Version 13.0

Introduction

Flowmon 13.0 delivers a set of new features and improvements to optimize functionality and user experience:

• New operating system to provide modern system libraries, a modern kernel, and address CentOS 7 end-of-life.
• New collector engine to accelerate query speed and boost the analytical capabilities of the Monitoring Center.
• Flowmon homepage and navigation redesign to improve navigation through the product.
• Analysis page enhancements to make your analysis more precise.
• Investigations - a new, structured way to analyze data and streamline root cause analysis.
• More accurate and detailed traffic insights through new Chapter processing.
• Enhanced Alerts engine with a sliding window mechanism for faster, more flexible, and precise detection.
• Streamlined granularity and unified data quotas for Profiles.
• Improved layout, clearer visual representation, and best-practice guidance for network Topologies.
• Flow enrichment with DNS information for clearer identification of services, especially in CDN and shared-hosting environments.
• Azure VNet flow logs support for future-proofed, detailed traffic visibility across subnets and virtual machines.
• Expanded protocol visibility to provide deeper traffic insights.
• Monitoring ports redesign to simplify configuration, improve reliability, support larger deployments, provide clearer status reporting, and improve UI responsiveness.
• Quota manager redesigned to resolve long-standing usability and performance issues.
• Time settings enhancements to ensure accurate timestamping across flow data, logs, alerts, and reports.

Let us know your feedback

Customers helped to choose and validate some of the features that went into this release and we want to hear from you to continue to improve Flowmon. You can request to join and participate in pre-release activities on the Flowmon Customer Validation Program (CVP) and vote for and submit your product ideas on our ideas portal. Thank you for helping to make Flowmon better!

Release history

• 13.0.9: Released 27th May 2026
• 13.0.8: Released 5th May 2026
• 13.0.7: Released 10th April 2026
• 13.0.6: Released 2nd April 2026
• 13.0.5: Released 17th March 2026
• 13.0.4: Released 5th March 2026
• 13.0.3: Released 16th February 2026
• 13.0.2: Released 12th December 2025
• 13.0.1: Released 26th November 2025
• 13.0.0: Released 12th November 2025

What’s new in Flowmon 13.0?

New Operating System (OS)

Flowmon OS is built on Rocky Linux 9, delivering updated system libraries and a modern kernel while eliminating the end-of-life limitations of CentOS 7 (used in Flowmon 12).

New collector engine - expanded capabilities and performance

The underlying query engine has been optimized for faster execution, significantly reducing wait times during analysis. Furthermore, users benefit from an expanded set of parameters and aggregation options, offering deeper insights and more tailored views of network traffic. The update introduces IP Indexing support for all real profiles, enhancing searchability and filter precision. These changes collectively improve the usability and analytical power of the FMC Analysis page.

Flowmon homepage and navigation redesign

The Flowmon homepage and central menu have been redesigned to enable faster, more direct navigation to the desired product pages.

Analysis page enhancements

The Analysis page now offers greater flexibility and visibility for users. A key improvement is the ability to manually adjust the granularity of chart data (ranging from 1 day down to 30 seconds) enabling more precise time-based analysis. Previously, protocol charts were only available for 5-minute profiles on Flowmon 12, but they are now accessible across all profiles. Users can also choose to display or hide 'Not Applicable (N/A)' values, allowing better control over flows that lack values in aggregation fields such as Hostname.

Investigations

Investigations provide a structured way to analyze network data by linking multiple queries into a coherent workflow. You begin with a root analysis step and can drill down into subsequent queries to explore related data paths. This approach simplifies complex troubleshooting and enables a more intuitive exploration of network behavior. Investigations can be saved, exported, imported, and shared across tenants, making collaboration and reuse seamless.

Advanced filtering with variables

A key enhancement in Investigations is the introduction of variables, which allow dynamic and centralized control over filters. You can assign variables to filters and adjust them in one place, automatically recalculating results across all dependent steps. Additionally, reference variables enable powerful chaining of queries by extracting specific values, such as the top IP address from one step—and applying them as filters in subsequent queries. This makes multi-step analysis more flexible and responsive to evolving data insights.

Starting investigations

To open the Investigation panel, click Start investigation located to the right of the Process button on the analysis page. Begin by processing the query in the root step — select an interval and apply filters as needed. You can add additional steps using the + icon in the top-right corner of the step box or using the context menu on the results table. Do not forget to save your investigation to prevent it from being automatically deleted after one day.

Investigations management

Flowmon 13 introduces an Investigations table in Dashboards and Reports, where you can manage saved and unsaved investigations. You can edit, duplicate, export, delete, or load investigations for deeper analysis. Unsaved investigations are temporary and removed after 24 hours unless saved. Access control lets you share investigations within your tenant or keep them private.

Chapters update – enhanced accuracy and visibility

This release introduces a new backend for chapter processing, significantly improving the accuracy of aggregated data across dashboards and reports. A major enhancement is the 5-minute granularity for the last 24 hours in TOP chapters, offering sharper visibility into recent traffic trends and anomalies. This change directly benefits FMD dashboards and scheduled reports by providing more detailed insights. As a result of these improvements, the minimum required disk space has increased, ensuring sufficient capacity for storing higher-resolution data.

Alerts engine overhaul

This release introduces a new backend for the Alerts engine, delivering improved accuracy in evaluating aggregated flow data. The traditional slot-based logic has been replaced with a sliding window mechanism, allowing for more dynamic and responsive alerting. Users can now define a custom time interval ranging from 30 seconds to 1 day, and set an evaluation rate to determine how frequently the system checks the last interval for matching alert conditions. This enables more granular and timely detection of anomalies.

Improved triggering logic and control

Thanks to changes in how data is processed during the active timeout, alerts can now be triggered immediately as data arrives or after full data collection, depending on the configuration. Additionally, the blocking behavior for subsequent alert triggers has been redesigned, offering flexible options from no blocking to intervals between 30 seconds and 1 day. These enhancements provide users with greater control over alert sensitivity and frequency, ensuring that critical events are captured without unnecessary noise.

FMC profiles update – streamlined granularity and unified data quota

Starting with this release, FMC profiles have been streamlined to a single granularity configuration: 30 seconds for the last 3 months, and 5 minutes for up to 5 years. This simplification enhances usability and ensures consistent data resolution across time ranges. Additionally, chart and flows data quotas have been merged, providing a unified allocation model. Each channel now guarantees a minimum of 150 MB, ensuring sufficient capacity for both statistical visualization and flow data retention.

Topologies improvements

The Topologies section in Flowmon 13.0 introduces a more streamlined and informative layout compared to version 12.5. The updated documentation now includes clearer visual representations of network topologies, enhanced descriptions of topology types (such as inline, out-of-band, and hybrid deployments), and improved guidance on deployment scenarios. Additionally, the new version emphasizes best practices for configuring topologies in complex environments, offering more actionable insights for optimizing performance and visibility.

Flow enrichment with DNS information

Flowmon 13 enriches flow records with domain name information derived from DNS traffic. When enabled, you can see the fully qualified domain names (FQDNs) in the src hostname and dst hostname fields in addition to IP addresses in flow data. This is particularly useful for identifying specific services in environments where multiple domains share the same server, such as Content Delivery Networks (CDNs).

Enabling DNS enrichment

Go to Configuration Center > Monitoring Center > Collector > Processing Modules and enable the Add DNS information option.

Azure VNet flow logs support

Flowmon 13 adds native support for Azure Virtual Network (VNet) flow logs, replacing the deprecated NSG flow logs which Microsoft plans to retire by September 2027. The Flowmon Collector now ingests VNet flow logs through the Azure Monitor diagnostic settings, enabling detailed traffic visibility across subnets and virtual machines. To ensure correct configuration, the system blocks updates if NSG flow log collection is still active within Flowmon.

Supported flow fields changes

Flow field handling and protocol visibility were expanded to improve traffic analysis and exporter correlation. Key changes include:

• Variable-length string fields: The Flowmon Probe can now generate string fields with variable length, and the Flowmon Collector can ingest and store these variable-length fields reliably, improving accuracy for fields such as HTTP host, URL, and user agent, reducing truncation-related data loss, enabling more efficient storage for short values, and improving compatibility with modern exporters.
• IoT and industrial protocols: Added Layer 7 visibility for Modbus, DNP3, S7COMM, and MQTT to improve monitoring of industrial and IoT traffic.
• QinQ support: The Flowmon Probe exports both S-TAG and C-TAG for QinQ traffic, and the Collector stores both values in separate fields for accurate origin identification.
• X-Forwarded-For header parsing: Flowmon now parses the X-Forwarded-For HTTP header and preserves the original client IP address when the header is present. To capture both IPv4 and IPv6 values from the X-Forwarded-For header, Flowmon 13 introduces two dedicated fields: http-xforward4 for IPv4 addresses and http-xforward6 for IPv6 addresses.
• Observation Domain ID: The Collector stores IPFIX element 49 (Observation Domain ID) in the source-id field to help correlate flows with specific exporter instances, including setups using multi-core exporters.
• Flow End Reason: The Flowmon Probe exports IPFIX element 136 (Flow End Reason) with every flow record and the Collector stores the value for understanding reason for the flow termination.

For a full reference and more details about supported fields, visit the Flowmon Supported Flow Standards.

Monitoring ports redesigned

Flowmon redesigned monitoring ports to simplify configuration, improve reliability, support larger deployments, provide clearer status reporting, and improve UI responsiveness. The redesign also adds automation-friendly APIs and reduces operational risk when interfaces change.

Key changes and benefits:

• REST API improvements: New and enhanced API endpoints let you create, update, and bulk-manage monitoring ports programmatically, with stable identifiers for automation.

• Reusable settings: You can create reusable Autonomous System lists, traffic filters, and TLS certificates and apply them across monitoring ports to speed up deployment, enforce consistent policy, and reduce configuration errors.

• Independent IPv4 and IPv6 settings: You can configure IPv4 and IPv6 monitoring port settings independently to match dual-stack deployments and policy requirements.

• Global flow export targets: Flow export targets can be defined at the global level (not only per-port as in previous versions) which simplifies large-scale target management and reduces duplication.

• Interface type selection (10/20/40 GbE PRO hardware appliances purchased between January 2020 and April 2024): You can choose between:

  • DPDK:
    • Supports MTU greater than 3000
    • No IP configuration
  • XDP:
    • Supports IP configuration
    • MTU up to 3000

  On HW PRO models, the system sets the maximum allowed MTU as the default value for each interface type. During the update, your custom MTU settings migrate automatically.

• Interface mapping and index stability: During update, existing interface index settings are migrated automatically where possible, but process may be affected by incompatible interfaces replacement on virtual appliances. For more information refer to the Incompatible Interface Type on Virtual Appliance in the Flowmon 13 User Guide.

Configuring monitoring ports

To set up monitoring ports, go to Configuration Center > Monitoring Ports. There are four tabs on the top of the page:

• Monitoring ports: Configure general port settings such as flow export targets, IPv4 and IPv6 addresses, MTU, and scope. Most settings can be configured at the global level or per monitoring port.
• Filters: Define export filters that you can reuse across multiple flow export targets.
• Certificates: Define CA and TLS certificates used to secure TLS connections to flow export targets.
• Autonomous System lists: Define custom Autonomous System lists for reuse with monitoring ports.

For detailed information about configuring monitoring ports, refer to the Monitoring Ports in the Flowmon 13 User Guide.

Quota Manager changes

The Quota Manager in Flowmon 13 was significantly redesigned to resolve long-standing usability and performance issues:

• UI redesign: The interface was rebuilt for better usability and responsiveness, especially when managing large numbers of quotas.
• Retention visibility: The GUI shows the retention period for each quota and time remaining before it is exceeded.
• Visual feedback: The GUI highlights quota states (green for valid changes and yellow when exceeding available space) to guide configuration decisions.
• Runtime behavior: The system provides automatic notifications and suspends modules that exceed their disk quotas.

Configuring disk quotas

To configure disk quotas, go to Configuration Center > Resource Manager. You can edit quota values directly by changing the value and unit for each quota item.

For detailed information about configuring disk quotas, refer to the Resource Manager section in the Flowmon 13 User Guide.

