Flow Export Tab
Administration > General Settings > Setup > Flow Export
This tab summarizes how the appliances are configured to export statistical data to NetFlow and IPFIX collectors. The Flow Exporting Enabled setting allows the appliance to export the data to collectors. The appliance exports flows against two virtual interfaces—sp_lan and sp_wan—that accumulate the total of LAN-side and WAN-side traffic, regardless of physical interface.
To open the Flow Export Configuration dialog box, click the Edit icon.
Custom Information Elements
The following tables describe the Custom Information Elements.
Data Type: ipv4Address
Custom IE Name and Implementation Description | Semantics | Units | Field Length (bytes) | Enterprise ID |
---|---|---|---|---|
clientIPv4Address TCP: source ipv4 address of SYN initiator is the client. UDP: source ipv4 address of the first packet is the client. |
default | 4 | 1 | |
serverIPv4Address TCP: destination ipv4 address of SYN initiator is the client. UDP: destination ipv4 address of the first packet is the client. |
default | 4 | 2 | |
connectionInitiator TCP: source ipv4 address of SYN initiator is the connection initiator. UDP: source ipv4 address of the first packet is the connection initiator. |
default | 4 | 7 |
Data Type: unsigned8
Custom IE Name and Implementation Description | Semantics | Units | Field Length (bytes) | Enterprise ID |
---|---|---|---|---|
connectionNumberOfConnections Number of TCP connections (3-way handshake) or UDP sessions established. |
totalCounter | 1 | 9 | |
connectionServerResponsesCount Currently 1. |
totalCounter | 1 | 10 | |
connectionTransactionCompleteCount Currently 1. |
totalCounter | 1 | 21 |
Data Type: unsigned32
Custom IE Name and Implementation Description | Semantics | Units | Field Length (bytes) | Enterprise ID |
---|---|---|---|---|
connectionServerResponseDelay TCP: Round-trip time between SYN and SYN-ACK. UDP: Round-trip time between first onward and return packet. |
microseconds | 4 | 11 | |
connectionNetworkToServerDelay TCP: Round-trip time between SYN and SYN-ACK. UDP: Round-trip time between first onward and return packet. It is also called Server Network Delay (SND). |
microseconds | 4 | 12 | |
connectionNetworkToClientDelay TCP: Round trip between SYN-ACK and ACK. UDP: Round-trip time between first response and second request packet. It is also called Client Network Delay (CND). |
microseconds | 4 | 13 | |
connectionClientPacketRetransmissionCount Currently 1. |
totalCounter | 4 | 14 | |
connectionClientToServerNetworkDelay Network Time/Network Delay is known as the round-trip time that is the summation of CND and SND. It is also called Network Delay (ND). |
microseconds | 4 | 15 | |
connectionApplicationDelay TCP: Round-trip time between SYN and SYN-ACK. UDP: Round-trip time between first onward and return packet. |
microseconds | 4 | 16 | |
connectionClientToServerResponseDelay The round-trip time that is the summation of CND and SND. |
microseconds | 4 | 17 | |
connectionTransactionDuration The flow displays the time difference between the first and last packet. |
microseconds | 4 | 18 | |
connectionTransactionDurationMin The flow displays the time difference between the first and last packet. |
microseconds | 4 | 19 | |
connectionTransactionDurationMax The flow displays the time difference between the first and last packet. |
microseconds | 4 | 20 |
Data Type: unsigned64
Custom IE Name and Implementation Description | Semantics | Units | Field Length (bytes) | Enterprise ID |
---|---|---|---|---|
connectionServerOctetDeltaCount Server initiated byte count. If flow is lan to wan, Lan-Tx byte counter. If flow is wan to lan Lan-Rx byte counter. |
deltaCounter | octets | 8 | 3 |
connectionServerPacketDeltaCount Server initiated byte count. If flow is lan to wan, Lan-Tx byte counter. If flow is wan to lan Lan-Rx byte counter. |
deltaCounter | packets | 8 | 4 |
connectionClientOctetDeltaCount Server initiated byte count. If flow is lan to wan, Lan-Tx byte counter. If flow is wan to lan Lan-Rx byte counter. |
deltaCounter | octets | 8 | 5 |
connectionClientPacketDeltaCount Server initiated byte count. If flow is lan to wan, Lan-Tx byte counter. If flow is wan to lan Lan-Rx byte counter. |
deltaCounter | packets | 8 | 6 |
Data Type: String
Custom IE Name and Implementation Description | Semantics | Units | Field Length (bytes) | Enterprise ID |
---|---|---|---|---|
applicationHttpHost HTTP destination domain name. |
default | variable length | 8 | |
applicationCategory Application group. |
default | variable length | 27 | |
from-zone (Source Zone) name for the flow when ZBF is configured. |
default | variable length | 22 | |
to-zone (Destination zone) name for the flow when ZBF is configured. |
variable length | 23 | ||
tag User-specified readable string/tag that can be specified when the ZBF rule is configured. If “tag” is not specified, an automatic tag will be created and exported. The automatic/default tag is constructed by concatenating <from-zone>_<to-zone>_<rule priority>. For example, “lan-zone_corp-zone_10000”. |
default | variable length | 24 | |
overlay Overlay name the zone belongs to. |
default | variable length | 25 | |
direction Direction of the flow: outbound or inbound. |
default | variable length | 26 |
Flow Export Edit Row
The following table describes the Flow Export configuration options.
Field | Description |
---|---|
Enable Flow Exporting | Move the toggle to enable or disable flow exporting. |
Active Flow Timeout | Amount of time an active flow has been timed out (in minutes). |
IPFIX Template Timeout | Resending of templates based on a timeout. |
Traffic Type | Check as many of the traffic types as you want. The default is WAN TX. |
Information Elements | Check Firewall Zones, Application Performance, or both. |
-
If you check Firewall Zones:
-
Orchestrator generates data based specifically on the zone-based firewalls associated with the specified flow.
-
For example: Host Name, From Zone, To Zone, Tag, Action, Direction, and so forth.
-
-
If you check Application Performance:
-
Orchestrator generates data based specifically on the application performance associated with each flow.
-
For example: clientIPv4Address, serverIPv4Address, connectionInitiator, applicationHttpHost, and so forth.
-
These interfaces appear in SNMP and are, therefore, “discoverable” by NetFlow and IPFIX collectors.
-
The Collector’s IP Address is the IP address of the device to which you are exporting the NetFlow/IPFIX statistics. The default Collector Port is 2055.
-
-
For more information about IPFIX and the associated Custom Information Elements (IEs), see Cloud Information Elements.