Support User Manuals

SonicWALL 5.8.1 Microscope & Magnifier User Manual

Open as PDF

of 1490

Log > Flow Reporting

1375

SonicOS 5.8.1 Administrator Guide

no rules have the flow reporting option enabled, no data will be reported to the AppFlow

collector. This option is an additional way to control which flows are reported internally

or externally.

• Report On Connection OPEN—Select this checkbox to report flows when a connection is

opened. This is typically when a connection is established. Enabled by default.

• Report On Connection CLOSE—Select this checkbox to report flows when a connection

is closed. Enabled by default.

• Report Connection On Active Timeout—Select this checkbox to report flows when a

connection times out due to inactivity. Disabled by default.

–

Number Of Seconds—Enter the number of seconds for the timeout.

• Report Connection On Kilo BYTES Exchanged—Select this checkbox to report flows

when the configured number of kilobytes are transferred on the connection. This option is

useful for flows that are active for a long time and need to be monitored. Supported in IPFIX

with extensions mode.

–

Kilobytes Exchanged—Enter the number of kilobytes of data to be transferred on a

connection before being reported. Once enabled, the same flow is reported multiple

times whenever this number of kilobytes of data is transferred over the connection. This

could cause a large amount of IPFIX packet generation on a loaded system.

–

Report ONCE—To avoid the multiple reports described above in the Kilobytes

Exchanged field, select the Report ONCE checkbox to report only once per connection

for bytes based reporting. Leave it unselected if you want reports sent periodically.

• Report Connections On Following Updates—Select any of the following updates for

which to report flows:

–

Threat detection

–

Application detection

–

User detection

–

VPN tunnel detection

Other Report Settings

This section allows configuration of other conditions under which a connection is reported. This

section only applies to connection related flows.

• Report DROPPED Connection—Enable this to report flows that are dropped due to

DENY/BLOCK firewall rules. Enabling this option can cause a large amount of flow

generation for all kinds of non-TCP/UDP based traffic that is always denied.

• Skip Reporting STACK Connections—Enable this to skip the reporting of flows that are

used by the system stack for connections. All traffic initiated by the firewall itself is

considered stack traffic.

previous next