Defining Data Flows

The Flows page provides a visual canvas where you define the allowed communication paths between your security zones. This is the core of defining your high-level security policy.

The Flow Visualizer

The main part of the page is an interactive diagram showing your security zones as nodes. The goal is to create connections (edges) between these nodes to represent legitimate data flows.

For example, if your application servers need to communicate with your database servers, you would create a flow from your "Application Zone" to your "Data Zone".

Creating a New Flow

1. Hover your mouse over the source zone (e.g., Application Zone). Connection handles will appear on the sides of the node.
2. Click and drag from one of the handles to the target zone (e.g., Data Zone).
3. Release the mouse button over the target zone. A dialog box will appear.
4. In the dialog, specify the Protocol/Port that this flow should allow (e.g., TCP/5432 for PostgreSQL).
5. Click Create Flow.

A new arrow will appear on the diagram, connecting the two zones and labeled with the protocol you defined.

Editing or Deleting a Flow

You can manage existing flows:

1. Click on the flow's label on the arrow connecting two zones.
2. The "Edit Flow" dialog will appear.
3. From here, you can:
   • Update the Protocol/Port -- Change the allowed protocol and save your changes.
   • Delete the Flow -- Click the Delete Flow button to remove the connection entirely.

How Flows Translate to Rules

Every flow you define here is an abstract "allow" rule. When you move to the Deployment page, the system uses these flow definitions, combined with the resource assignments in your Zones, to generate concrete security rules for each cloud provider.

For instance, the flow from Application Zone to Data Zone on TCP/5432 will result in:

Common Flow Patterns