Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Capturing traffic in your firewall's state table

PDF
RSS
Focus mode
Capturing traffic in your firewall's state table - AWS Network Firewall

With flow capture operations in Network Firewall, you can view information about active traffic flows that are tracked in your firewall's state table. These operations provide a time-boxed view of network traffic, showing both new and established flows that match your specified criteria. Captured data makes it easier to analyze current network traffic patterns, verify the effectiveness of your firewall rules, identify unexpected traffic flows, and troubleshoot network connectivity issues.

You can the progress and history of flow captures in your firewall's Details page.

Tip

When using flow capture operations with broad filter criteria (like wide IP ranges), you might encounter operation limits. To stay within these limits, use more specific flow filters, such as narrower IP ranges or additional criteria like ports and protocols.

To capture traffic flows from a firewall state table

  1. Sign in to the AWS Management Console and open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, under Network Firewall, choose Firewalls.

  3. Choose the name of the firewall where you want to perform the flow operation.

  4. In the Firewall operations section, choose Configure flow capture.

  5. Configure the flow filters to determine the scope of the operation:

    1. Define an Availability Zone and ARN for the operation.

    2. Optionally, define additional filters:

      • Minimum age - To exclude recently established flows, set this value to filter out flows that are newer than the specified age, in seconds

      • Source - A single IP address, a range of IPs (CIDR), or port

      • Destination - A single IP address, a range of IPs (CIDR), or port

      • Protocol number - The assigned internet protocol number (IANA) for each supported protocol. If left empty, the operation captures flows with any supported protocol (TCP, UDP, ICMP, ICMPv6, SCTP).

  6. Review your configured filters in the Filters section.

  7. Choose Start capture, then confirm that you want to begin the operation.

  8. Return to the Details page to monitor the operation status.

For information on viewing the status and history of your operations, see Viewing flow operations in Network Firewall.

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.