Limitations and Precautions for Flow Probe

Hardware Requirements

The flow probe function is supported by all models except the USG6510E/6510E-POE/6530E.

The USG6635E/6655E, USG6680E and USG6712E/6716E can collect only application-layer but not network-layer or transport-layer information about traffic.

The USG6635E/6655E, USG6680E and USG6712E/6716E do not support the Encrypted Communication Analytics (ECA) function.

License Requirements

The flow probe function is flow probe license-controlled. For details about the license control scope, see the License Control Items.

Component package Requirements

To use the flow probe function, you need to load the flow probe component package. For details about the component package, see Dynamic Loading.

Limitations

• If the flow probe license and component package are not loaded, the configuration items of the flow probe function are unavailable on the web UI.
• Currently, the flow probe supports application-layer information collection only for HTTP, SMTP, POP3, IMAP4, DNS, SSH, and SSL.
• The flow probe does not support the collection of information about hardware fast-forwarded traffic.
• The flow probe does not support the collection of traffic sent from or to the device.
• The flow probe does not support the collection of IPv6 traffic data.
• The flow probe cannot be used in a cluster scenario.
• The flow probe cannot be used in a hot standby scenario.

Precautions

• As the flow probe checks packets one by one, the forwarding performance of the device is affected. Therefore, when configuring the flow probe policy, you are advised to configure specific matching conditions to narrow the scope of traffic to be checked by the flow probe.
• The flow probe function of the FW supports the sending of only data in Metadata format. To send data in Netflow format to the HiSec Insight for analysis, you need to use the NetStream function of the FW to collect traffic information.
• The ECA function requires network layer, transport layer, and application layer detection be enabled.
• In a scenario where the flow probe is used to collect SSL-encrypted traffic information, if both the ECA function and the SSL-encrypted traffic detection function are configured, the new encrypted traffic information of the ECA function will not be collected, but the SSL-encrypted traffic detection function still takes effect.