While reviewing the Dashboard on the SSL Visibility Appliance, under Overview, the number of sessions is listed.  This number may seem higher or lower than expected based upon bandwidth, SSL bandwidth and load of the appliance.  A session goes through several stages on the SSL Visibility Appliance, beginning with the SYN packet at the start of a TCP handshake.  A flow, in any one of these stages counts against the total session count for the appliance.  This KB goes into some details about the stages of a SSL flow.

Statistic files are available to download on the SSL Visibility via the Diagnostics page.  Within these diagnostic pages are thousands of statistics that the SSL Visibility tracks and logs.  Among these are statistics on flow states.  The statistics can also be seen via SSH in the CLD.

• L_flows is the total current level of flows on the appliance, this is not indicative of the Sessions counter in the Dashboard.  The Sessions counter in the Dashboard if the number of active SSL Sessions.
• L_flows is the total amount of flows on the box at the given time from the first syn of the tcp handshake to the final fin/ack of the connection.

The different flow states that make up L_flows and count towards the total overall flow count as in the below equation:

L_flows = L_flow_state_HALF_CONNECTED + L_flow_state_CLASSIFIER + L_flow_state_ACTION_APP + L_flow_state_ACTION_CUT + L_flow_state_ACTION_REJECT + L_flow_state_ACTION_DROP + L_flow_state_ACTION_APP_EOF.

To further investigate these statistics, as stated previously, you may SSH into the SSL Visibility and look at the CLD.  The counter workers will show the detailed flow information:

• L_flows                             : 00000000000000000000
• L_flows_confirmed                   : 00000000000000000000
• L_flow_state_HALF_CONNECTED         : 00000000000000000000
• L_flow_state_CLASSIFIER             : 00000000000000000000
• L_flow_state_ACTION_APP             : 00000000000000000000
• L_flow_state_ACTION_CUT             : 00000000000000000000
• L_flow_state_ACTION_REJECT          : 00000000000000000000
• L_flow_state_ACTION_DROP            : 00000000000000000000
• L_flow_state_ACTION_APP_EOF         : 00000000000000000000
• L_flow_si_handshake                 : 00000000000000000000

Also check SSL Visibility Command Line Diagnostics and counters worker.