Sophos Xg Netflow

Posted : admin | On 30-04-2021



Netflow sensors can help you analyze all the traffic on your network. To have relevant data, I advise you to set up this type of sensor on a core network or a firewall. Traffic of only those firewall rules that have Log Firewall Trafficenabled is sent to the Netflow server. You can configure up to five Netflow servers. Sophos XG Firewallsupports Netflow v5. You can export all the parameters of v5. Sophos XG: configure a Netflow server Netflow is Cisco’s network-developed networking protocol, which collects information about IP flows. It is possible under Sophos XG to configure a Netflow server. PRTG has a Netflow sensor.

You can add, update, or delete NetFlow servers.

NetFlow is a network protocol that monitors network bandwidth usage and traffic flow. When you configure NetFlow on XG Firewall, it exports NetFlow records (detailing source, destination, and traffic volume) to the NetFlow server. The records help you identify the protocols, policies, interfaces, and users that consume high bandwidth. Data analyzing tools like Open Source Data Analyzer and PRTG software can generate reports from the NetFlow records.

You can configure up to five NetFlow servers. XG Firewall supports NetFlow v5.

Sophos

To configure NetFlow, do as follows:

  1. Go to Administration > NetFlow.
  2. Enter the NetFlow Server name.
  3. Enter the NetFlow server IP/domain.
  4. Enter the NetFlow server port (UDP port).

    Records are sent to the NetFlow server over the specified port. The default port is 2055.

  5. Click Apply.
Netflow

Traffic from firewall rules that have Log firewall traffic turned on is sent to the NetFlow server.

Sophos
Note When a conntrack entry is destroyed at the time of closing, XG Firewall sends the date or traffic counters to the NetFlow collector.

Netflow allows you to add, update, or delete Netflow servers. The device offers Netflow, a network protocol, to monitor network bandwidth usage and traffic flow. Netflow records of source, destination and volume of traffic are exported to the Netflow server. The records help you identify the protocols, policies, interfaces and users consuming high bandwidth. Data analyzing tools like Open Source Data Analyzer and PRTG software can generate reports from the Netflow records.

Netflow configuration

  1. Enter the Netflow Server name.
  2. Enter the Netflow server IP/domain. You can enter IPv4 or IPv6 addresses.
  3. Enter the Netflow server port number (UDP port). Records are sent to the Netflow server over the specified port.

    Default: 2055

Configuration
Note Traffic of only those firewall rules that have Log firewall traffic enabled is sent to the Netflow server.

Sophos Xg Netflow Prtg

Sophos

Latest Sophos Version

Note You can configure up to five Netflow servers.

Sophos Xg Netflow Timeout

Note Sophos supports Netflow v5. You can export all the parameters of v5.