Hello I have ntopng with nProbe setup on a Ubuntu16 box, the full nBox setup from the packages.ntop.org repo. I am exporting sflow data from a Fortigate 60D (OS 5.4.3) to nProbe.
The problem I am having is the Local / Remote traffic is being reported as the same amount / flow speed. Infact the Ingress and Egress is always displayed as exactly half of the total throughput at that time. This is true for the little widget at the bottom next to the rev counter for ingress and egress and on the home page of a host, when clicked the "Sent vs Received Traffic Breakdown" is always a perfect 50/50 ratio. If I export flow data from a Mikrotik on a different network every thing reports correctly. What is a little unique on this network is that there are a few /26 subnets of public IP Addresses behind this firewall. There is no natting. I have set these subnets as local subnets in ntopng as you can tell from my config below. The firewall on the WAN side has a public address and a few public subnets on the LAN side. Would this cause issues with remote/local traffic differentiation? I have tried setting V5/V9 etc flow types same issue. I have enabled just RX or TX from the Fortigate and these when individually enabled display correctly. Any help or pointers would be appreciated. My configs: root@ntopng:~# cat /etc/ntopng/ntopng.conf -n=3 -w=3000 -W=0 -g=-1 -m="41.xx.xx.0/26,196.x.x.x/26" -F=mysql;localhost;ntopng;flows;ntopuser;secretxxx -d=/storage/ntopng -G=/var/run/ntopng.pid -i=tcp://127.0.0.1:5556 root@ntopng:~# cat /etc/nprobe/nprobe-ens18.conf -n=none -i=none -3=2055 -s=128 -t=60 -d=60 -a=0 -e=1 -B=10 -w=128000 -z=0 -S=1:1 -E=0:0 -g=/var/run/nprobe-ens18.pid --zmq=tcp://127.0.0.1:5556 -V=5 --dump-stats=/var/log/nprobe/ens18-0_flows_stats.txt The fortigate was configured with the instructions here: http://kb.fortinet.com/kb/documentLink.do?externalID=FD36460 Thanks and Regards Jean-Pierre Human
_______________________________________________ Ntop mailing list Ntop@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
