A monitoring session collects all incoming and outgoing flows for up to 30 vNICs in a given session.


Before starting a monitoring session, you need to define the VMs and vNICs that need to be monitored.

VMware Tools must be running and current on your Windows desktop VMs.

Selected VMs need to be in a cluster that has firewall enabled (they cannot be on the exclude list).

A default firewall rule of "any allow" that applies to the selected vNICs must be created for the duration of the monitoring session, so that flows to and from the vNICs are not dropped by any other firewall rule.


  1. Log in to the vSphere Web Client, and navigate to Application Rule Manager.
    • In NSX 6.4.1 and later, navigate to Networking & Security > Security > Application Rule Manager.
    • In NSX 6.4.0, navigate to Networking & Security > Tools > Flow Monitoring > Application Rule Manager.
  2. Click Start New Session.
  3. In the Start New Session dialogue box, enter a name for the session.
  4. Select either vNICs or VMs as the object type.
    The Available Objects column is populated with the available objects.
  5. Select the vNICs or VMs you want monitored. The selected vNICs or VMs move to the Selected Objects column.
  6. Click OK to begin collecting flows.
    The status is now Collecting Data. The latest set of flows collected is shown in the flow table.
  7. Click Stop to end collecting flows.


A flow monitoring session has been created for the selected vNICs and VMs.

What to do next

After collecting flows, analyze the flows.