Flow monitoring is a traffic analysis tool that provides a detailed view of the traffic to and from protected virtual machines.

When flow monitoring is enabled, its output defines which machines are exchanging data and over which application. This data includes the number of sessions and packets transmitted per session. Session details include sources, destinations, applications, and ports being used. Session details can be used to create firewall to allow or block rules. You can view flow data for many different protocol types, including TCP, UDP, ARP, ICMP, and so on. Flows can be excluded by specifying filters. You can live monitor TCP and UDP connections to and from a selected vNIC. Live flow monitoring provides visualization of flows as they traverse a specific vNIC, enabling quick troubleshooting. Application context is also captured in live flow monitoring for flows that match an L7 firewall rule.