Graphing Sonicwall VPN Tunnel Usage

I have the need to track the network usage between each of our offices. We currently use IPSec based tunnels across the Internet for connectivity between all of our offices (we use a full mesh configuration). I looked around for way to monitor and graph the data for these tunnels off our Sonicwall firewalls, but found no good solution.

So I created the following templates and scripts for monitoring our Sonicwall firewalls via my favorite network monitoring application Cacti. The template includes graphs for CPU Utilization, Memory Usage, Current Connections Cache, and most importantly VPN utilization on a tunnel-by-tunnel.

The script portion (written is PERL) queries the firewall and returns the list of currently active tunnels (by the IP address on the Peer Gateway) as well as the tunnel name and decrypted (received) bytes and encrypted (transmitted) bytes. Because the tunnels are renegotiated (by default every 8 hours) you will experience spikes in your graph unless you follow the installation instructions.

Also because the firewall does not always return the VPN tunnel name you must renegotiate each tunnel prior to creating the graphs the first time in order for it to correctly pull in the name. You may need to do this a couple of times being sure to press the green reload O button in Cacti before they will all show up.

Installation Instructions: Visit my post on the Cacti forums for installing the software.

If you are running SonicOS Enhanced then you be able to graph everything, if you are running SonicOS Standard or the older the 6.X firmware, then you will only get the VPN monitoring as the other stats are unavailable via SNMP.

The following is the usage syntax if you would like to run the script by itself. host community index host community query {peergateway, vpnname, decryptbytes, encryptbytes} host community get {peergateway, vpnname, decryptbytes, encryptbytes} DEVICE

DEVICE is the IP address of the PeerGateway of the tunnel you want

I know the script is less than optimal, but then I’m not really a programmer so I’d appreciate any feedback. Additionally, the basis for the script came from Dan Brummer in this post

Leave a comment


  1. Awesome! Thanks for the script!

    Only problem I am running into is that I dont fully understand what you mean by:

    When creating graphs you will be prompted to enter a maximum value for decrypt/encrypt bytes. You MUST enter a value equal to the fast connection of any of the tunnels being monitored from this device. Otherwise you will see huge spikes every 8 hours.

    Where do I get the maximum value for decrypt/encrypt bytes?


  2. Bryan,

    What is need is the maximum link speed in bytes/second. I would also recommend that you put some fudge factor in there particularly if you think you might be increasing the link speed at anytime. (For example we replaced a 786K DSL with a 3M connection).

    The following formula should work, but I have not tried it (I just guessed).

    (Link speed in bits/second / 8) * (1 + “fudge factor”)

    For example for a T1 connection (1.5 Mb/s = 1572864 b/s) which we think will double some point the future with a 5% additional

    (1572864 / 8 ) * (1 + 1.05) = 403046

    I hope this helps.



    I made a slight modification. I have tunnels that establish multiple connections through a single peer gateway address.

    I added an optional flag [total] Which will total all the receive or send stats for the stated tunnel, and output as an aggregate sum, rather than outputting the numbers for EACH individual connection.

    This happens if you are creating tunnels to several different networks on the same peer gateway.

  4. expert-alert

     /  July 7, 2011


    I have setup this graph as described. Every things works fine. but one Vpn connection does not show any graph.
    its shows NAN and dont understand why its showing NAN,

    if i run the command from command prompt, i get result..

    ./ host community get decryptbytes device

    but the graph does not show anything.

    Can any one please tel me, what can cause the issue ..
    here, I have setup the maximum link speed in bytes/second is 10485760 as 10M/b is our Bandwidth.

    thanks for help
    Really appreciate.

  5. NBX

     /  September 6, 2012

    I have used the formula (Link speed in bits/second / 8) * (1 + “fudge factor”) to factor in Maximum Value on both of the decryptbytes and encryptbytes that are normally set to 0, but my VPN traffic graphs are still broken. What should be in the Index Type, Index Value and Output Type ID fields?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: