Determining traffic direction and the implications of directional flow on reports
On all reports except the subnet report, traffic direction is determined by the direction of the traffic through the LANLocal area network port and WANWide Area Network port on the appliance. If traffic flows from LAN-side to WAN-side, then the traffic is outbound. If the traffic flows from WAN-side to LAN-side, then the traffic is inbound.
On the subnet report, traffic direction is determined relative to the subnet network objecta logical definition created and stored in the Exinda lilbrary, can represent any network component. Traffic originating from the network object is outbound. Traffic destined for the network object is inbound.
Because of these differences, when virtual circuits are based exclusively on a network object, you should generally expect the totals for that network object on the subnet report and the virtual circuitlogical definitions that partition a a physical network circuit and used to determine what traffic passes through it and how much to match. However, there are a few cases where the totals will not match.
When the network object is marked as external, the inbound and outbound traffic are flipped, that is, the inbound virtual circuit traffic will match the outbound subnet traffic. This is because traffic direction for virtual circuits is reported relative to the internal network as determined by the WAN and LAN ports of the appliance, whereas traffic direction for the subnet is reported relative to the location of the network object as determined by the location setting on the network object.
Consider the scenario where the external network object defines a virtual circuit as shown in the figure below. Traffic direction from the LAN to the external network object will be reported as inbound on the Subnet report and outbound on the Virtual Circuit report.
Traffic inbound to the External Network Object is outbound from the internal LAN
When a network object is defined on both the LAN and WAN side of the appliance, the Subnet report will double count the traffic, but the virtual circuit report will not .
Consider the scenario where 3 MB of traffic flows from host A to B and both hosts are defined within an internal network object, yet reside on either side of the appliance.
Traffic from host A on the LAN-side to host B on the WAN-side counts on the Subnet report as both 3 MB outbound from the network object as it leaves host A and 3 MB inbound to the network object as it arrives to host B. Traffic from A to B on the virtual circuit report will be counted only as 3MB outbound traffic since the traffic flowed from the LAN-side of the appliance to the WAN-side.
Traffic from a network object to itself will be counted as both inbound and outbound traffic on the subnet, but only one direction on the virtual circuit