Powered by Zoomin Software. For more details please contactZoomin

Flowmon User Guide

Table of Contents

Network Services

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: May 5, 2026
  • 3 minute read
    • Flowmon Products
    • Flowmon
    • Documentation

Flowmon is an appliance-based solution for network visibility, traffic monitoring, reporting, analysis, and anomaly detection. Flowmon appliances provide and consume various network services to ensure maximal usability and benefits. This summary of all network services used by Flowmon should help to configure network services, firewall rules, or proxy servers.

Flow Collection

Ensure that there are no firewall or Access Control List (ACL) restrictions between flow sources (routers, Probes) and listening ports of the Flowmon Collector. The default ports are UDP/2055, UDP/3000, UDP/9996, and UDP/6343. You can add or remove additional ports if needed while configuring the appliance.

User Remote Access

Flowmon provides an HTTPS-based web interface to access the system through a modern web browser. HTTP is redirected to the HTTPS service. Ensure that TCP/443 is accessible. In addition to the web-based interface, Flowmon provides an SSH console. Ensure that TCP/22 is accessible. Do not forget to change the default passwords and consider access restrictions by the firewall or ACL.

Flowmon APM

There are two TCP ports used for communication between the APM Collector and APM Probe. TCP/20567 is used to send commands and TCP/20568 for data exchange. Communication is established as follows:

  • The APM Probe initiates the communication to the APM Collector on both ports.
  • The APM Collector initiates the communication to the APM Probe on TCP/20567.

Flowmon Packet Investigator

TCP/7001 and TCP/7998 are used to send commands between the Collector and Probes and TCP/7002 is used for data exchange. The FPI Collector listens on all these ports. The FPI Probe initiates the communication.

SNMP-based Monitoring

Flowmon includes standard SNMP monitoring through port UDP/161. SNMP is enabled by default and can be disabled if required by the user. We recommend changing the default SNMP community string when using SNMP monitoring. Flowmon also includes Zabbix agent running on port TCP/10050, which is disabled by default. To enable it, refer to Zabbix Agent section.

Time Synchronization

For precise network traffic monitoring, you must ensure time synchronization using an NTP service. Ensure that Flowmon can access defined NTP servers on port UDP/123. It is also possible to turn on a built-in NTP server on the Flowmon device (communicating on port UDP/123). The built-in NTP server is typically used for the time synchronization between the Flowmon Collector and Probes without direct access to an external NTP server. For configuration options, refer to the System Settings section.

Emails

Email notifications are available through a user-configured SMTP server. SSL/TLS security is available in addition to SMTP authentication or a custom SMTP server port. Use the “Send test email” feature to check your settings. We recommend configuring the SMTP server to enable notifications from the Flowmon appliance being sent to users with administrator permissions.

Alerts - Syslog and SNMP traps

In addition to email notifications, Flowmon can generate syslog messages in Common Event Format (CEF) or SNMP traps. The default port for syslog is UDP/514 and SNMP traps operate on port UDP/162. Both ports are configurable. Use the “Send testing syslog message” or “Send testing SNMP trap” options to ensure that third-party systems are able to receive alerts from Flowmon.

DNS

Flowmon uses configured DNS servers to automatically resolve IP addresses to corresponding domain names. We recommend using internal DNS servers to ensure local IP addresses are translated correctly. Flowmon must have access to the DNS server on port UDP/53.

Flowmon Networks Remote Services Portal

Flowmon operates the services.flowmon.com portal to provide automatic software updates, IP reputation feeds and WHOIS information. To take advantage of that, enable TCP/443 to services.flowmon.com or enable the usage of a proxy server in Flowmon.

LDAP-based Authentication

Flowmon supports external users defined in LDAP or Active Directory. The default ports are TCP/389 and TCP/636 when using LDAP over SSL. Both ports are configurable in the user interface. Use “Check Connection” to ensure that Flowmon can connect to the LDAP identity source.

TACACS+

Flowmon optionally allows user authentication against TACACS+ server. You can chance the default port of TCP/49 in the user interface.

External Data Storage

The Flowmon appliance can be connected to the external data storage using the Samba (CIFS) protocol. The default port of TCP/445 can be changed in the user interface.

Syslog Server

Flowmon is able to collect Syslog messages from external systems for the purpose of user identity parsing. You can add syslog clients by configuring the IP Address, protocol (TCP/UDP), and port.

IPSec

Flowmon is able to run an IPsec service to secure communication between Flowmon and external systems. For more information refer to the IPsec Service section.

Other Network Services

For further details about configuring Flowmon Remote Access, refer to the Remote Access section.

TitleResults for “How to create a CRG?”Also Available inAlert