This sample configuration is based on a Sophos XG series firewall. Other models may have slight configuration variations.
If you're collecting flow from multiple devices sharing the same public IP, you must configure chfagent to send flow to Kentik.
These instructions assume:
- You have administrative access to the firewall.
- The device has already been added to your AuvikFlow (Kentik) integration.
- The sampling rate will be set to 1024.
Access your Sophos web GUI
- Open a web browser and enter the IP address of the Sophos firewall
- Login as an administrator with read-write permission.
Configure NetFlow collectors
- From the side navigation, click Administration
- Click the Netflow tab.
- Enter an appropriate server name.
- Enter 220.127.116.11 for the Netflow server.
- Enter port 20013 as the Netflow server port.
- Click Apply.
Enable traffic logging from firewall rule
- From the side navigation, click Firewall.
- Click the IPv4 tab.
- Expand WAN rule. Click the pencil icon to edit the rule.
- Locate the Log Traffic section. Enable the traffic by checking Log Firewall Traffic.
- Click Save.
- Expand LAN rule. Click the pencil icon to edit the rule.
- Locate the Log Traffic section, enable the traffic by checking Log Firewall Traffic.