Link Search Menu Expand Document

Flow Export Tab

Administration > General Settings > Setup > Flow Export

This tab summarizes how the appliances are configured to export statistical data to NetFlow and IPFIX collectors. The Flow Exporting Enabled setting allows the appliance to export the data to collectors. The appliance exports flows against two virtual interfaces—sp_lan and sp_wan—that accumulate the total of LAN-side and WAN-side traffic, regardless of physical interface.

To open the Flow Export Configuration dialog box, click the Edit icon.

Custom Information Elements

The following tables describe the Custom Information Elements.

Data Type: ipv4Address

Custom IE Name and Implementation Description Semantics Units Field Length (bytes) Enterprise ID
clientIPv4Address

TCP: source ipv4 address of SYN initiator is the client.

UDP: source ipv4 address of the first packet is the client.
default   4 1
serverIPv4Address

TCP: destination ipv4 address of SYN initiator is the client.

UDP: destination ipv4 address of the first packet is the client.
default   4 2
connectionInitiator

TCP: source ipv4 address of SYN initiator is the connection initiator.

UDP: source ipv4 address of the first packet is the connection initiator.
default   4 7

Data Type: unsigned8

Custom IE Name and Implementation Description Semantics Units Field Length (bytes) Enterprise ID
connectionNumberOfConnections

Number of TCP connections (3-way handshake) or UDP sessions established.
totalCounter   1 9
connectionServerResponsesCount

Currently 1.
totalCounter   1 10
connectionTransactionCompleteCount

Currently 1.
totalCounter   1 21

Data Type: unsigned32

Custom IE Name and Implementation Description Semantics Units Field Length (bytes) Enterprise ID
connectionServerResponseDelay

TCP: Round-trip time between SYN and SYN-ACK.

UDP: Round-trip time between first onward and return packet.
  microseconds 4 11
connectionNetworkToServerDelay

TCP: Round-trip time between SYN and SYN-ACK.

UDP: Round-trip time between first onward and return packet. It is also called Server Network Delay (SND).
  microseconds 4 12
connectionNetworkToClientDelay

TCP: Round trip between SYN-ACK and ACK.

UDP: Round-trip time between first response and second request packet. It is also called Client Network Delay (CND).
  microseconds 4 13
connectionClientPacketRetransmissionCount

Currently 1.
totalCounter   4 14
connectionClientToServerNetworkDelay

Network Time/Network Delay is known as the round-trip time that is the summation of CND and SND. It is also called Network Delay (ND).
  microseconds 4 15
connectionApplicationDelay

TCP: Round-trip time between SYN and SYN-ACK.

UDP: Round-trip time between first onward and return packet.
  microseconds 4 16
connectionClientToServerResponseDelay

The round-trip time that is the summation of CND and SND.
  microseconds 4 17
connectionTransactionDuration

The flow displays the time difference between the first and last packet.
  microseconds 4 18
connectionTransactionDurationMin

The flow displays the time difference between the first and last packet.
  microseconds 4 19
connectionTransactionDurationMax

The flow displays the time difference between the first and last packet.
  microseconds 4 20

Data Type: unsigned64

Custom IE Name and Implementation Description Semantics Units Field Length (bytes) Enterprise ID
connectionServerOctetDeltaCount

Server initiated byte count. If flow is lan to wan, Lan-Tx byte counter. If flow is wan to lan Lan-Rx byte counter.
deltaCounter octets 8 3
connectionServerPacketDeltaCount

Server initiated byte count. If flow is lan to wan, Lan-Tx byte counter. If flow is wan to lan Lan-Rx byte counter.
deltaCounter packets 8 4
connectionClientOctetDeltaCount

Server initiated byte count. If flow is lan to wan, Lan-Tx byte counter. If flow is wan to lan Lan-Rx byte counter.
deltaCounter octets 8 5
connectionClientPacketDeltaCount

Server initiated byte count. If flow is lan to wan, Lan-Tx byte counter. If flow is wan to lan Lan-Rx byte counter.
deltaCounter packets 8 6

Data Type: String

Custom IE Name and Implementation Description Semantics Units Field Length (bytes) Enterprise ID
applicationHttpHost

HTTP destination domain name.
default   variable length 8
applicationCategory

Application group.
default   variable length 27
from-zone

(Source Zone) name for the flow when ZBF is configured.
default   variable length 22
to-zone

(Destination zone) name for the flow when ZBF is configured.
    variable length 23
tag

User-specified readable string/tag that can be specified when the ZBF rule is configured. If “tag” is not specified, an automatic tag will be created and exported. The automatic/default tag is constructed by concatenating <from-zone>_<to-zone>_<rule priority>. For example, “lan-zone_corp-zone_10000”.
default   variable length 24
overlay

Overlay name the zone belongs to.
default   variable length 25
direction

Direction of the flow: outbound or inbound.
default   variable length 26

Flow Export Edit Row

The following table describes the Flow Export configuration options.

Field Description
Enable Flow Exporting Move the toggle to enable or disable flow exporting.
Active Flow Timeout Amount of time an active flow has been timed out (in minutes).
IPFIX Template Timeout Resending of templates based on a timeout.
Traffic Type Check as many of the traffic types as you want. The default is WAN TX.
Information Elements Check Firewall Zones, Application Performance, or both.
  • If you check Firewall Zones:

    • Orchestrator generates data based specifically on the zone-based firewalls associated with the specified flow.

    • For example: Host Name, From Zone, To Zone, Tag, Action, Direction, and so forth.

  • If you check Application Performance:

    • Orchestrator generates data based specifically on the application performance associated with each flow.

    • For example: clientIPv4Address, serverIPv4Address, connectionInitiator, applicationHttpHost, and so forth.

    • These interfaces appear in SNMP and are, therefore, “discoverable” by NetFlow and IPFIX collectors.

    • The Collector’s IP Address is the IP address of the device to which you are exporting the NetFlow/IPFIX statistics. The default Collector Port is 2055.

  • For more information about IPFIX and the associated Custom Information Elements (IEs), see Cloud Information Elements.