How can we help?

How to configure NetFlow on SonicWALL firewalls

Follow

These instructions assume:

  • The device is on version 6.5 or higher.
  • The date, time and time zone are correctly set on the firewall.
  • You have administrative access to the firewall.
  • The IP address of your Auvik collector is known.

Access the SonicWALL web interface

  1. Open a web browser and type in your SonicWALL IP address.
  2. Log into the web admin console.

Set up the external collector

  1. Navigate to Manage > Logs & Reporting > Flow reporting > Settings.
  2. Check Enable Real-Time Data Collection.
  3. (Optional) Enable interface-based reporting if you prefer the flows to be tagged from the interfaces of the firewall.
  4. Click Accept to save the settings.
  5. Navigate to External Collector.
  6. Select Send Flows and Real-Time Data to External Collector.
  7. Navigate to AppFlow Settings > Flow Reporting > External Collector.
  8. In External Flow Reporting Format, select Netflow Version-9
  9. In the External Collector’s IP address field, enter the Auvik collector IP address.
  10. In the External Collector’s UDP Port Number field, enter the port number you’d like to use. Choose from any of these ports: 2055, 2056, 4432, 4739, 6343, 9995, or 9996.
  11. Check Send IPFIX / Netflow Templates At Regular Intervals.
  12. Continue scrolling down to configure connection events:
    1. Check Report On Connection OPEN.
    2. Check Report on a Connection CLOSE.
  13. Click the Generate ALL Templates button
  14. Click Accept to save the settings

NetFlow is now enabled on your SonicWall firewall. You must reboot the device for these changes to take effect.

 

Was this article helpful?
5 out of 7 found this helpful
Have more questions? Submit a request