How to enable Flow in Highlight
For further details see a description of Flow in Highlight.
Here is an overview of how to set up Flow in Highlight for the first time:
- Check with your Service Provider that your contract allows for Flow, and that the network devices involved can run Flow analysis without causing CPU issues.
- Install an Agent server to be used as a Flow collector, and make note of the IP address.
- Confirm there is network access from the routers to the collector without having the Flow packet address translated.
- Allow UDP port 9996 from the routers to the Flow collector.
- Allow TCP port 443 from the collector to your Highlight System.
- Assign the collector to the Highlight folder structure using Edit this Folder then Agent selection.
- Configure each router for Flow, using the IP address of the collector as Flow destination. Also specify the Flow packet source interface in the configuration, which is used by the router as source IP address of every Flow packet sent to the collector, and is configured in Highlight.
- If each router does not have a Highlight entry, create a new watch in Highlight.
- (See warning below) Edit the watch in Highlight to add Flow via the Edit Watch Applications tab, using the IP address of the configured Flow source interface.
If results do not appear as expected, then follow our Flow Troubleshooting procedures.
Flow can cause a high CPU load on the router so the location needs to have a device which is adequately sized for the volume of traffic expected.
If you are planning to enable Flow on a number of devices we suggest selecting the busiest device for each model to check it can handle the additional CPU load.
WAN interface is encrypted or encapsulated, including MPLS
If you want to analyse application traffic using the WAN interface but all traffic is either encrypted or encapsulated, adjust the normal process as follows: