To send flow data to the Kentik servers from your SonicWALL, you must have a full AppFlow licence activated. If you don’t have an active AppFlow licence, contact Dell or your SonicWALL reseller to purchase one.
Note: You’ll need to reboot the device so you may need to open a maintenance window.
Access your SonicWALL web GUI
- Open a web browser and type in your SonicWALL IP address.
- Log into your firewall.
Set up the external collector
- In the GUI, go to AppFlow > Flow Reporting, then select External Collector.
- Check Send Flows and Real-Time Data to External Collector.
- Select NetFlow version-9 from the External Flow Reporting Format drop down selection list.
- Enter 220.127.116.11 as the External Collector’s IP address.
- Enter 20013 as the External Collector's UDP Port Number
- Check Send IPFIX/NetFlow Templates at Regular Interval.
- Check Report on Connection OPEN and Report on Connection CLOSE.
- Click on Generate ALL Templates.
- Select Accept.
Set up flow reporting
- In the GUI, go to AppFlow > Flow Reporting, then select Settings.
- Under Settings, select All for Report Connections.
- Check Enable Real-Time Data Collection.
- From the drop down selection list, select Top apps, Bits per sec., Packets per sec., Average packet size, Connections per.
- Select Enable Aggregate AppFlow Report Data Collection.
- From the drop-down list, select Apps Report, User Report, IP Report, Treat Report, Geo-IP Report, URL Report.
- Under Local Server Settings, check Enable Appflow to Local Collector.
- Under Other Report Settings, check Report DROPPED Connection.
- Check Skip Reporting STACK Connections.
- Select Gifs, Jpegs, Pngs, Htmls, Aspx from the Include Following URL Types.
- Leave Enable Geo-IP Resolution unselected.
- Select Disable Reporting IPv6 Flows (ALL).
- For AppFlow Report Upload Timeout (sec), enter 30.
- Select Accept.
NetFlow is now enabled on your SonicWALL firewall. You must reboot the device for the changes to take effect.