Forum Discussion

dcruz's avatar
2 years ago

LM Collector behind a Fortinet Firewall

For security reason a collector has to be behind a Fortinet Firewall, i mean between the collector and the LM data center. I have to determine the FW requeriments in terms of throughput and sessions number in order to be able to work flawlessly with 500+ devices. I will be monitoring all the performance of a Cisco network including interfaces status. Is there any way to calculate this data?

Kind regards.

  • It is best to get an actual sample from your environment since environments can vary so much.  Maybe check the traffic between a current collector which has similar number of devices.  You can do a wireshark capture and see the traffic for about an hour and then use that as a basis for calculation.  This document may give some clues - https://www.logicmonitor.com/support/collectors/collector-overview/collector-capacity - but will not be specific to your environment.  So best to get an actual sample.

  • I ended using a wireshark capture to calculate the number of sessions and pps generated by the collector.

    Kind regards.

  • As an alternative, you may wish to leverage an HTTP proxy, which allows the Collector to communicate with our servers through a proxy bypass firewall, you may find this to be a simpler approach if this still satisfies your security requirements. If not, we outline the ports and protocols necessary for the Collector on this page.

  • Anonymous's avatar
    Anonymous

    The number of sessions should be few, if more than one. 

  • It is best to get an actual sample from your environment since environments can vary so much.  Maybe check the traffic between a current collector which has similar number of devices.  You can do a wireshark capture and see the traffic for about an hour and then use that as a basis for calculation.  This document may give some clues - https://www.logicmonitor.com/support/collectors/collector-overview/collector-capacity - but will not be specific to your environment.  So best to get an actual sample.

  • Im not since its a new implementation, the FW it’s not installed yet.

  • Are you able to turn off the FW rule between collector’s ip and datacenter temporarily (for say 1 hour) and then use the firewall logs to see what happened?