Flow/Profiling
This is a very powerful feature allowing white-listed flows to be matched to a set of defined IP addresses. It is very configurable in both the definitions of the selected "entries" that are going to have their flows checked against and the definition of the "acceptable flow"
It has been found the best way to start into Flow Profiling is to select one type of device and a single ip of this type. In retail this might be a Point of sale. Then build a profile based on flows out of the device ip.
The Feature IP Viewer has been built to be used to allow the presentation the outbound sessions created over time
Talking this address a defined set of acceptable flows can be built.
Flow Profiling Definitions
Entry This is the definition of the set of IP addresses that are to be profiled
Allowed This is the definition of the flows that can match ans pass without causing an exception
Hits This is the number of flow records that have matched the allowed flows
Exceptions This is the flow records that have not matched the Allowed Flow record template
Alert This is to decide if exceptions are stored in the alerts
Flow Object This is the grouping of a series of flows that can be called by the profilier
This first thing that has to be done is define the entry to do this we need to introduce another component of the system and that is a flow object
A flow object is a way to group together a number of flow definitions so that they can be called into the profiler and makes it simpler and neater to understand the profiling template. This is more obvious when dealing with devices with large dispersed sessions.
The Profiling page has a set of three tabs Config Apps/Objects IP Viewer to allow navigation to sections to develop Flow Objects