Time settings enhancements

Flowmon 13 introduces improved time configuration capabilities to ensure accurate timestamping across flow data, logs, alerts, and reports. Users can now set the system timezone directly within the setup interface, aligning Flowmon timestamps with local infrastructure. Enhanced NTP server configuration allows for both DHCP-based and manual entry of trusted time sources, including internal or public NTP servers. Previously only two NTP servers could be configured, now multiple NTP servers can be used.

The default NTP servers are:

• 0.rocky.pool.ntp.org
• 1.rocky.pool.ntp.org
• 2.rocky.pool.ntp.org
• 3.rocky.pool.ntp.org

Feature cleanup

Several legacy features have been removed to simplify management and improve consistency:

• The Business Hours setting of the Reports feature has been removed.
• Localizations to German, French, and Spanish languages have been removed.
• In the Traffic chapter, Volumetric and Network Performance settings have been eliminated - these are now fully managed through Widgets or FMD chapters.
• Blacklists (the option when configuring a Report Chapter) have been removed and can now be substituted using flexible filter configurations.
• Azure NSG flow logs collection functionality has been removed and replaced with Azure VNet flow logs collection.
• The VoIP page has been removed from the Flowmon Monitoring Center because of low usage, performance limitations, and the declining relevance of SIP-based VoIP protocols.
• The Memory Manager page has been removed from the Flowmon Configuration Center. This legacy component (previously used for quota-based memory allocation in ADS and DDoS Defender) was deprecated because of limited usage. Autoconfiguration now handles memory management more efficiently.

Other changes - Flowmon 13.0.9

• Flowmon Data Retention 13.0.0 is not compatible with Flowmon 13.0.9. Update Flowmon Data Retention to version 13.0.1 or newer before updating to Flowmon 13.0.9.
• The OS kernel was updated to version 5.14.0-611.55.1.el9_7, fixing CVE-2026-43284, CVE-2025-39766, and CVE-2025-68741.
• The axios library was updated to version 1.15.0, fixing CVE-2025-62718.
• The crun package was updated to version 1.27-1.el9_7, fixing CVE-2026-30892.
• The gdk-pixbuf2 package was updated to version 2.42.6-6.el9_7.1, fixing CVE-2026-5201.
• The libarchive package was updated to version 3.5.3-9.el9_7, fixing CVE-2026-4424.
• The libtiff package was updated to version 4.4.0-15.el9_7.3, fixing CVE-2026-4775.
• The openssh package was updated to version 8.7p1-49.el9_7, fixing CVE-2026-3497.
• The vim package was updated to version 8.2.2637-23.el9_7.3, fixing CVE-2026-28417, CVE-2026-28421, and CVE-2026-33412.

Other changes - Flowmon 13.0.8

• The OS kernel was updated to version 5.14.0-611.47.1.el9_7, fixing CVE-2022-50445, CVE-2023-53752, CVE-2023-53781, CVE-2025-38024, CVE-2025-38129, CVE-2025-38180, and CVE-2025-38206.
• The aiohttp library was updated to version 3.13.5, fixing CVE-2026-22815, CVE-2026-34513, CVE-2026-34514, CVE-2026-34515, CVE-2026-34516, CVE-2026-34519, CVE-2026-34520, and CVE-2026-34525.
• The axios library was updated to version 1.15.0, fixing CVE-2026-40175.
• The basic-ftp library was updated to version 5.2.2, fixing CVE-2026-39983 and CVE-2026-41324.
• The brace-expansion library was updated to version 5.0.5, fixing CVE-2026-33750.
• The Chromium package was updated to version 147.0.7727.101, fixing CVE-2026-3536, CVE-2026-4676, CVE-2026-4678, CVE-2026-4680, CVE-2026-5281, CVE-2026-5282, CVE-2026-5860, CVE-2026-5862, CVE-2026-5863, CVE-2026-5865, CVE-2026-5871, CVE-2026-5873, and CVE-2026-5874.
• The curl library was updated to version 8.19.0, fixing CVE-2026-1965.
• The dompurify library was updated to version 3.4.0, fixing CVE-2025-15599 and CVE-2026-0540.
• The follow-redirects library was updated to version 1.16.0, fixing GHSA-r4q5-vmmm-2653.
• The gnutls package was updated to version 3.8.3-10.el9_7, fixing CVE-2025-32989 and CVE-2025-32990.
• The immutable library was updated to version 3.8.3, fixing CVE-2026-29063.
• The libarchive package was updated to version 3.5.3-9.el9_7, fixing CVE-2026-5121.
• The lodash library was updated to version 4.18.1, fixing CVE-2026-2950.
• The minimatch library was updated to version 3.1.5, fixing CVE-2026-26996, CVE-2026-27903, and CVE-2026-27904.
• The Node.js runtime was updated to version 22.22.2.
• The openssl library was updated to version 3.6.2, fixing CVE-2026-31789.
• The picomatch library was updated to versions 2.3.2 and 4.0.4, fixing CVE-2026-33671.
• The Puppeteer library was updated to version 24.42.0.
• The pyca/cryptography library was updated to version 46.0.7, fixing CVE-2026-34073.
• The python3.12 package was updated to version 3.12.12-4.el9_7.2, fixing CVE-2026-4519.
• The serialize-javascript library was updated to version 7.0.5, fixing CVE-2020-7660 and CVE-2026-34043.

Other changes - Flowmon 13.0.7

• The OS kernel was updated to version 5.14.0-611.41.1.el9_7, fixing CVE-2025-39818, CVE-2025-68800, CVE-2025-38106, and CVE-2026-23001.

Other changes - Flowmon 13.0.6

• Flowmon 12.5.8 is the minimum required Flowmon 12 version for updating to Flowmon 13.0.6 and newer.
• CVE-2026-2737 was fixed: A vulnerability that allowed authenticated administrators to inadvertently trigger unintended actions within the Flowmon web application after clicking a malicious link provided by an attacker.
• CVE-2026-3692 was fixed: A vulnerability that allowed an authenticated low-privileged user to craft a request during the report generation process, resulting in unintended commands being executed on the server.
• Fixed a vulnerability in the PDF generation process that could allow an authenticated adversary with access to the GUI to cause the server to initiate unintended requests.
• The OS kernel was updated to version 5.14.0-611.36.1.el9_7, fixing CVE-2025-40304 and CVE-2025-40322.
• The glibc package was updated to version 2.34-231.el9_7.10, fixing CVE-2026-0861, CVE-2025-15281, and CVE-2026-0915.
• The libpng package was updated to version 1.6.37-12.el9_7.2, fixing CVE-2026-25646, CVE-2026-22695, and CVE-2026-22801.
• The vim package was updated to version 8.2.2637-23.el9_7, fixing CVE-2026-25749.
• The podman package was updated to version 5.6.0-14.el9_7, fixing CVE-2025-61729, CVE-2025-61726, CVE-2025-61728, and CVE-2025-68121.
• The Chromium package was updated to version 146.0.7680.153, fixing CVE-2026-3536, CVE-2026-3545, CVE-2026-3926, and CVE-2026-3924.
• The Puppeteer library was updated to version 24.40.0.
• The python3.12 package was updated to version 3.12.12-4.el9_7.1, fixing CVE-2025-12084.

