SSP 

The issue occurs when a default ANY–ANY–DENY rule is configured in the environment. 
Because this rule denies all traffic by default, no traffic is allowed to traverse or reach the analysis engine. As a result, no unprotected flows are detected or recorded in the UI.

In other words, the system is functioning as designed—traffic that is dropped by the default deny rule will not appear as an unprotected flow.

The system is functioning as expected.

To view unprotected flows and plan microsegmentation policies for new workloads, follow the steps below:

• Create a New Application Group: Group your new workloads under an application group, e.g., TESTGROUP, within the Applications section.  
• Create a New Policy Rule: Define an allow policy specific to the application or group.
• Collect Flows: Allow the system to collect traffic flows for the new workloads. Run Flow Collection and Recommendation Analysis to generate microsegmentation recommendations for those VMs.
•  Review and Refine: After sufficient flow data is collected, revisit Visibility & Planning to observe unprotected flows.

• The default ANY–ANY–DENY rule should remain in place as a best practice for enforcing least privilege.

• Only create specific allow rules for legitimate application traffic that needs to be analyzed or permitted.

• If unprotected flows are still not visible after creating allow rules, ensure:

  • The workloads are actively generating traffic.

  • The relevant sensors and collectors are operational.