Sophos SG firewalls support IPFIX, which is compatible with Auvik TrafficInsights.
These instructions assume:
- The date, time, and time zone are correctly set on the firewall.
- You have admin access to the Sophos SG web admin console.
- The IP address of your Auvik collector is known.
If you have a shared collector and want to ensure that it receives netflow data to enable TrafficInsights, you will need to add the source IP address as a /32 in order for Auvik to register the flows from that specific address in the TrafficInsights portal. There may be some delay for the shared collector to receive the data after the change.
Note: Even if that source IP address is already being scanned, you must add a /32 targeting only the source IP address, due to some limitations, the collector can’t tell if it should be sent to site A or B.
Access the Sophos SG web interface
- Open a web browser and type in your Sophos SG IP address.
- Log into the web admin console with an administrative (read-write) user.
Configure NetFlow
- Navigate to Logging & Reporting > Reporting Settings.
- Scroll down to IPFIX Accounting.
- Check Enable.
- Under OID, leave the default value of 1.
- Select the + icon to add a new collector. Use the following information:
- Name: A recognizable name for the Auvik collector
- Type: Host
- IPv4 Address: IP address of your Auvik collector
- Select Apply to save the settings.