Other changes - Flowmon 13.0.4

• XML configuration import now validates the source Flowmon version: imports from Flowmon 12.5 and newer are supported without limitations, imports from Flowmon 12.0 to 12.4 are allowed with a warning, and imports from older Flowmon versions are blocked to prevent incompatible configurations.
• The OS kernel was updated to version 5.14.0-611.30.1.el9_7, fixing CVE-2025-40248, CVE-2025-40258, CVE-2025-40269, CVE-2025-40294, and CVE-2025-40318.
• The PostgreSQL package was updated to version 17.8, fixing CVE-2026-2004, CVE-2026-2005, and CVE-2026-2006.
• The axios package was updated to version 1.13.5, fixing CVE-2026-25639.
• The ajv package was updated to version 8.18.0, fixing CVE-2025-69873.
• The minimatch package was updated to version 10.2.3, fixing CVE-2026-26996.
• The basic-ftp package was updated to version 5.2.0, fixing CVE-2026-27699.
• The Chromium package was updated to version 144.0.7559.234, fixing CVE-2026-2441 and CVE-2026-3063.

Other changes - Flowmon 13.0.3

• Profile Backup and Restore is now functional and does not block the update if configured in Flowmon 12.5. For detailed information, refer to the Flowmon 13 User Guide.
• IPsec service is now functional and does not block the update if configured in Flowmon 12.5. For detailed information, refer to the Flowmon 13 User Guide.
• The Monitoring Center UI now displays information about lost or corrupted packets for listening ports.
• The OS kernel was updated to version 5.14.0-611.24.1, fixing CVE-2022-50616, CVE-2025-39966, CVE-2025-40176, CVE-2025-39979, CVE-2025-39925, and CVE-2025-38499.
• The Zabbix agent was updated to version 7.0.22.
• The react-router package was updated to version 7.12.0, fixing CVE-2026-22030, CVE-2026-22029, CVE-2026-21884, CVE-2025-68470, and CVE-2025-59057.
• The glib2 package was updated to version 2.68.4-18.el9_7.1, fixing CVE-2025-13601.
• The lodash package was updated to version 4.17.23, fixing CVE-2025-13465.
• The openssl package was updated to version 3.5.1-7, fixing CVE-2025-15467 and CVE-2025-11187.
• The urllib3 package was updated to version 2.6.3, fixing CVE-2026-21441.
• The aiohttp package was updated to version 3.13.3, fixing CVE-2025-69223, CVE-2025-69227, CVE-2025-69228, and CVE-2025-69229.
• The libpng package was updated to version 1.6.37-12.el9_7.1, fixing CVE-2025-66293.
• The httpd package was updated to version 2.4.62-7.el9_7.3, fixing CVE-2025-58098 and CVE-2025-55753.
• The gnupg2 package was updated to version 2.3.3-5.el9_7, fixing CVE-2025-68973, CVE-2026-24881, and CVE-2026-24882.
• The php package was updated to version 8.3.30, fixing CVE-2025-14180, CVE-2025-14178, and CVE-2025-14177.
• The podman package was updated to version 5.6.0-12.el9_7, fixing CVE-2025-58183 and CVE-2025-47913.
• The openssh package was updated to version 8.7p1-47.el9_7.rocky.0.1, fixing CVE-2025-61984.

Other changes - Flowmon 13.0.2

• Flowmon 12.5.7 is the minimum required Flowmon 12 version for updating to Flowmon 13.0.2 and newer.
• The js-yaml library was updated to version 4.1.1, fixing CVE-2025-64718.
• The shadow-utils package was updated to version 4.9-15.el9, fixing CVE-2024-56433.
• PostgreSQL package was updated to version 17.7-1, fixing CVE-2025-12818 and CVE-2025-12817.
• The jsonwebtoken package was updated to version 3.2.3, fixing CVE-2025-65945.
• The mdast-util-to-hast package was updated to version 13.2.1, fixing CVE-2025-66400.

Other changes - Flowmon 13.0.1

• The js-yaml library was updated to version 3.14.2, fixing CVE-2025-64718.
• The glob library was updated to version 11.1.0, fixing CVE-2025-64756.

Other changes - Flowmon 13.0.0

• During updates, the GUI language is now used as the preferred language, and chapter names and descriptions will reflect this choice.
• Email timeout is configurable and email server verification may be forced in FCC - Email Settings.
• The sqlite library was updated to version sqlite-3.34.1-8.el9_6.x86_64, fixing CVE-2023-7104.
• Security configuration of Docker was improved to prevent potential privilege escalation scenarios.
• The Puppeteer library was updated to version 24.28.0, fixing CVE-2024-37890.
• The cryptography package was updated to version 45.0.7.
• The tar-fs package was updated to version 3.1.1, fixing CVE-2025-48387.

