The arrows between the group or compute entity nodes represent the network traffic flows that have occurred between the compute entities during the selected time period.
Network traffic flows are based on the L3 distributed firewall (DFW) rules in place and the traffic flows that occurred during the selected time period. All network traffic flows that matched a stateful L3 DFW rule using IPv4 or IPv6 with TCP, UDP, GRE, ESP, and SCTP protocols are included in the visualization and flow details. TCP and UDP flows have IP and port level details and others have IP level details only.
You can view the details about the traffic flows in which a particular group or compute entity participated by right-clicking their node in the visualization graph and selecting Flow Details. The Flow Details table includes the information about the flows that have completed and flows that were active during the selected time period. The details also include the flow's source and destination information; services that were used; any Layer 7 (L7) application ID and FQDN information; the type of the latest flow, and when the flow ended.
| Flow Type | Graphic | Description |
|---|---|---|
| Unprotected |  |
A dashed red-hued arrow indicates that the system detected that the traffic flow encountered a rule (Source: Any | Destination: Any | Action: Allow or Reject or Drop) and that more granular security policies are needed. This rule can be your default rule, or it can reside anywhere in the East-West distributed firewall. |
| Blocked |  |
A solid blue-hued arrow indicates that the system detected that the traffic flow encountered a 'Reject' or 'Drop' rule that is more granular than the one mentioned in the 'Unprotected' flow definition. |
| Allowed |  |
A solid green-hued arrow indicates that the system detected that the traffic flow encountered an 'Allow' rule that is more granular than the one mentioned in the 'Unprotected' flow definition. |
To focus only on compute entities with certain types of traffic flows, use the Security view selection area to select which view type, and use the filter attribute to narrow down your selection.
If you deselect a flow type from the Flows section, the flow lines for that flow type are hidden from the displayed visualization graph. Unless filters are in effect that exclude certain objects, all group or compute entities remain displayed regardless of the traffic flow types that have occurred with those entities during the selected time period. For example, if you deselect the ‘Allowed’ flow type, all the "Allowed" flow lines are hidden in the graph. However, all NSX objects are still displayed, even those NSX objects that only had ‘Allowed’ traffic flows during the selected time period.
A flow arrow's direction indicates the source and destination of the detected traffic flow. When in Groups view, a self-referencing arrow on a group node indicates that at least one compute entity was communicating with another compute entity within that same group. In a Computes view, a self-referencing arrow indicates that an NSX object in the compute entity communicated with another NSX object in the same compute entity.
When you click a flow arrow, the Flow Details dialog box is displayed. It shows the details about the completed and active flows that occurred during the selected time period. To get more detailed information about the flow's source, destination, type of service, and the type of flow, click the links in the table.
