After you have viewed and filtered the flow monitoring data that you want to collect, you can configure data collection. You can filter the data being displayed by specifying exclusion criterion. For example, you may want to exclude a proxy server to avoid seeing duplicate flows. Or if you are running a Nessus scan on the virtual machines in your inventory, you may not want to exclude the scan flows from being collected. You can configure IPFix so that information for specific flows are exported directly from a firewall to a flow collector. The flow monitoring graphs do not include the IPFix flows. These are displayed on the IPFix collector's interface.

1

Log in to the vSphere Web Client.

2

Select Networking & Security from the left navigation pane and then select Flow Monitoring.

3

Select the Configuration tab.

4

Ensure that Global Flow Collection Status is Enabled.

All firewall related flows are collected across your inventory except for the objects specified in Exclusion Settings.

5

To specify filtering criteria, click Flow Exclusion and follow the steps below.

a

Click the tab corresponding to the flows you want to exclude. ip

b

Specify the required information.

If you selected

Specify the following information

Collect Blocked Flows

Select No to exclude blocked flows.

Collect Layer2 Flows

Select No to exclude Layer2 flows.

Source

Flows are not collected for the specified sources.

a

Click the Add icon.

b

In View, select the appropriate container.

c

Select the objects to exclude.

Destination

Flows are not collected for the specified destinations.

a

Click the Add icon.

b

In View, select the appropriate container.

c

Select the objects to exclude.

Destination ports

Excludes flows to the specified ports.

Type the port numbers to exclude.

Service

Excludes flows for the specified services and service groups.

a

Click the Add icon.

b

Select the appropriate services and/or service groups.

c

Click Save.

6

To configure flow collection, click IPFix and follow the steps below.

a

Click Edit next to IPFix Configuration and click Enable IPFix Configuration.

b

In Observation DomainID, type a 32-bit identifier that identifies the firewall exporter to the flow collector.

c

In Active Flow Export Timeout, type the time (in minutes) after which active flows are to be exported to the flow collector. The default value is 5. For example, if the flow is active for 30 minutes and the export timeout is 5 minutes, then the flow will be exported 7 times during its lifetime. Once each for creation and deletion, and 5 times during the active period.

d

In Collector IPs, click the Add (add) icon and type the IP address and UDP port of the flow collector.

e

Click OK.