Jean-Pierre, as you using the latest development packages of ntopng and nprobe?
Luca > On 8 Feb 2017, at 16:29, Jean-Pierre Human <[email protected]> wrote: > > Hello > > I have ntopng with nProbe setup on a Ubuntu16 box, the full nBox setup from > the packages.ntop.org <http://packages.ntop.org/> repo. I am exporting sflow > data from a Fortigate 60D (OS 5.4.3) to nProbe. > > The problem I am having is the Local / Remote traffic is being reported as > the same amount / flow speed. Infact the Ingress and Egress is always > displayed as exactly half of the total throughput at that time. This is true > for the little widget at the bottom next to the rev counter for ingress and > egress and on the home page of a host, when clicked the "Sent vs Received > Traffic Breakdown" is always a perfect 50/50 ratio. > > If I export flow data from a Mikrotik on a different network every thing > reports correctly. > > What is a little unique on this network is that there are a few /26 subnets > of public IP Addresses behind this firewall. There is no natting. I have set > these subnets as local subnets in ntopng as you can tell from my config > below. The firewall on the WAN side has a public address and a few public > subnets on the LAN side. Would this cause issues with remote/local traffic > differentiation? > > I have tried setting V5/V9 etc flow types same issue. I have enabled just RX > or TX from the Fortigate and these when individually enabled display > correctly. > > Any help or pointers would be appreciated. > > My configs: > > root@ntopng:~# cat /etc/ntopng/ntopng.conf > -n=3 > -w=3000 > -W=0 > -g=-1 > -m="41.xx.xx.0/26,196.x.x.x/26" > -F=mysql;localhost;ntopng;flows;ntopuser;secretxxx > -d=/storage/ntopng > -G=/var/run/ntopng.pid > -i=tcp://127.0.0.1:5556 <http://127.0.0.1:5556/> > > > root@ntopng:~# cat /etc/nprobe/nprobe-ens18.conf > -n=none > -i=none > -3=2055 > -s=128 > -t=60 > -d=60 > -a=0 > -e=1 > -B=10 > -w=128000 > -z=0 > -S=1:1 > -E=0:0 > -g=/var/run/nprobe-ens18.pid > --zmq=tcp://127.0.0.1:5556 <http://127.0.0.1:5556/> > -V=5 > --dump-stats=/var/log/nprobe/ens18-0_flows_stats.txt > > The fortigate was configured with the instructions here: > http://kb.fortinet.com/kb/documentLink.do?externalID=FD36460 > <http://kb.fortinet.com/kb/documentLink.do?externalID=FD36460> > > Thanks and Regards > Jean-Pierre Human > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
