Traffic Flow Report

The traffic flow report provides detailed usage data for all objects inside a firewall policy, identifying the specific IP addresses of the source and destination objects, service name, protocols and ports. The TFA report displays 0.0.0.0 for a source or destination when the source / destination based on the syslog message cannot be matched. For example. the source is a name instead of an IP address. On the report, numbers in parenthesis are the hits from each host/port for that flow.

At least one rule in a policy must have traffic flow analysis enabled.

It takes time to gather useful usage data. Data collected in the first 10 minutes will not be as useful as data collected over a period of hours.

To run this report, complete the following steps.

  1. On the toolbar, click Reports > Reports Library.
  1. In the Reports Library table, click Traffic Flow Report.
  1. Complete the General section.
    1. The Name and Description fields are prepopulated, but can be changed.
    2. Select a Traffic Flow to associate to the report.
  2. Complete the Options section.
    1. The Network Address Granularity Percentage is set to 50%.
    1. Click the Section Heading keys to switch from including to excluding a specific section in a report. A blue key indicates inclusion.
  1. Select HTML, PDF, or CSV as the Report Format export type.
  2. Click Run Report.