I just setup a small installation of BigFix 9.2.6.94 for testing, with a license for the
server and six clients. I also only have five external sites enabled, including Patches for Windows, Updates for Windows Applications, BES Asset Discovery, BES Support, and BigFix labs.
I have noticed in a firewall report that it seems like an excessive amount of external
traffic for this small setup. I am seeing 50GB-80GB of traffic a day, 95% of it incoming,
and the traffic occurs in spurts that are every two hours like clockwork.
Is this much traffic normal, or is there something I should reconfigure to reduce the
amount of data being downloaded each day? Thanks.
Are you currently patching with BigFix? Are your clients on the same network as the server? Are the clients external? How many days have you been seeing this traffic occur? Do you have a relay deployed? Are you using the asset discovery yet?
If you are doing a lot of patching, have you increased your BigFix server cache size?
I am using BigFix for patching, and the clients and server are on the same home office network. Some of them are virtual machines and some are physical machines, all are Windows 7. I don’t have a relay installed since it just the six clients.
I am not using asset discovery.
I did not increase the server cache size. I just changed it after seeing your reply, from the default 1GB to 10GB to see what that does to it.
I also thought that it would be the root server cache being too small by default and rolling over frequently, causing things to be redownloaded frequently.
I also agree with @strawgate that the amount you are experiencing seems a bit high for that to be the only cause.
What you describe is definitely not normal.
If it happens every 2 hours repeatedly, then that almost sounds like the site gathering is causing the issue, but there shouldn’t be that much data to gather, so that doesn’t make much sense either.
Last night I had changed the _BESGather_Download_CacheLimitMB setting to 10240MB, is that the correct setting for the server cache? I checked this morning that it still has the download traffic every two hours.
I have not been pushing out new OSes, and the computers were being kept up to date with patching with Windows Update before installing BigFix.
The home office network is behind a Sophos UTM firewall which is where I noticed the traffic. Since it is allowing the traffic, would there be anything I need to change there, that would cause BigFix to have to keep downloading? I will have time this weekend to look at it closer. Thanks.
I had changed the server cache earlier from the default 1GB to 10GB and it did not seem to change anything. I changed it yesterday to 25GB and after the change I saw one large download and that was it. I have not seen any more large downloads every two hours, and I just raised it to 30GB so hopefully the problem does not come back. Thanks for the help.
I’m not sure if it was a single download or if it was a specific site. Is there a log I can look at in BigFix to see what it kept trying? I only have the six computers with Patches for Windows and Updates for Windows Applications, and they were patched before I installed BigFix. Thanks.
The firewall logs showed me some of the places my computer was connecting to, but did not break down what was being downloaded. One day I had 70GB of traffic from cloudfront.net, which in a whois lookup came back as Amazon.com. Would Amazon AWS be hosting or caching some of the files being downloaded for BigFix?
BigFix’s site content comes from the BigFix content servers which are *.bigfix.com .These are not in AWS.
The patch files for Windows come from microsoft’s sites and the patches for Updates for Windows Applications come from the respective vendors sites. BigFix will only download from these if you take action on one of the fixlets.
If you’ve not taken action on any fixlets then I wouldn’t think this traffic is related to BigFix.
I wanted to update this older thread since I recently ran into the same problem and found the problem this time.
I have my home network behind a Sophos UTM firewall, and recently saw that I had 50GB-60GB of external traffic each day again going to my virtual machine running BigFix. I found that it was the downloads for new versions of Firefox that were the problem. BigFix was downloading most of the update (from http://download-installer.cdn.mozilla.net) before Sophos was blocking it and BigFix would try again.
I was then able to tweak a rule in the Sophos firewall for Firefox and have not seen the download errors happen again yet.