How can we help?

How to configure NetFlow on SonicWALL firewalls

Follow

These instructions assume:

  • The device is on version 6.5 or higher.
  • The date, time and time zone are correctly set on the firewall.
  • You have administrative access to the firewall.
  • The IP address of your Auvik collector is known.

Access the SonicWALL web interface

  1. Open a web browser and type in your SonicWALL IP address.
  2. Log into the web admin console.

Set up the external collector

  1. Navigate to Manage > Logs & Reporting > Flow reporting > Settings.
  2. Check Enable Real-Time Data Collection.
  3. (Optional) Enable interface-based reporting if you prefer the flows to be tagged from the interfaces of the firewall.
  4. Click Accept to save the settings.
  5. Navigate to External Collector.
  6. Select Send Flows and Real-Time Data to External Collector.
  7. Navigate to AppFlow Settings > Flow Reporting > External Collector.
  8. In External Flow Reporting Format, select Netflow Version-9
  9. In the External Collector’s IP address field, enter the Auvik collector IP address.
  10. In the External Collector’s UDP Port Number field, enter the port number you’d like to use. Choose from any of these ports: 2055, 2056, 4432, 4739, 6343, 9995, or 9996.
  11. Check Send IPFIX / Netflow Templates At Regular Intervals.
  12. Continue scrolling down to configure connection events:
    1. Check Report On Connection OPEN.
    2. Check Report on a Connection CLOSE.
  13. Click the Generate ALL Templates button
  14. Click Accept to save the settings

NetFlow is now enabled on your SonicWall firewall.

You must reboot the device for these changes to take effect.

 

Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    Eli House

    I would note that, in my case, "GENERATE ALL TEMPLATES" had to be run following the reboot required by Step 6. Additionally, the Auvik Service had to be restarted to finalize the setup.

  • Avatar
    Aleksandar Todorovic

    Dear Eli,
    thank you for your comment, we've published a revised version of the article, outlining both the requirement to generate the templates and the subsequent required reboot of the SonicWall firewall.
    I'd like to also point out that there is no requirement from a functionality perspective that would require a restart of the Auvik Service (Agent).

Powered by Zendesk