SonicWALL 5.8.1 Microscope & Magnifier User Manual


  Open as PDF
of 1490
 
Log > Flow Reporting
1375
SonicOS 5.8.1 Administrator Guide
no rules have the flow reporting option enabled, no data will be reported to the AppFlow
collector. This option is an additional way to control which flows are reported internally
or externally.
Report On Connection OPEN—Select this checkbox to report flows when a connection is
opened. This is typically when a connection is established. Enabled by default.
Report On Connection CLOSE—Select this checkbox to report flows when a connection
is closed. Enabled by default.
Report Connection On Active Timeout—Select this checkbox to report flows when a
connection times out due to inactivity. Disabled by default.
Number Of Seconds—Enter the number of seconds for the timeout.
Report Connection On Kilo BYTES Exchanged—Select this checkbox to report flows
when the configured number of kilobytes are transferred on the connection. This option is
useful for flows that are active for a long time and need to be monitored. Supported in IPFIX
with extensions mode.
Kilobytes Exchanged—Enter the number of kilobytes of data to be transferred on a
connection before being reported. Once enabled, the same flow is reported multiple
times whenever this number of kilobytes of data is transferred over the connection. This
could cause a large amount of IPFIX packet generation on a loaded system.
Report ONCE—To avoid the multiple reports described above in the Kilobytes
Exchanged field, select the Report ONCE checkbox to report only once per connection
for bytes based reporting. Leave it unselected if you want reports sent periodically.
Report Connections On Following Updates—Select any of the following updates for
which to report flows:
Threat detection
Application detection
User detection
VPN tunnel detection
Other Report Settings
This section allows configuration of other conditions under which a connection is reported. This
section only applies to connection related flows.
Report DROPPED Connection—Enable this to report flows that are dropped due to
DENY/BLOCK firewall rules. Enabling this option can cause a large amount of flow
generation for all kinds of non-TCP/UDP based traffic that is always denied.
Skip Reporting STACK Connections—Enable this to skip the reporting of flows that are
used by the system stack for connections. All traffic initiated by the firewall itself is
considered stack traffic.