SonicWALL 232-000861-00 manual Command to type ip flow-cache timeout inactive

Page 21

How do I enter IP to name resolutions so that Scrutinizer doesn't have to use the DNS to resolve IPs?

Edit this file: C:\WINDOWS\system32\drivers\etc\hosts and enter the IP to name translations.

Overall utilization on the interface appears to be understated. Why would this be?

1.Make sure NetFlow is enabled on all physical interfaces of the device. Do not be concerned with the virtual interfaces, as they will auto-appear once NetFlow is enabled on the physical interface.

2.If the hardware can't keep up with sending the NetFlow packets, it will drop NetFlows before they even leave the device. To check to see if this is the problem, login to the Cisco device.

Command to type: Router_name>sh ip flow export

At the bottom of the export, look for something like "294503 export packets were dropped due to IPC rate limiting". If this counter is incrementing, the hardware cannot keep up with the export demands.

3.The command below breaks up long-lived flows into 1-minute segments. You can choose any number of minutes between 1 and 60; if you leave the default of 30 minutes you will get spikes in your utilization reports. Command to type: ip flow-cache timeout active 1

4.The command below ensures that flows that have finished are exported in a timely manner. The default is 15 seconds; you can choose any value between 10 and 600. Note however that if you choose a value that is longer than 250 seconds Scrutinizer may report traffic levels that appear low.

Command to type: ip flow-cache timeout inactive 15

NetFlow only exports IP traffic (i.e. no IPX, etc.) and no layer 2 broadcasts are exported by this version of NetFlow.

How do I setup my router to forward NetFlows to two destinations?

Type the "ip flow-export destination" command twice:

router-name#ip flow-export destination 10.1.1.8 2055

router-name#ip flow-export destination 10.1.1.9 2055

Why are my graphs reporting over 100% utilization?

1.The interface speed is not correct. Scrutinizer uses the speed specified in the SNMP OID. Login to the router or switch and fix the problem or in Scrutinizer go to Device Details and manually type in the correct speed.

2.The active timeout has not been set to 1 minute on the router. Login to the router or switch and fix the problem.

3.Non-dedicated burstable bandwidth, where the ISP allows you to use over the allocated bandwidth.

4.Both ingress and egress NetFlow collection have been enabled on the interface. This can work properly if the direction bit is set in the egress flows. Scrutinizer works ideal when only ingress NetFlow collection is configured on all interfaces. Only egress on all interfaces is also possible.

5.Do you have any encrypted tunnels on the interface?

◦47 - GRE, General Routing Encapsulation.

◦50 - ESP, Encapsulating Security Payload.

◦94 - IP-within-IP Encapsulation Protocol.

◦97 - EtherIP.

◦98 - Encapsulation Header.

◦99 - Any private encryption scheme.

This can cause traffic to be counted twice on an interface. In Scrutinizer, go to Admin Tab > Definitions > Manage Exporters. Click on the round icon with the '-'. When you mouse over the icon, the ALT will display "View the current protocol exclusions of this device." Click on this and make sure the above protocols are being excluded.

SonicWALL Scrutinizer 9.0.1 Release Notes

P/N 232-000861-00 Rev A

21

Page 20 Page 22
Image 21
Page 20 Page 22
Contents Contents New SonicWALL Scrutinizer VPN Report Type Key Features in SonicWALL ScrutinizerEnhanced SonicWALL VoIP Reporting including New Host Destination Report Page Scrutinizer Product Overview Scrutinizer Base Product AdministrationSupported Protocols & Other Technical Specifications Flow Analytics Module Page Advanced Troubleshooting Service Provider ModuleThird Party Product Integration Customer Portal Enablement of Traffic and Usage Based BillingCisco Advanced Reporting Module Citrix Advanced Reporting ModuleCross Check Module Flowalyzer NetFlow & sFlow Tester Known Issues Clicking the Logalot Report Manager button Resolved IssuesDashboard tab Groups DefinitionsWhat is NetFlow? How to Upgrade to the Licensed VersionWhat is sFlow? What are the different versions of NetFlow available?How is NetFlow different from traffic analyzers like MRTG? What if I need features that Scrutinizer does not support?Is Cisco the only vendor supporting NetFlow? Is a trial version of Scrutinizer available for evaluation?Command to type ip flow-cache timeout inactive How do I setup SSL with Scrutinizer? Scrututil.exe -resetadminpassword UsernameExample scrututil How do I use a different drive for storing data?Resetmysqlpassword Can Scrutinizer run in VMWare?How do I exclude Scrutinizer in Symantec AntiVirus? Where can I find the Scrutinizer manual? Related Technical DocumentationHow do I know how much hard drive space I will need?
Top Page Image Contents