Flow Export Tab
Administration > General Settings > Setup > Flow Export
This tab summarizes how the appliances are configured to export statistical data to NetFlow and IPFIX collectors. The Flow Exporting Enabled setting allows the appliance to export the data to collectors. The appliance exports flows against two virtual interfaces—sp_lan and sp_wan—that accumulate the total of LAN-side and WAN-side traffic, regardless of physical interface.
To open the Flow Export Configuration dialog box, click the Edit icon.
Custom Information Elements
The following table describes the Custom Information Elements.
| Custom IE Name and Implementation Description | Semantics | Units | Field Length (bytes) | Enterprise ID |
|---|---|---|---|---|
| clientIPv4Address TCP: source ipv4 address of SYN initiator is the client. UDP: source ipv4 address of the first packet is the client. | default | 4 | 1 | |
| serverIPv4Address TCP: destination ipv4 address of SYN initiator is the client. UDP: destination ipv4 address of the first packet is the client. | default | 4 | 2 | |
| connectionInitiator TCP: source ipv4 address of SYN initiator is the connection initiator. UDP: source ipv4 address of the first packet is the connection initiator. | default | 4 | 7 |
| Custom IE Name and Implementation Description | Semantics | Units | Field Length (bytes) | Enterprise ID |
|---|---|---|---|---|
| connectionNumberOfConnections Number of TCP connections (3-way handshake) or UDP sessions established. | totalCounter | 1 | 9 | |
| connectionServerResponsesCountCurrently 1 | totalCounter | 1 | 10 | |
| connectionTransactionCompleteCountCurrently 1 | totalCounter | 1 | 21 |
| Custom IE Name and Implementation Description | Semantics | Units | Field Length (bytes) | Enterprise ID |
|---|---|---|---|---|
| connectionServerResponseDelay TCP: Round-trip time between SYN and SYN-ACK. UDP: Round-trip time between first onward and return packet. | MS | 4 | 11 | |
| connectionNetworkToServerDelay TCP: Round-trip time between SYN and SYN-ACK. UDP: Round-trip time between first onward and return packet. It is also called Server Network Delay (SND). | MS | 4 | 12 | |
| connectionNetworkToClientDelay TCP: Round trip between SYN-ACK and ACK. UDP: Round-trip time between first response and second request packet. It is also called Client Network Delay (CND). | MS | 4 | 13 | |
| connectionClientPacketRetransmissionCountCurrently 1 | totalCounter | 4 | 14 | |
| connectionClientToServerNetworkDelay Network Time/Network Delay is known as the round-trip time that is the summation of CND and SND. It is also called Network Delay (ND). | MS | 4 | 15 | |
| connectionApplicationDelay TCP: Round-trip time between SYN and SYN-ACK. UDP: Round-trip time between first onward and return packet. | MS | 4 | 16 | |
| connectionClientToServerResponseDelay The round-trip time that is the summation of CND and SND. | MS | 4 | 17 | |
| connectionTransactionDuration The flow displays the time difference between the first and last packet. | MS | 4 | 18 | |
| connectionTransactionDurationMin The flow displays the time difference between the first and last packet. | MS | 4 | 19 | |
| connectionTransactionDurationMax The flow displays the time difference between the first and last packet. | MS | 4 | 20 |
| Custom IE Name and Implementation Description | Semantics | Units | Field Length (bytes) | Enterprise ID |
|---|---|---|---|---|
| connectionServerOctetDeltaCount Server initiated byte count. If flow is lan to wan, Lan-Tx byte counter. If flow is wan to lan Lan-Rx byte counter. | deltaCounter | octets | 8 | 3 |
| connectionServerPacketDeltaCount Server initiated byte count. If flow is lan to wan, Lan-Tx byte counter. If flow is wan to lan Lan-Rx byte counter. | deltaCounter | packets | 8 | 4 |
| connectionClientOctetDeltaCount Server initiated byte count. If flow is lan to wan, Lan-Tx byte counter. If flow is wan to lan Lan-Rx byte counter. | deltaCounter | octets | 8 | 5 |
| connectionClientPacketDeltaCount Server initiated byte count. If flow is lan to wan, Lan-Tx byte counter. If flow is wan to lan Lan-Rx byte counter. | deltaCounter | packets | 8 | 6 |
| Custom IE Name and Implementation Description | Semantics | Units | Field Length (bytes) | Enterprise ID |
|---|---|---|---|---|
| applicationHttpHost http destination domain name | default | variable length | 8 | |
| applicationCategory Application group | default | variable length | 27 | |
| from-zone(source zone) Name for the flow when ZBF is configured | default | variable length | 22 | |
| to-zone(destination zone) Name for the flow when ZBF is configured | variable length | 23 | ||
| tag User-specified readable string/tag that can be specified when the ZBF rule is configured. If “tag” is not specified, an automatic tag will be created and exported. The automatic/default tag is constructed by concatenating | default | variable length | 24 | |
| overlay Overlay name the zone belongs to. | default | variable length | 25 | |
| direction Direction of the flow: outbound or inbound. | default | variable length | 26 |