A graph shows information about two directions, tx and rx. In many cases this is simple - a graph attached to an interface has rx for traffic coming in to the FireBrick, and tx is for traffic leaving. This also relates quite simply for services like L2TP and PPPoE.

However, a graph linked to a firewall rule is more complex. This is explained in the firewall rules with set-graph and set-reverse-graph settings. For a firewall rule session being graphed the rx and tx relate to the direction the session is set up. You can deliberately reverse this using set-reverse-graph.

The reason this may seem complex is when making a firewall rule that has, for example, a matching of ip for an IP you want to monitor, and sets a graph. Sessions started to the IP address will have tx and rx reversed compared to sessions started from the IP address. The solution is two rules, one with target-ip and set-graph, and a separate one with source-ip and set-reverse-graph (which can be the same graph). This will then result in consistent tx and rx relating to traffic directed to or from the IP address.