If you have NSX in your environment, you can send IPFIX to up to four collectors, one of which should be Faddom. This will enable Faddom to see the traffic passing through all the port groups managed by NSX. For those not managed by NSX, you can follow our guide How to Enable Traffic Collection in VMware.
To set this up. you need to do the following -
In NSX go to Plan & Troubleshoot
Select IPFIX from the side menu
Select the Collectors tab
Select Add New Collector > IPFIX Switch
Add Faddom as the name and the IP address for the Faddom server as the collector address, using the port of your choice. By default, 4739 is the IPFIX port and this is the recommended port for Faddom.
Click Save
Next, select the Switch IPFIX Profiles tab
Select Add Switch IPFIX Profile
Select the Faddom collector and set the following parameters -
βName: Faddom (recommended)
βPacket Sampling Probability (%): Recommended to use 5%|
βObservation Domain ID: If you are using Netflow for distributed switches make sure to specify a different Observation Domain ID than is configured for the switchClick Save and then Yes to continue configuring the profile.
Under Applies to.. to apply the profile to an NSGroup. You can select one or more NSGroups then click Save. It is recommended to enable all groups for full visibility.
Within a few minutes, you can check to see if Faddom is receiving the traffic by searching for the port you are sending the IPFIX on.
Required Permissions & Firewall Rules
Faddom does not require any permissions to NSX.
To allow the IPFIX traffic to reach Faddom you will need to allow port 4739 UDP (or your chosen port) from the ESX host management addresses to the Faddom collector.