[ATP/FLEX] How to check Real-Time traffic on Nebula

Options
Zyxel_Cooldia
Zyxel_Cooldia Posts: 1,474  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited June 2023 in Maintenance

Scenario

Sometimes when we troubleshoot network issues, we may need to check at all established sessions that passed through the Zyxel Device by user, service, source IP address, or destination IP address. You can also filter the information by user, protocol / service or service group, source address, and/or destination address and view it by user.This example illustrates how to check Real-Time traffic in CLI mode on Nebula.

Demonstration

You may skip step 1) if you access SSH service from LAN interface of the device.

1)  Create a security policy to allow SSH service from wan interface. By default, it is unable to access device SSH service from wan interface when the device is managed by nebula. There is no Implicit firewall rule to allow device SSH access from wan.

Go to Configure > Firewall > Security Policy.


In Implicit allow rules, there is no implicit rule to allow SSH access from wan to Device TCP 22 port

Click Add to create a security policy rule to allow SSH access from Wan.


Action = Allow

Protocol = TCP

Source = Any

Destination = Device

Dst Port = 22

*For security concern, we strongly suggest you add trusted IP to Source IP, instead of any.

Click Save to commit setting to Nebula.

 

2)   Go to Configure > Site settings to check local credentials.


3)   SSH to device, and log in with local credentials.

4)   Type CLI Router> show conn ip-traffic source to display all established sessions that pass through the Zyxel Device.


5)   Type CLI Router> show conn source x.x.x.x to filter on specific IP address.


6) Type CLI Router> show conn _service_traffic to have view in service port.


7)   If we would like to filter on specific IP and destination port, the following CLI can filter IP and service port.

Router> show conn user any service HTTP source x.x.x.x destination any srccc any dstcc any begin 1 end 10000