How can we help?

How to enable flow on your SonicWALL firewall -- AuvikFlow (Kentik)


To send flow data to the Kentik servers from your SonicWALL, you must have a full AppFlow licence activated. If you don’t have an active AppFlow licence, contact Dell or your SonicWALL reseller to purchase one.

If you're collecting flow from multiple devices sharing the same public IP, you must configure chfagent to send flow to Kentik.

These instructions assume:

Note: You’ll need to reboot the device so you may need to open a maintenance window.

Access your SonicWALL web GUI

  1. Open a web browser and type in your SonicWALL IP address.
  2. Log into your firewall.

Set up the external collector

  1. In the GUI, go to AppFlow > Flow Reporting, then select External Collector.
  2. Check Send Flows and Real-Time Data to External Collector.
  3. Select NetFlow version-9 from the External Flow Reporting Format drop down selection list.
  4. Enter as the External Collector’s IP address.
  5. Enter 20013 as the External Collector's UDP Port Number
  6. Check Send IPFIX/NetFlow Templates at Regular Interval.
  7. Check Report on Connection OPEN and Report on Connection CLOSE.
  8. Click on Generate ALL Templates.
  9. Select Accept.

Set up flow reporting

  1. In the GUI, go to AppFlow > Flow Reporting, then select Settings.
  2. Under Settings, select All for Report Connections.
  3. Check Enable Real-Time Data Collection.
  4. From the drop down selection list, select Top apps, Bits per sec., Packets per sec., Average packet size, Connections per.
  5. Select Enable Aggregate AppFlow Report Data Collection.
  6. From the drop-down list, select Apps Report, User Report, IP Report, Treat Report, Geo-IP Report, URL Report.
  7. Under Local Server Settings, check Enable Appflow to Local Collector.
  8. Under Other Report Settings, check Report DROPPED Connection.
  9. Check Skip Reporting STACK Connections.
  10. Select Gifs, Jpegs, Pngs, Htmls, Aspx from the Include Following URL Types.
  11. Leave Enable Geo-IP Resolution unselected.
  12. Select Disable Reporting IPv6 Flows (ALL).
  13. For AppFlow Report Upload Timeout (sec), enter 30.
  14. Select Accept.

NetFlow is now enabled on your SonicWALL firewall. You must reboot the device for the changes to take effect.  

Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request