FYI: If you don't have any DMZ interfaces this will work great. If you do however, you'll not see the traffic between DMZ and Internet. If you have multiple firewall interfaces you'll need to use the public interface of the firewall or the internet router. This sometimes makes things tricky if you're NATing.
Gary -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Thomas Sent: Monday, October 06, 2008 7:01 AM To: [email protected] Subject: Re: [Ntop] Monitor Internet Activity Only That's exactly what I ended up doing. Thanks for the info! -Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Yuri Francalacci Sent: Saturday, October 04, 2008 6:58 AM To: [email protected] Subject: Re: [Ntop] Monitor Internet Activity Only If your switch is an "intelligent" one you could configure it to mirror the internal interface of your firewall. In this case you have only the traffic from/to internet and the one directed to the firewall itself (including multicast and broadcast). Yuri Gary Gatten ha scritto: > Configure another netflow interface on a unique port. Configure your > border router to export flows to this port. > > > > Gary > > > > > > ------------------------------------------------------------------------ > > *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf > Of *Chris Thomas > *Sent:* Friday, October 03, 2008 9:33 AM > *To:* [email protected] > *Subject:* [Ntop] Monitor Internet Activity Only > > > > Hello there. I currently have ntop set up to monitor my LAN traffic but > I would like to have it show only traffic to/from the internet so that I > can find the heaviest users during peak usage times. My network is made > up of 16 Cisco 3500 and 2900 series switches. All of my servers, > including the ntop box and my Check Point firewall are plugged in to the > same switch. What would be the best way to go about showing me only > internet traffic? > > > > I appreciate any information that can be provided. > > > > Thanks > > -Chris > > "This email is intended to be reviewed by only the intended recipient > and may contain information that is privileged and/or confidential. If > you are not the intended recipient, you are hereby notified that any > review, use, dissemination, disclosure or copying of this email and its > attachments, if any, is strictly prohibited. If you have received this > email in error, please immediately notify the sender by return email and > delete this email from your system." > > > ------------------------------------------------------------------------ > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
