Sophos SG firewalls support IPFIX, which is compatible with Auvik TrafficInsights.
These instructions assume:
- The date, time, and time zone are correctly set on the firewall.
- You have admin access to the Sophos SG web admin console.
- The IP address of your Auvik collector is known.
If you are using a shared collector and want TrafficInsights to associate flow data with the correct site, you must add the source IP address as a dedicated /32 network within Auvik.
For example:
192.168.1.10/32Even if the source IP address is already included in a larger monitored subnet, a dedicated /32 entry is required for TrafficInsights to correctly associate flow records with the appropriate site.
After making this change, it may take several minutes before flow data appears in TrafficInsights.
Access the Sophos SG web interface
- Open a web browser and type in your Sophos SG IP address.
- Log into the web admin console with an administrative (read-write) user.
Configure NetFlow
- Navigate to Logging & Reporting > Reporting Settings.
- Scroll down to IPFIX Accounting.
- Check Enable.
- Under OID, leave the default value of 1.
- Select the + icon to add a new collector. Use the following information:
- Name: A recognizable name for the Auvik collector
- Type: Host
- IPv4 Address: IP address of your Auvik collector
- Select Apply to save the settings.