Monitoring Egress Traffic

Controller 8.0 and the enablement of the DCF feature is required to monitor VPC/VNets.

On the Security > Egress > Egress VPC/VNets tab, you monitor onboarded VPC/VNets to apply egress and monitor the traffic of these VPC/VNets to the Internet.

Monitoring your VPC/VNets:

  • Applies local egress

  • Modifies the default route

  • Enables SNAT

  • Creates Monitor-VPCs Watch Rules against the selected VPC/VNets:

    • Monitor-VPCs-ICMP-Rule

    • Monitor-VPCs-UDP-Rule

    • Monitor-VPCs-Domains-Rule

  • Adds the VPC/VNets to the Monitored-VPCs SmartGroup

To monitor VPC/VNets:

  1. On the Security > Egress > Egress VPC/VNets tab, do one of the following:

    • Select one or more VPC/VNets and then select Monitor from the Actions menu.

    • Click Monitor in the Recommended Action column next to a VPC/VNet.

    The Monitor VPC/VNets dialog displays.

  1. Click Monitor.

The status changes to Monitored for this VPC/VNet on the Egress VPC/VNets tab.

A timestamp is displayed next to the VPC/VNet on the Egress VPC/VNets tab to indicate how long it has been monitored.

Disabling Monitoring of Egress Traffic

You disable monitoring for all VPCs/VNets by going to Security > Distributed Cloud Firewall > Policy and deleting the Monitor-VPCs Watch Rules that were created when monitoring was enabled. You cannot disable monitoring for individual VPC/VNets.