Services flow cells can be customized on an individual cell basis by the user.

About this task

After flow analysis, users can associate any undefined protocol/port combinations and create a service. Service groups can be created for any of the services listed in the flows collected. For more information on modifying flow records see Flow Consolidation and Customization.

Prerequisites

Flow data must have been collected from a set of vNICs and VMs. See Create a Monitoring Session.

Procedure

After the flow state is Analysis Completed, the flow table is populated with data, in the Processed View. To customize cell data, hover the cursor over a cell. A gear icon appears in the right-hand corner of the cell. Click the gear icon in theService column and select one of the following options:

Option

Description

Resolve Services

If the port and protocol has been translated to multiple services, use this option to select the correct service.

Create Services and Replace

To add a service:

  1. Enter a name for the service.

  2. From the drop-down list, select the protocol.

  3. Enter the destination ports for the service.

  4. Click Advanced options to enter the source ports of the service. The source port is used to track of new incoming connections and data streams.

  5. Optional - check Enable inheritance to allow visibility at underlying scopes to create a common group or criteria can be reused at the level of individual Edges.

  6. Click OK and a new service is created and populated in the Service column. Note that if there are other flow records with the same undefined port and protocol combination you will be asked for confirmation to replace all of them with the newly created Service. This occurs only for the flows with undefined services found in the Analysis phase.

Create Services Group and Replace

You can create a new service group with the service from the flow included in it. Then, the new service group will replace the service. To add a service group:

  1. Enter a name for the service group.

  2. Optional - enter a description of the Service Group.

  3. Select the Object type.

  4. Select the available objects you want to be added to the Service Group and click the arrow to move the object to the Selected Objects column.

  5. A new services group is created and populated in the Service column.

Replace Service with Any

Replaces the specific service with any service.

Replace Service with Service Group

If the selected service is a member of multiple service groups, you select the specific service group you want to apply.

  1. Click the desired Service Group from the list of available objects.

  2. Click OK .

Revert Protocol and Port

Reverts any cell modifications back to the original data.

Results

The changed flow record has a pink bar on the side. When the curser is hovered over any cell which has been modified there is a green checkmark. Clicking the checkmark displays a pop-up window with the previous and new values for that cell. The modified flow record is easier to translate into firewall rules.

What to do next

Next, the flow record can be used to create firewall rules.

After flows have been modified, they can be further grouped together to get the smallest distinct working set. The Processed View is used to create Service Groups and IPSets and modify the flows. The Consolidated view further compresses these modified flows to make it easier to create firewall rules.