Distributed software firewalls (also referred to herein as distributed firewalls) allow for increased granularity of firewall control. In general, distributed firewalls provide network access control at the data end node level rather than a centralized choke point. For instance, distributed firewalls can be implemented as a virtual network interface card (vNIC) level firewall. For example, vNIC level firewalls are able to enforce security policies as soon as a packet comes out of a virtual machine's (VM's) vNIC. Therefore, distributed firewalls are able to provide security for intra-VM traffic. VNIC level firewalls can also inspect the traffic twice, once at source and once at destination.
Distributed firewalls also generate firewall flow records associated with communication sessions over a particular vNIC. The firewall flow records are generated by the packets passing through an Internet protocol (IP) based forwarding engine of the distributed firewall at the hypervisor level. A firewall flow records represent packets transmitted to the distributed firewall.