Filter
Top Products
21
SonicWALL Scrutinizer 9.0.1 Release Notes
P/N 232-000861-00 Rev A
How do I enter IP to name resolutions so that Scrutinizer doesn't have to use the DNS to resolve IPs?
Edit this file: C:\WINDOWS\system32\drivers\etc\hosts and enter the IP to name translations.
Overall utilization on the interface appears to be understated. Why would this be?
1. Make sure NetFlow is enabled on all physical interfaces of the device. Do not be concerned with the virtual
interfaces, as they will auto-appear once NetFlow is enabled on the physical interface.
2. If the hardware can't keep up with sending the NetFlow packets, it will drop NetFlows before they even
leave the device. To check to see if this is the problem, login to the Cisco device.
Command to type: Router_name>sh ip flow export
At the bottom of the export, look for something like "294503 export packets were dropped due to IPC rate
limiting". If this counter is incrementing, the hardware cannot keep up with the export demands.
3. The command below breaks up long-lived flows into 1-minute segments. You can choose any number of
minutes between 1 and 60; if you leave the default of 30 minutes you will get spikes in your utilization
reports. Command to type: ip flow-cache timeout active 1
4. The command below ensures that flows that have finished are exported in a timely manner. The default is
15 seconds; you can choose any value between 10 and 600. Note however that if you choose a value that
is longer than 250 seconds Scrutinizer may report traffic levels that appear low.
Command to type: ip flow-cache timeout inactive 15
NetFlow only exports IP traffic (i.e. no IPX, etc.) and no layer 2 broadcasts are exported by this version of
NetFlow.
How do I setup my router to forward NetFlows to two destinations?
Type the "ip flow-export destination" command twice:
• router-name# ip flow-export destination 10.1.1.8 2055
• router-name# ip flow-export destination 10.1.1.9 2055
Why are my graphs reporting over 100% utilization?
1. The interface speed is not correct. Scrutinizer uses the speed specified in the SNMP OID. Login to the
router or switch and fix the problem or in Scrutinizer go to Device Details and manually type in the correct
speed.
2. The active timeout has not been set to 1 minute on the router. Login to the router or switch and fix the
problem.
3. Non-dedicated burstable bandwidth, where the ISP allows you to use over the allocated bandwidth.
4. Both ingress and egress NetFlow collection have been enabled on the interface. This can work properly if
the direction bit is set in the egress flows. Scrutinizer works ideal when only ingress NetFlow collection is
configured on all interfaces. Only egress on all interfaces is also possible.
5. Do you have any encrypted tunnels on the interface?
• ◦47 - GRE, General Routing Encapsulation.
• ◦50 - ESP, Encapsulating Security Payload.
• ◦94 - IP-within-IP Encapsulation Protocol.
• ◦97 - EtherIP.
• ◦98 - Encapsulation Header.
• ◦99 - Any private encryption scheme.
This can cause traffic to be counted twice on an interface. In Scrutinizer, go to Admin Tab > Definitions >
Manage Exporters. Click on the round icon with the '-'. When you mouse over the icon, the ALT will display
"View the current protocol exclusions of this device." Click on this and make sure the above protocols are
being excluded.