Flow Monitoring; Using Flow Monitoring - VMware VSHIELD APP 1.0.0 UPDATE 1 Admin Manual

12

Flow Monitoring

Flow Monitoring is a traffic analysis tool that provides a detailed view of the traffic on your virtual network
that passed through a vShield App. The Flow Monitoring output defines which machines are exchanging data
and over which application. This data includes the number of sessions, packets, and bytes transmitted per
session. Session details include sources, destinations, direction of sessions, applications, and ports being used.
Session details can be used to create App Firewall allow or deny rules.
You can use Flow Monitoring as a forensic tool to detect rogue services and examine outbound sessions.
This chapter includes the following topics:


"Using Flow Monitoring"


"View a Specific Application in the Flow Monitoring Charts"

"Change the Date Range of the Flow Monitoring Charts"

"View the Flow Monitoring Report"

"Add an App Firewall Rule from the Flow Monitoring Report"

"Editing Port Mappings"
Using Flow Monitoring
The Flow Monitoring tab displays throughput statistics as returned by a vShield App. Flow Monitoring
displays traffic statistics in three charts:

Sessions/hr: Total number of sessions per hour

Server KBytes/hr: Number of outgoing kilobytes per hour

Client/hr: Number of incoming kilobytes per hour
Flow Monitoring organizes statistics by the application protocols used in client-server communications, with
each color in a chart representing a different application protocol. This charting method enables you to track
your server resources per application.
Traffic statistics display all inspected sessions within the time span specified. The last seven days of data are
displayed by default.
VMware, Inc.
on page 63
on page 64
on page 66
on page 64
on page 64
on page 65
12
63