Troubleshooting Unusual Network Activity

This article offers some suggestions to help troubleshoot situations where there are unusually high levels of network activity and throughput.

Identifying Unusual Network Activity

The Application Analytics screen in the Cato Management Application can help you to identify unusually high network activity. If this activity is only generated by a few users, it is possible that the issue is caused by a third-party app.

Recommendations to Remediate the Problem

If you believe that there is an issue with a third-party app, these are some steps to help remediate the problem:

  1. Contact the cloud service provider and report that there is a possible problem.

  2. Search forums for other reports of similar issues and possible solutions.

  3. If you think there is an incorrect app classification, or a mistake in the Application Analytics screen, please contact Cato Support.

Example of Troubleshooting an Issue with Outlook

Refer to the example screenshot (below) of the Application Analytics screen and the marked widgets for the troubleshooting steps in this section. In this example, Amy used 345 GB of network data in the past two days. The next top user, Bob, only used 35.1 GB of network data. So it's clear that there's an issue with Amy's computer or device, because her network usage is almost 10 times as much as the next user.

  1. The application usage widget shows unusually persistent upstream activity from 12:00 on day 1 until after 18:00 on day 2.

    Typical network usage has more downstream traffic than upstream.

  2. The Top Users widget shows that the user has a very high usage.

  3. The Top Applications widget shows that Outlook has a very high usage.

    Because Outlook is primarily an email app, you don't expect it to use so much more data than other apps.

Based on the above observations, the Outlook app was the first investigation that is causing the unusual network activity. These steps helped to fix the issue:

  1. Contacted Microsoft to report the issue.

  2. Searched online forums and found that there is an issue with Outlook 365 Sync, and that Microsoft recommended recreating the user profile to resolve the issue.

    See this Reddit thread regarding the Outlook 365 Sync issue.

  3. After recreating the user profile for, the network activity returned to normal. You can see that after 18:00 on day 2, the upstream traffic returns to typical activity.

    In addition, after the fix was applied, there was a significant improvement to user experience for all users in the account.

