How can we help?

How to enable flow on your Sophos XG firewall

Follow

This sample configuration is based on a Sophos XG series firewall. Other models may have slight configuration variations.

If you're collecting flow from multiple devices sharing the same public IP, you must configure chfagent to send flow to Kentik.

These instructions assume:

Access your Sophos web GUI

  • Open a web browser and enter the IP address of the Sophos firewall
  • Login as an administrator with read-write permission.

Configure NetFlow collectors

  1. From the side navigation, click Administration
  2. Click the Netflow tab.
  3. Enter an appropriate server name.
  4. Enter 208.76.14.247 for the Netflow server.
  5. Enter port 20013 as the Netflow server port.
  6. Click Apply.

Enable traffic logging from firewall rule

  1. From the side navigation, click Firewall.
  2. Click the IPv4 tab.
  3. Expand WAN rule. Click the pencil icon to edit the rule.
  4. Locate the Log Traffic section. Enable the traffic by checking Log Firewall Traffic.
  5. Click Save.
  6. Expand LAN rule. Click the pencil icon to edit the rule.
  7. Locate the Log Traffic section, enable the traffic by checking Log Firewall Traffic.

Click Save.

Have more questions? Submit a request

Comments

Powered by Zendesk