Determine Which IP address is using the most throughput Juniper SRX 220

Question

We have a Juniper SRX 220 firewall, and our ISP provides a readout of our total throughput for times of the day.

There is a throughput spike fairly consistently during certain hours and we are trying to locate the IP(s) responsible to determine which services are causing this, we have around 13 virtual servers on VSphere and 16 Windows users connected during those times. AD Server is 2012 Essentials.

How can we determine the throughput of all IP addresses on the network over a certain time - or how can we locate the IP address of this machine using our Juniper Firewall?

Or any other way for that matter?

Thanks in advance.

Answer 1

Since this is a fairly simple setup with a single device in the datapath, I recommend you take a look at setting up a Netflow collector, and then having your firewall send a sample (not 1:1!!) of traffic over to it. There are freeware or demo levels of products that can give you visibility into this single device. Check into Scrutinizer that used to be available from Sonicwall, now owned by Dell. You will get a wealth of information.