This sample configuration is based on a Sophos XG firewall. Other models may have slight configuration variations.
If you're collecting flow from multiple devices sharing the same public IP, you must configure chfagent to send flow to Kentik.
These instructions assume:
- You have administrative access to the firewall.
- The device has already been added to your AuvikFlow (Kentik) integration.
Log into the Sophos web GUI as an administrator with read-write permission.
Configure NetFlow collectors
- Go to Logs & Reports > Configuration > Netflow.
- Enter an appropriate server name.
- Enter 18.104.22.168 for the Netflow server.
- Enter port 20013 as the Netflow server port.
- Click Apply.
Enable traffic logging from firewall rule
- Go to Firewall Netflow > Rule.
- Select IPv4.
- Expand Advanced Settings.
- Enable Log Firewall Traffic.
- Click OK.