Servers
- Last Updated: April 5, 2026
- 3 minute read
- Flowmon Products
- Flowmon Application Performance Monitoring
- Documentation
This section describes the configuration of IP addresses, ports, and protocols of monitored application servers. A new server can be added using the following button icon at the top: 
-
Name – the name of the server.
-
IP address – the IPv4 or IPv6 address of the server where the monitored application is running.
You can also enter a network address in the format IP/Mask. For IPv4, the mask must be a number between 0 and 32 (for example, 10.10.10.10/30), and for IPv6 a number between 0 and 64 (for example, fc00::0/60). -
Port — the TCP port number of the monitored application (usually 80 for HTTP, 443 for HTTPS, and 1433 for MS SQL).
-
Active – activation/deactivation of server monitoring.
-
Probe – the probes on which traffic is monitored.
-
Protocol – the monitored application protocol.
-
VLANs – if there is an 802.1q VLAN network and you want to analyze data only for selected VLAN networks, enter their numbers here, separated by commas. Example of input:
-
empty – monitoring data without VLAN tag only
-
'*' – monitoring data with any VLAN tag only
-
0, * – monitoring data with or without VLAN tag
-
123,456,789 – monitoring data with VLAN tag 123, 456, or 789
-
-
MPLS – if there is an MPLS network, enter the ID of the network containing the server traffic. MPLS cannot be combined with VLAN.
- Do not forget to set the Active field to YES both for the probe and the server.
- The configuration of an active server cannot be changed. Before making any changes to a server, deactivate it (set Active to NO) and save changes by clicking Save.
- Confirm the changes by clicking Save.
HTTPS protocol settings
To decrypt HTTPS traffic, you must insert the private key from the server on which the HTTPS connection is terminated.
-
SSL key – insertion of the key. The key must be in the PEM (pem, .key), DER (der), or PFX (pfx, .pkcs12, .p12) file format.
-
If the key is encrypted with a password, this password must be entered in the SSL password field, otherwise, leave this field blank.
-
Default SNI key – The default key is used for decrypting traffic with a domain name, which is not in the SNI configuration below.
-
If the server supports SNI (more virtual servers on the same IP address), by clicking the following button you can add a certificate for the specific domain name:
The first top key must be also inserted in this case. The first key is used for decrypting traffic without a domain name. As the first key, you can use one of the keys, which will be also inserted into one of the SNI entries.
A simple expression (explained under heading Filters of chapter Filter settings) can be used in the SNI field.
- Confirm the changes by clicking Save.
To decrypt HTTPS traffic, some other conditions must be met:
-
Client-side certificates must not be used for HTTPS encryption.
-
The RSA algorithm must be used for key exchange. It is not technically possible to decrypt traffic if DH/ECDH algorithms (Diffie-Hellman, Elliptic curves) are active. Algorithms can be enabled or disabled only on the server side.
For example, for an Apache server, it is the SSLCipherSuite configuration option.
SSLCipherSuite RSA:+HIGH:+MEDIUM:-LOW:!EXP:!NULL:!SSLv2:!DH:!ADH:!EDH
If the licensed limit of transactions per minute has been exceeded, adding and editing the server will be disabled for 24 hours.
The transaction value per minute is calculated every hour as an average over the last hour.