Hi Guys,

My goal is to count all external traffic my servers are generating. Here some facts about the network.
The physical landscape looks like this

Servers – Switch (with sflow) – Loadbalancer – Firewall – External Network/WAN

Unfortunately the Firewall doesn’t support any flow-protocol but the switch does.  For accounting issues I just want to check how many traffic my servers are sending over the wan connection.

I installed NetFlow Analyzer and created IP groups per device/server. They look like this:

Server01 IP Address includes 192.168.4.180 Port 80 TCP Assigned Interface: Gigabit XY (where the server is connected).

The good thing is that the IP Groups are collection data and I can see my data volume. The negative thing is that the values can’t be true. I have more than two times of traffic then normally. I installed a local traffic counter on one of the webservers and compared the data with the Netflow ones.  E.g. the local traffic counter displays  5GB per day Netflow tells me more than 10GB.

I know that Neflow also counts traffic from one local server to another but there is no such webtraffic. I can’t see any local connections on the connection tab, just external.

Does someone know where my mistake ist? Are there any other suggestions to reach this goal? Maybe NetFlow Analyzer is the wrong tool?

I’m glad for every help I can get. Thank you !