Fixed issues

Issues fixed in Flowmon 13.0.9

Ticket Number	Issue Topic	Issue Details	Resolution Details
01883049	Update/Installation	The update could fail with an "Unsupported certificate type" error when an HTTPS certificate used the ecdsa-with-SHA256 signature algorithm.	HTTPS certificates using the ecdsa-with-SHA256 signature algorithm are now accepted during the update.
-	Update/Installation	On appliances with Flowmon Data Retention 13.0 installed, updating to Flowmon 13.0.9 could result in the UI being unavailable.	Flowmon 13.0.9 now requires Flowmon Data Retention 13.0.1 or newer.
01877593	Update/Installation	On appliances with a 5 GB root partition and /var stored on the data partition, pkg_install.log was not migrated during the update.	The update now migrates pkg_install.log correctly on appliances that use this partition layout.
01883912	Collector	After flow data cleanup adjusted the stored channel start times, the Collector could overwrite the corrected value with an older one, causing incorrect time range information.	The Collector now preserves the correct channel start times after cleanup adjustments.
01884497	Monitoring Center	Under high database load, quota reports in the Monitoring Center could be missed.	Quota reports in the Monitoring Center are now generated reliably under higher database load.
01883552	Monitoring Center	TOP chapter computations using shadow channels could incorrectly report that no data was available.	TOP chapter computations now return data correctly for shadow channels.
01890397	Monitoring Ports	On hardware appliances with older Mellanox 100 GbE adapters, Monitoring Ports could report an unrealistically high maximum MTU value.	Monitoring Ports now use a valid maximum MTU value for affected adapters.
01890397	Monitoring Ports	On specific hardware appliances combining Intel X710 and Mellanox adapters, unsupported X710 interfaces could be offered as monitoring ports.	Unsupported X710 interfaces are no longer offered as monitoring ports on affected appliances.
01884497	Update/Installation	During migration to Flowmon 13, the update could fail because the Monitoring Port service took too long to stop during configuration import.	The Monitoring Port service now stops correctly during the update, preventing this failure.
01885630	Update/Installation	The pre-installation check could report a false error when a TOP chapter name contained the | character.	The pre-installation check now validates TOP chapters with this character correctly.
01891257	Update/Installation	On Flowmon 12 appliances with a 5 GB root partition, the update to Flowmon 13 could fail because bind-mounted files were not available to migration scripts.	The update now makes bind-mounted files available to migration scripts on affected appliances.
01891257	Update/Installation	The update from Flowmon 12.5 could fail when a scheduled report had an empty name.	Scheduled reports with an empty name no longer block the update.
-	Monitoring Ports	When advanced flow forwarding was configured, the flow sampling rate was always saved as 1.	Advanced flow forwarding now stores the configured flow sampling rate correctly.
-	Monitoring Center	Quota recommendations for report chapters could be much higher than the actual disk space required.	Quota recommendations for report chapters were reduced to better match real disk usage.
01892465	Collector	In environments receiving sFlow records without a destination AS path, the Collector could generate excessive warning messages in logs.	The Collector no longer generates repeated warning messages for these records.

Issues fixed in Flowmon 13.0.8

Ticket Number	Issue Topic	Issue Details	Resolution Details
01883049	Update/Installation	Migration from Flowmon 12 could fail with an "Unsupported certificate type" error when the Apache HTTPS certificate used the ecdsa-with-SHA256 signature algorithm.	A pre-installation check was added to detect incompatible Apache HTTPS certificates using the ecdsa-with-SHA256 signature algorithm and prevent update failure.
01881634	Monitoring Ports	On hardware appliances without an acceleration license, the Monitoring Port service could stop unexpectedly during an update from a version earlier than 13.0.7.	The Monitoring Port service is no longer affected during updates on appliances without an acceleration license.
01881627	Update/Installation	On Hyper-V virtual appliances, network interface configuration was not migrated during the update from Flowmon 12 to Flowmon 13, because Hyper-V virtual devices were not correctly detected.	Network interface detection on Hyper-V virtual appliances was corrected, and the network configuration is now migrated correctly.
01878268	Monitoring Center	When re-editing a saved schedule with a custom data interval, the interval unit (hours, days, or weeks) was lost and the schedule could be saved with an invalid value.	The custom interval value is now preserved correctly when editing a schedule.
01865007	Update/Installation	Customers who migrated to Flowmon 13 could have duplicate bind mount files created on the root partition during the initial migration, consuming over 1 GB of disk space and preventing subsequent updates.	The update to 13.0.8 automatically removes these duplicate files.
01879352	Monitoring Center	Custom alert scripts that used Windows-style CRLF line endings could not be executed, causing the alert to fail silently.	Alert scripts with CRLF line endings are now executed correctly.
01879347	Update/Installation	On VMware virtual appliances, the update from Flowmon 12 to Flowmon 13 could fail because GRUB did not correctly detect the data disk. Additionally, the old data partition was not expanded automatically.	GRUB disk detection and data partition expansion during the update were corrected for VMware virtual appliances.
01878658	Update/Installation	Network interface migration could fail when backup interface configuration files (for example, ifcfg-eth0.bak) were present, which could result in interfaces being reordered after the update.	Backup interface configuration files are now correctly ignored during network interface migration.
01879295	Collector	Since Flowmon 13.0.6, SRT (Server Response Time) measurements for TLS flows could show unrealistic values, such as 40 minutes for a flow that lasted 1 second.	The TLS packet identification logic was corrected, and SRT measurements now reflect accurate values.
01877751	Collector	Requesting flow source statistics caused the Autonomous Systems list to be loaded unnecessarily, resulting in a short delay for each request.	The Autonomous Systems list is no longer loaded when requesting flow source statistics.
01878048	Collector	After upgrading to Flowmon 13, customers with high flow rates could experience severely reduced flow forwarding performance when multiple network forwarding outputs were configured, with one output having a full queue.	Flow forwarding performance under high load has been restored to expected levels.
01877514	Collector	When a TCP export target disconnected and reconnected, the Collector spawned notification processes that were not cleaned up, causing zombie processes to accumulate over time.	Notification processes are now correctly cleaned up after completion.
01877751	Update/Installation	A race condition could cause chapter data migration to fail when chapters were applied while the migration process was already running.	The race condition in the chapter data migration process was resolved.
01877746	Update/Installation	After an update completed, repeated calls to the maintenance status endpoint could unexpectedly trigger configuration reinitialization, causing unnecessary delays.	Maintenance status checks no longer trigger configuration reinitialization after the update completes.
01873038	Monitoring Center	Bandwidth alerts using bits-per-second thresholds could be triggered incorrectly.	The flow rate calculation used for bandwidth alerts was corrected.
01868821	Monitoring Center	In the Japanese locale, the "Show in time" feature did not work and required switching to English to operate correctly.	The "Show in time" feature now works correctly in the Japanese locale.
01871833	Update/Installation	After updating from Flowmon 12 to Flowmon 13, a dummy channel was incorrectly imported, which could interfere with flow source detection.	The dummy channel is no longer imported during the update from Flowmon 12 to Flowmon 13.
-	Monitoring Center	The default SNMP timeout for polling flow sources (250 ms) was too short, causing SNMP polling to fail for sources with slower response times.	The default SNMP polling timeout has been increased to 750 ms to accommodate sources with slower response times.
01588662	Collector	Downloading the Autonomous Systems list on a physical Flowmon Collector redirected to the Overview page without starting the download.	The download of the Autonomous Systems list on physical Flowmon Collectors now works correctly.

