Sophos XG firewalls support NetFlow v5. You can export all the parameters of v5.
You can add up to five separate NetFlow servers.
These instructions assume:
- The date, time, and time zone are correctly set on the firewall.
- You have admin access to the Sophos XG web admin console.
- The IP address of your Auvik collector is known.
If you are using a shared collector and want TrafficInsights to associate flow data with the correct site, you must add the source IP address as a dedicated /32 network within Auvik.
For example:
192.168.1.10/32Even if the source IP address is already included in a larger monitored subnet, a dedicated /32 entry is required for TrafficInsights to correctly associate flow records with the appropriate site.
After making this change, it may take several minutes before flow data appears in TrafficInsights.
Configure NetFlow
- Log into the firewall’s web admin console.
- Navigate to System > Administration.
- Select NetFlow from the top navigation panel.
- Click on the + sign to create a new row.
- In the Server Name field, enter a recognizable name for the Auvik collector.
- In the Netflow Server IP/Domain field, enter the Auvik collector IP address.
- In the Netflow Server Port field, enter the port number you’d like to use. Choose from any of these ports: 2055, 2056, 4432, 4739, 6343, 9995, or 9996.
Note that Sophos XG devices will only collect NetFlow from firewall rules that are logged. So if it’s not already enabled, you’ll need to ensure the Log Firewall Traffic option is enabled for all rules that are passing traffic.