 seconds, they are not polling at the exact same time (there is about a 15 second difference) - so I can't directly compare the two values.
Is there a way to synchronize time at which the two sensors would poll the device so the returned values are from the same point in time?
Article Comments
I'll have to see what the firewall supports. I have a lot more experience with Cisco so I'm rather new to Fortigates and I find their MIB somewhat lacking. I'll dig through them a bit more and come back with an answer if I find anything new.
Thank you for your time.
Jul, 2017 - Permalink
Hi there,
I'm afraid that it's not possible to query the data at the exact same second. PRTG will always send the queries into a queue, which is processed one after another (of course some scans are performed simultaneously). If you compare the results over a longer period, the total volume should be very similar.
Does your firewall support some kind of Syslog messages or SNMP traps if packets are dropped? You could send these messages to PRTG to get notified.
Best regards, Felix
Jul, 2017 - Permalink