Issues fixed in Flowmon 13.0.7

Ticket Number	Issue Topic	Issue Details	Resolution Details
01877265	Monitoring Ports	After a package update, some network interfaces could become unavailable on hardware appliances without an acceleration license because the DPDK service was restarted unnecessarily.	The DPDK service no longer starts on appliances without an acceleration license, preventing monitoring ports from becoming unavailable after a package update.
01877514	Monitoring Ports	The monitoring port process could hang when stopping and only terminate after a forced system kill, which could delay updates and restarts.	The monitoring port process now shuts down correctly and no longer requires a forced termination.
01877514	Update/Installation	After the update, the Configuration Center and related services could fail to start because of an initialization error, and configuration import could fail due to missing quota entries.	Service startup and configuration import during the update were corrected so the Configuration Center and related services start correctly after the update.
01877767	Monitoring Ports	VLAN filters configured on monitoring port flow export targets did not correctly match packets with a single VLAN header, causing matching flows to not be exported.	VLAN filter matching on monitoring port flow export targets was corrected and VLAN-tagged flows are now exported as expected.

Issues fixed in Flowmon 13.0.6

Ticket Number	Issue Topic	Issue Details	Resolution Details
01867062	Update/Installation	The update from Flowmon 12.5 to Flowmon 13.0 can fail when the PostgreSQL database uses a legacy 1024-bit RSA certificate that is rejected by the updated PostgreSQL version.	The update process now automatically detects outdated PostgreSQL certificates before migration to prevent the upgrade failure.
01831205	Monitoring Center	SNMPv3 probing could fail when polling multiple sources, causing communication errors and failed live checks.	The issue was fixed.
01818464	Monitoring Center	Source profile interface channels could be deleted unexpectedly when SNMP returned incorrect interface results.	Source profile interface channels are no longer deleted when SNMP returns incorrect interface results.
01741540	Monitoring Center	Some flow source interfaces discovered through SNMP could be displayed with incorrect interface information.	SNMP data collection now correctly correlates interface information by OID index, preventing incorrect interface assignments.

Issues fixed in Flowmon 13.0.5

Ticket Number	Issue Topic	Issue Details	Resolution Details
01865086	Update/Installation	The PostgreSQL upgrade can fail during the update from Flowmon 12.5 to Flowmon 13.0 because the shared memory allocation is insufficient.	The update process now uses sufficient shared memory for the PostgreSQL upgrade and prevents the upgrade failure.
01843838	Update/Installation	Configuration migration can fail with a datetime validation error during the update.	The issue was fixed.
01865086	Update/Installation	On virtual appliances where the root disk size changed, the update to Flowmon 13 can stop before completion and require manual intervention.	The issue was fixed.
-	System	The hosts file is not editable by the flowmon user in Flowmon 13, unlike in Flowmon 12.	The flowmon user can now edit the hosts file, restoring the behavior from Flowmon 12.
-	User Interface	After the update, some user interface labels can appear as raw localization keys because of stale browser cache.	Translated labels are displayed correctly after the update.

Issues fixed in Flowmon 13.0.4

Ticket Number	Issue Topic	Issue Details	Resolution Details
01833626	Reports	Generated PDF reports have visual and formatting issues in FMC analysis output.	PDF report layout and formatting in FMC analysis output were fixed.
01842196	Collector	Collector engine can use high memory in specific deployments.	Collector engine memory usage was optimized.
01840782	Collector	Collector engine filtering by Type of Service does not work correctly.	Type of Service filtering was fixed and now supports filtering by DSCP and ECN.
01843814	Monitoring Ports	Monitoring ports are not functional on non-PRO HW appliances with 1 GbE Network Interface (NIC) adapters.	Support for the affected NICs in XDP mode was fixed.
01824848	Monitoring Ports	Network Interface (NIC) traffic counter values on HW appliances are inaccurate.	Traffic counter calculation for NIC statistics on HW appliances was fixed.
01843117	Update/Installation	Configuration migration from the previous version can fail for overlapping subnets on Management Interface 1 and 2.	Migration behavior for overlapping management subnets was updated.
01841094	Monitoring Ports	When additional NetFlow identifier fields are enabled, the Monitoring Port process can generate frequent CRC64 hash collisions for flows.	CRC64 hashing for NetFlow identifiers in the Monitoring Port process was corrected to prevent flow hash collisions.
01843814	Reports	PDF reports cannot be generated with a large number of chapters.	PDF generation for large chapter counts was improved.
01843117	Sysconfig	In sysconfig, the same subnet can be configured on both management interfaces.	Validation was improved to prevent duplicate management subnets.
01843838	Update/Installation	During configuration migration from the previous version, the update can fail with a "Datetime in future is not allowed" error.	Time-related validation during configuration migration from the previous version was corrected.
01843814	Dashboards	In TOP time charts, the last value can remain displayed even when the following data points are empty.	TOP time charts now return to zero for empty data points instead of repeating the previous value.
01843838	Monitoring Ports	The Monitoring Port process can stop unexpectedly when parsing an X-Forwarded-For value that contains multiple IP addresses, which can interrupt flow export.	The Monitoring Port process now parses X-Forwarded-For values with multiple IP addresses correctly.

