# Flow

### Process Overview

For further details see [a description of Flow in Highlight.](https://support.highlight.net/help/details/flow)

Here is an overview of how to set up Flow in Highlight for the first time:

1. Check with your Service Provider that your contract allows for Flow, and that the network devices involved can run Flow analysis without causing CPU issues.
2. [Install an Agent server](https://support.highlight.net/help/device_setup/agent#server_location_and_provisioning) to be used as a Flow collector, and make note of the IP address.
3. Confirm there is network access from the routers to the collector without having the Flow packet address translated.
4. Allow UDP port 9996 from the routers to the Flow collector.
5. Allow TCP port 443 from the collector to your Highlight System.
6. Assign the collector to the Highlight folder structure using **Edit this Folder** then Agent selection.
7. [Configure each router](https://support.highlight.net/help/device_setup/flow) for Flow, using the IP address of the collector as Flow destination. Also specify the Flow packet source interface in the configuration, which is used by the router as source IP address of every Flow packet sent to the collector, and is configured in Highlight.
8. If each router does not have a Highlight entry, [create a new watch](https://support.highlight.net/help/admin/create_watch) in Highlight.
9. (See warning below) Edit the watch in Highlight to [add Flow](https://support.highlight.net/help/admin/flow) via the Edit Watch Applications tab, using the IP address of the configured Flow source interface.

If results do not appear as expected, then follow our [Flow Troubleshooting](https://support.highlight.net/help/troubleshoot/flow) procedures.

&#x20;Flow can cause a high CPU load on the router so the location needs to have a device which is adequately sized for the volume of traffic expected.\
If you are planning to enable Flow on a number of devices we suggest selecting the busiest device for each model to check it can handle the additional CPU load.

#### Special Cases

**WAN interface is encrypted or encapsulated, including MPLS**

If you want to analyse application traffic using the WAN interface but all traffic is either encrypted or encapsulated, adjust the normal process as follows:

* [Set up the router](https://support.highlight.net/help/device_setup/flow) LAN interface with the ip flow version 9 commands; but
* Select the WAN interface for the Highlight analysis when [adding flow](https://support.highlight.net/help/admin/flow) in the Edit Watch Applications tab


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.highlight.net/getting-started/useful-information/flow.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.