Viewing Blocked and Protected Flows
The NSX-IPFIX
integration enables the visibility of the blocked and protected flows in the
system.
The basic filters in the
Security
Planning
page are as follows: - All allowed flows: To see all the flows where firewall rules are set asAllowed, select this option. TheAll allowed flowsoption is the default option.
- Dropped flows: This option helps to detect the dropped flows and planning the security in a better way.
- Protected allowed flows: This option helps to detect all the flows which have a rule other than of the typeany(source)any(dest)any(service)allowassociated with it. Such flows are known as protected flows.
- All unprotected flows: This option helps to detect all the flows that have the default rules of the typeany(source)any(dest)any(service)allow. Such flows are known as unprotected flows.
The firewall rules are visible
only for the allowed and unprotected flows.
For example, if you are in the planning phase and you
want to see the allowed flows in the system, perform the following steps: 
- On the Micro-Segmentation Planning page, for a particular group, selectAll Allowed Flowsfrom the drop-down menu.
- Click the dropped flows in the topology diagram to see the corresponding recommended firewall rules.
- Implement those firewall rules by exporting them into the NSX manager.
