Sophos XG firewalls support NetFlow v5. You can export all the parameters of v5.
You can add up to five separate NetFlow servers.
These instructions assume:
- The date, time, and time zone are correctly set on the firewall.
- You have admin access to the Sophos XG web admin console.
- The IP address of your Auvik collector is known.
- Log into the firewall’s web admin console.
- Navigate to System > Administration.
- Select NetFlow from the top navigation panel.
- Click on the + sign to create a new row.
- In the Server Name field, enter a recognizable name for the Auvik collector.
- In the Netflow Server IP/Domain field, enter the Auvik collector IP address.
- In the Netflow Server Port field, enter the port number you’d like to use. Choose from any of these ports: 2055, 2056, 4432, 4739, 6343, 9995, or 9996.
Note that Sophos XG devices will only collect NetFlow from firewall rules that are logged. So if it’s not already enabled, you’ll need to ensure the Log Firewall Traffic option is enabled for all rules that are passing traffic.