Scheduled maintenance: Community will be offline Monday June 17th, 1:00 AM - 6:00 AM (PT)
Highlighted
Emerging Member
Posts: 75
Registered: ‎04-12-2016
Kudos: 40

USG3: DPI on dual-wan measures WAN2 gateway

Hi folks,

 

I am running a USG3 using Firmware v4.4.36 in an Dual-WAN setup, where wan2 is phy port eth2, which is connected to an internet gateway. I realized the DPI statistics always report that IP of my wan2 internet gateway as the top 1 device of traffic.

 

Thus I accuse DPI to include this wan2 port in the traffic-analysis.

Is there a way to exclude eth2 from being monitored by DPI?

Or is it a bug?

 

Here some parts of my USG configuration related in my eyes:

firewall {
    modify LOAD_BALANCE {
        description LOAD_BALANCE
        rule 3001 {
            action accept
            destination {
                group {
                    address-group NETv4_eth0
                }
            }
        }
        rule 3002 {
            action accept
            destination {
                group {
                    address-group NETv4_eth2
                }
            }
        }
    }
}
interfaces {
    ethernet eth0 {
        description WAN
    }
    ethernet eth1 {
        description LAN
    }
    ethernet eth2 {
        description WAN2
    }
}
load-balance {
    group wan_failover {
        flush-on-active disable
        interface eth0 {
            route-test {
                initial-delay 20
                interval 10
            }
            weight 10
        }
        interface eth2 {
            route-test {
                initial-delay 20
                interval 10
            }
            weight 90
        }
        lb-local enable
        lb-local-metric-change enable
        sticky {
            dest-addr enable
            dest-port enable
            source-addr enable
        }
        transition-script /config/scripts/wan-event-report.sh
    }
}
system {
    offload {
        ipsec enable
        ipv4 {
            forwarding enable
            gre enable
            pppoe enable
            vlan enable
        }
        ipv6 {
            forwarding enable
            vlan enable
        }
    }
    traffic-analysis {
        dpi enable
        export disable
    }
}

 

BR, Pocki