Viewing Blocked and Protected Flows

The NSX-IPFIX integration enables the visibility of the blocked and protected flows in the system.
The basic filters in the
Security Planning
page are as follows:
  • All allowed flows
    : To see all the flows where firewall rules are set as
    Allowed
    , select this option. The
    All allowed flows
    option is the default option.
  • Dropped flows
    : This option helps to detect the dropped flows and planning the security in a better way.
  • Protected allowed flows
    : This option helps to detect all the flows which have a rule other than of the type
    any(source)
    any(dest)
    any(service)
    allow
    associated with it. Such flows are known as protected flows.
  • All unprotected flows
    : This option helps to detect all the flows that have the default rules of the type
    any(source)
    any(dest)
    any(service)
    allow
    . Such flows are known as unprotected flows.
The firewall rules are visible only for the allowed and unprotected flows.
For example, if you are in the planning phase and you want to see the allowed flows in the system, perform the following steps:
  1. On the Micro-Segmentation Planning page, for a particular group, select
    All Allowed Flows
    from the drop-down menu.
  2. Click the dropped flows in the topology diagram to see the corresponding recommended firewall rules.
  3. Implement those firewall rules by exporting them into the NSX manager.
The user interface of the Micro-Segmentation Planning page where the All
					Allowed Flows option is selected from the Flow Type drop-down menu.