Issues fixed in Flowmon 13.0.3

Ticket Number	Issue Topic	Issue Details	Resolution Details
01571105	Profile Backup and Restore	It is not possible to restore a profile if the profile name contains non-ASCII characters.	The issue was fixed.
-	Monitoring Center	Graph data daily aggregation is always done for UTC time zone.	Graph data daily aggregation is done for local time zone.
01831881	Monitoring Center	Forwarding Target editor silently switches UDP protocol setting to TCP.	The issue was fixed.
01820311	Update/Installation	Configuration migration fails if Samba setting is disabled for the External data storage.	Configuration migration does not fail if Samba is disabled.
01820304	Monitoring Center	All profile channels update stops if some particular channel has incorrectly configured parent.	Issue with one profile channel does not affect update of other channels.
01822305	Update/Installation	Configuration migration fails if there is a non-unique user login present.	If there is a non-unique user login present, installation stops and the user is asked to fix the issue.
01817723, 01829617, 01830673	Update/Installation	Configuration migration fails if there is an expired Monitoring port, CA, IPsec, HTTPS or Listening port certificate in use.	If there is an expired certificate present, installation stops and the user is asked to fix the issue.
01817723, 01829617, 01830673	Update/Installation	If historical data migration fails, system deletes original data.	Original historical data is deleted only if migration finishes successfully.
01831279	TACACS Authentication	TACACS authentication stops working after the update from Flowmon 13.0.1.	Update process of tacacs_client component was fixed and TACACS Authentication works after the update.
01832907	Alerts	Alert is triggered even if it is set as inactive.	Alert deactivation was fixed.
-	Monitoring Ports	VLAN tags are not exported to flows on Flowmon 13 Probe.	The issue was fixed.

Issues fixed in Flowmon 13.0.2

Ticket Number	Issue Topic	Issue Details	Resolution Details
01798319, 01806036	User Interface	The first login of the day to the Flowmon user interface was taking a couple of minutes on Collectors with a high number of flow sources or profiles if a specific nightly routine failed.	An additional condition that caused slow login was identified and fixed.
01817723	Update/Installation	After the update, the custom channel visibility in FMC Analysis was lost, and the default setting was applied.	The visibility setting for profile channels is now correctly migrated during the update.
01816424	Update/Installation	The flow source names migration step takes a long time during the update if there are a lot of flow sources.	Flow source names migration now runs as a background task during the update and does not block further update process steps.
01816397	Login	If an LDAP user is redirected to the login screen from the dashboard page, the redirection back to the dashboard after login fails with an error.	The issue was fixed.
01817723	Update/Installation	After the update, users might not be able to download previous results in FMC Analysis and could encounter issues running new queries because of incorrect permissions.	The migration of previous results correctly sets the correct permissions.

Issues fixed in Flowmon 13.0.1

Ticket Number	Issue Topic	Issue Details	Resolution Details
01808616	Update/Installation	Configuration import fails during the update if a monitoring port filter contains an IPv6 address.	Monitoring port validation was fixed. Filters with IPv6 are imported and configurable through the UI.
-	Update/Installation	Configuration import fails if there are multiple reports with the same name.	The update process no longer fails when multiple reports have the same name.
-	Update/Installation	Configuration import fails if there are multiple alerts with the same name.	The update process no longer fails when multiple alerts have the same name. Affected alerts are imported with a unique name.
-	Update/Installation	Access restriction settings are not imported during the update to Flowmon 13.	Access restriction settings are migrated during the update.
-	Update/Installation	Importing an FMC chapter that included network aggregation failed during the update process.	FMC chapters with network aggregation are now imported successfully.
-	Update/Installation	After the update, all licensed monitoring ports are automatically started, including those that were previously stopped.	Monitoring ports that were disabled in Flowmon 12 remain disabled after the update.
-	Update/Installation	Custom flow source names defined by the user are lost during the update and must be recreated.	Custom flow source names remain intact after the update.
-	Update/Installation	Alerts configured to run a script failed to import if the script did not meet v13 compatibility requirements (for example, missing a defined shebang).	The import process now checks scripts for v13 compatibility. If a script does not include a shebang, the system removes the action to prevent the alert import from failing.
-	Reports	Chapters cannot be edited if they are inactive because of insufficient disk quota.	You can edit chapters regardless of whether they are active or inactive.
-	Monitoring Center	Analysis queries fail on a virtual appliance with 8 GB of RAM.	Memory consumption is optimized on appliances with the minimum required RAM.

Issues fixed in Flowmon 13.0.0

Ticket Number	Issue Topic	Issue Details	Resolution Details
01591758	Update/Installation	PostgreSQL database migration could fail during update, potentially causing data loss.	The update process now runs database checks before migration to prevent issues.
01698457	REST API	The GET /rest/fmc/active-devices API endpoint had misleading documentation and schema.	Updated the API documentation and fixed endpoint functionality.
-	Support Logs	Syslog-ng keeps flooding messages about repeated using su.	The issue was fixed.
01690352	Configuration Center	System restarted services unnecessarily when uploading a new license.	The system now updates acceleration settings only when required.
-	Monitoring Center	If the tls-sni field value is longer than 64 characters, it is truncated from the right.	The tls-sni field allows storing values up to 128 characters. If it is longer, it is truncated from the left.
-	Time setting	Date and time cannot be set in sysconfig.	It is possible to set date and time in sysconfig.
01585432	Configuration Center	It is not possible to save SNMP community string with the '@' character in it.	The issue was fixed.
01682640	Reports	There was an empty weekly report for the last week of 2024.	Date format handling in reporting was fixed for weeks starting in the old year and ending in the new year.
01766021	Monitoring Center	The Advanced analysis with unlimited flows option does not show used commands.	Used commands are available for both unlimited and limited list of flows.
01600328	System	Repeated kernel crash dumps could fill the root partition.	Kernel crash dump creation is now disabled by default.
01695641	System	KVM console connection failed without console=ttyS0.	KVM appliances now use correct console settings by default.

Important information

Update package availability

Newly announced Flowmon releases may not appear immediately on the Versions page because the update package rollout is gradual. Update packages are initially available on the Progress Community Portal, while automatic update availability is enabled progressively across systems. Systems enrolled in the Flowmon Beta program receive immediate access.

System requirements and update constraints

To successfully install and operate Flowmon 13.0.9, your environment must meet the following requirements:

Disk space requirements

Minimum required disk space for update:

• 17 GiB for system installation
• 3 GiB for alert, analysis, and investigation data (Collector only)
• 20 GiB for data backup (Collector only)
• 150 MB for each profile channel (Collector only)

If the required disk space is not available, the installation will not start. Increase data disk size or reduce disk quotas as needed.

RAM requirements

At least 12 GB of RAM is required when updating Flowmon with the ADS module.

