NetFlow

You can add, update, or delete NetFlow servers.

NetFlow is a network protocol that monitors network bandwidth usage and traffic flow. When you configure NetFlow on Sophos Firewall, it exports NetFlow records (detailing source, destination, and traffic volume) to the NetFlow server. The records help you identify the protocols, policies, interfaces, and users that consume high bandwidth. Data analyzing tools like Open Source Data Analyzer and PRTG software can generate reports from the NetFlow records.

You can configure up to five NetFlow servers. Sophos Firewall supports NetFlow v5.

To configure NetFlow, do as follows:

  1. Go to Administration > NetFlow.
  2. Enter the NetFlow Server name.
  3. Enter the NetFlow server IP/domain.

    You can enter IPv4 or IPv6 addresses.

  4. Enter the NetFlow server port (UDP port).

    Records are sent to the NetFlow server over the specified port. The default port is 2055.

  5. Click Apply.

Traffic from firewall rules that have Log firewall traffic turned on is sent to the NetFlow server.

Note When a conntrack entry is destroyed at the time of closing, Sophos Firewall sends the date or traffic counters to the NetFlow collector.