We have an in-house application which needed to be separated and protected from common LAN segments. However, neither system administrators nor network administrators knew specific conversation streams, ports, etc. to help start the firewall baseline. We used the "Sessions" report to develop the baseline for firewall rules.
In house application performance/behavior
We have recently been rolling out a new ERP system that is centralized at a new data center. This makes our WAN connection from our facilities to the data center critical. We had been receiving multiple reports of strange lock ups and connection disconnects that were assumed to be issues with our new ERP system servers. After looking at the NetFlow graphs during the issue time frames, I found multiple short (3-5) minute WAN outages. We were able to isolate the problem very quickly to be a WAN provider issue vs. spending hours troubleshooting LAN or server issues.
It's not OUR network
Now I can tell if there is a bandwidth problem and I can easily trace the problem to the source. I'll NEVER forget the day a "difficult" employee opened a ticket complaining about the network being so slow no one in their office could work. I LOVED being able to call them back 5 minutes later and cheerfully ask them to log out of a dating website because they were using ALL the bandwidth browsing profiles. They NEVER called back again complaining about network problems.
Problem User