Network interface compatibility

The e1000 network interface type is NOT supported on VMware or KVM virtual appliances.

• Replace any e1000 interfaces with VMXNET3 (VMware) or virtio (KVM).
• Re-use original MAC addresses for new interfaces to maintain monitoring port indexes.
• For a step-by-step guide, refer to the following section: Incompatible Interface Type on Virtual Appliance in the Flowmon 13 User Guide.

CPU requirements

• The virtualization host and virtual machine must support the AVX CPU instruction set.
• Installation will not proceed if AVX is missing.

Distributed Architecture is not supported

• Distributed Architecture (DA) mode is NOT supported in Flowmon 13.0.x.
• If DA mode is detected, installation will not start.

For a complete list of update constraints and further details, refer to the Update from Previous Version in the Flowmon 13 User Guide.

Flowmon Data Retention compatibility

Flowmon Data Retention 13.0.0 is not compatible with Flowmon 13.0.9. Update Flowmon Data Retention to version 13.0.1 or higher before updating to Flowmon 13.0.9.

Known issues and limitations

Features not available in 13.0.9

The following features will be available in some later release:

• Backup for Disaster Recovery
• Flow Quality Analyzer tool
• Self-health check script

Cloud appliance security warning

After updating a cloud appliance to Flowmon 13, you may encounter the following warning when connecting through SSH:

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

This warning suggests a potential man-in-the-middle attack but is caused by guest agents regenerating SSH host keys. We recommend removing the old SSH fingerprint from your 'known_hosts' file and reconnecting. This will allow your SSH client to accept the new host key.

User interface

Icons for modules that are not yet compatible with Flowmon 13 do not appear on the Flowmon home page.

SNMPv3 server changes

• Direct modification of snmpd.conf and creation of SNMPv3 users using the CLI is no longer possible.
• SNMPv3 supports three security levels: noAuthNoPriv, authNoPriv, and authPriv.
• MD5, SHA, SHA-256, and SHA-512 are supported for SNMPv3 authentication.
• AES-128 is the supported SNMPv3 privacy protocol.
• SNMPv3 server credentials do not migrate to Flowmon 13 and require reconfiguration after the update.
• Client (flow source) credentials for Flowmon Probes must be reconfigured on the Flowmon Collector.

Zabbix Agent changes

The following changes affect Zabbix monitoring:

• Flowmon 13 delivers zabbix-agent2 service (generation 2) - zabbix-agent service (generation 1) is no more available.
• The system does not migrate your Zabbix configuration files during the update from Flowmon 12 to Flowmon 13. You must reconfigure your Zabbix settings after the update.

For configuration instructions, refer to Zabbix Agent in the Flowmon User Guide.

Alerts that only have the 'Run script' action are not migrated correctly

If an alert only contains the 'Run script' action, this action will be lost after the update and must be redefined.

Historical trends chapters update error

Historical trends chapters in FMD reports are not updated correctly and show an error in the UI. You can fix this by removing them and adding them back into the report.

Security changes

FIPS mode setting

Flowmon 13 introduces optional support for FIPS (Federal Information Processing Standards) mode, which enforces the use of FIPS-compliant cryptographic algorithms across system components, including internal services and interfaces such as HTTPS and SSH. Users can enable the FIPS mode using the web interface or CLI.

Spectre & Meltdown mitigation setting

Flowmon 13 introduces a configurable setting for Spectre & Meltdown CPU vulnerability mitigations. Users can enable the protection using the web interface or CLI, which activates kernel-level defenses across the system. Enabling the mitigation increases security but may reduce performance, especially on older hardware.

Firewall management changes

Flowmon 13 introduces redesigned firewall management. Direct manipulation of firewall rules outside the UI is no longer supported. Creating custom firewall rules is not allowed and any custom rules from previous versions cannot be migrated during the update process. All firewall configuration must be managed exclusively through the Flowmon UI.

Release information and installation

Flowmon
Version: 13.0.9

Release date: 26th May 2026

This package contains an update for Flowmon appliances.

Copyright notice

Copyright © 2007 - 2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.

Support information

If you need help, contact our Support team at the Flowmon Support and Learning Hub.

Compatibility

Version 13.0.9 and higher is compatible with the following modules:

• Flowmon ADS 13.0.2
• Flowmon Packet Investigator 13.0.0
• Flowmon Packet Investigator Probe 13.0.0
• Flowmon APM 13.0.0
• Flowmon APM Probe 13.0.0
• Flowmon IDS Probe 13.0.0
• Flowmon Data Retention 13.0.1

If an incompatible version of any module is installed on a Flowmon appliance, it will be stopped and disabled during the update to Flowmon version 13.0.x.
When a compatible version of the module is installed, the module will be automatically enabled and started again.

Installation requirements

Some installation requirements to be aware of are as follows:

• The Flowmon appliance must be updated to version 12.5.8 or newer before you can apply this update.
• Before you start updating the Flowmon appliance to version 13.0.x, ensure the installed modules meet the following version requirements:
  • Flowmon ADS 12.5.2
  • Flowmon Packet Investigator 12.3.0
  • Flowmon Packet Investigator Probe 12.3.0
  • Flowmon APM 6.1.1
  • Flowmon APM Probe 6.1.1
  • Flowmon IDS Probe 3.6.3
  • Flowmon Data Retention 5.3
• If any version is older than the ones specified above, the update will not start.

Installation

For the automatic package download from services.flowmon.com:

1. Log in to the Configuration Center on your Flowmon appliance.
2. Select the Versions tab.
3. Click Update the Package List.
4. If the Flowmon update package is available, Flowmon OS appears in the list.
5. Click Install for the Flowmon OS package.

Or, for the manual package download from the Progress Community Portal:

6. Download the package from the Progress Community portal. Do NOT unpack it.
7. Log in to the Configuration Center on your Flowmon appliance.
8. Select the Versions tab.
9. Click Import Package and select the update file you downloaded in step 6.

The remaining installation steps are common for both paths:

10. When you start the update, the system checks if your appliance is ready. If the system finds any issues, you will see a popup warning that shows the number of failed checks and bell notification with details about each issue.
11. During the installation, all users are logged out and Flowmon may become briefly unavailable and respond with Server Error - 500.

12. Wait until a notification is displayed informing you that the update was successful.