Meraki

Community

Clients with high usage

Hi Guys,

One of our users utilizes high network resources even when not using the network. Could you assist me in determining the cause? I checked their computer but found no network activity.

18 Replies 18

It would be interesting to scan this machine to validate that there is no malicious file.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Thank you for your reply, @alemabrahao . I did scan the device, but nothing was found. Is there any possibility I can track/trace deep inspection on the firewall?

do you have the IPS enabled?

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Yes

Were you able to find any suspicious activity in the logs?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Do you means Change Logs menu?

Nope, Security & SD-WAN > Monitor > Security Center

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

No MX events. Nothing there.

Try to perform a packet capture using the client's IP or MAC as the source.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Do you have Meraki switches and are you able to run a packet capture on the port the devices is connected to?

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

I don't have Meraki Switches.

Assuming you have an MX, if you go into the client and click "Show Details" under the pie chart - what does it show them accessing?

Looks like plain old Windows file sharing. Or are you talking about Internet traffic as opposed to internal traffic?

That is our on-premises file server, and the user is connected to the same network. But different VLAN.

From the above output, the clear majority of network traffic from that client is SMB file sharing.

If that's an unexpected usage amount, you'll have to get a clearer idea of what they're pulling down from the file server and why.
To prevent it, you could look at applying group policies and setting bandwidth limits via a traffic shaping policy.

@Brash Let me try this.

Welcome to the Meraki Community!

To start contributing, simply with your Cisco ID. If you don't yet have a Cisco ID, you can .

Labels

3rd Party VPN 133
ACLs 70
Auto VPN 227
AWS 28
Azure 55
Client VPN 312
Firewall 678
Other 462