Configuring Flow Exports for Sophos Firewalls
For NetFlow analysis, you need to configure your devices to export flows to Site24x7 On-Premise Poller, which is the NetFlow collector. The On-Premise Poller will be listening to the particular port to receive flows. Learn how to find the port number of your On-Premise Poller.
Configure NetFlow v5 on Sophos Firewalls using the following steps:
- From your Sophos firewall device, go to Administration > Netflow.
- Netflow Server Name: Enter the name of your On-Premise Poller.
- Netflow Server IP/Domain: Enter the IPv4 or IPv6 address of your On-Premise Poller.
- Netflow Server Port: NetFlow exports happen over a specific port. Enter the UDP port number; the default port is 2055.
To send traffic data to the NetFlow server, ensure you check the box next to Log Firewall Traffic under Log Traffic.
Refer to Sophos's documentation for more information.