How can we help?

How to configure NetFlow on WatchGuard devices

Follow

These instructions assume:

  • The device is running Firewire v12.3 or higher.
  • The date, time and time zone are correctly set on the device.
  • You have administration access to the WatchGuard dashboard.
  • The IP address of your Auvik collector is known.

Configure NetFlow

  1. Log into the WatchGuard admin console.
  2. Select System > NetFlow.
  3. Select Enable NetFlow.
  4. For the protocol version, select V9.
  5. In the Collector Address text box, enter the IP address of the Auvik collector. The collector is the server that collects NetFlow data from the Firebox.
  6. In thePort text box, enter the port you’d like to use. Choose from 2055, 2056, 4432, 4739, 6343, 9995, or 9996. The Firebox must be able to communicate with the collector using UDP at the specified IP address and port.
  7. Set the Active Flow Timeout to 1 minute.
  8. (Optional) To enable Sampling Mode, select the Sample every 1 out of check box. By default, don’t mark this option.
    1. If you enable Sampling Mode, in the adjacent text box, type a number between 2 and 65,535 packets. Make sure the sampling rate set here on the device matches the sampling rate for the device in TrafficInsights.
    2. Select the interfaces on which you want to collect NetFlow data. By default, enable all of them by selecting the top check box next to the Interface Name header. Note that Firebox is not an interface itself.
  9. (Optional) To monitor outbound traffic generated by the Firebox, select Firebox.
  10. Click Save.

 

Was this article helpful?
5 out of 11 found this helpful
Have more questions? Submit a request