Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Applies to the following Sophos products and versions

Sophos Firewall

Steps of Configuration:

    1. Login to the Webadmin GUI for the Sophos XG Firewall.
    2. Navigate to Administration > Netflow.


           c. Inside netflow  section , put the  name of server , IP of CCE and port should be 9995 

      • Server Name: Netflow server's friendly name.
      • Netflow Server IP/Domain: IPv4, IPv6 or hostname for the Netflow server(Seceon CCE).
      • Netflow Server Port: The listening port for the Netflow Server. Records are sent to the Netflow server over the specified port, 9995.


    1. Netflow will only log traffic for firewall rules that have Log Firewall Traffic enabled.

d. Click on apply .



A MEESAGE WILL POP SAYING NETFLOW CONFIGURATION HAS BEEN DONE SUCCESSFULLY .

 

Note:

  • Sophos XG Firewall supports Netflow v5. You can export all the parameters of v5.
  • When a conntrack entry is destroyed at the time of closing, we send the date or traffic counters to the netflow collector.
  • Further information regarding the netflow v5 record format can be found in NetFlow v5 Record Format.
  • You may add up to 5 separate Netflow servers.

Reference Source: https://community.sophos.com/kb/en-us/132762


Verification  of configuration :-

Verification can be done in 2 ways  either on CCE or on UI 


  • VERIFICATION THROUGH UI

1.Open UI >>Systems

2. Dropdown systems and go inside logs and flows collection status.


3. Under Source device IP address section the device configured will reflect.


  • Verification Through CCE server

sudo tcpdump -i any host 9995 and host <IP address> -AAA” command should be ran on CCE server to check wheather or not we are getting logs .




  • No labels