Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/index.html?contextId=NetflowConfiguration

Netflow

Netflow is a network protocol that enables you to monitor bandwidth usage and traffic flow. If you add a Netflow server to Sophos Firewall, it sends the Netflow records of source, destination, and traffic volume to the Netflow server. The records help you identify the protocols, policies, interfaces, and users consuming high bandwidth. You can use data analysis tools, such as Open Source Data Analyzer and PRTG to generate reports from the Netflow records.

You can add, update, or delete Netflow servers.

Netflow configuration

  1. Go to Administration > Netflow.
  2. Enter the Netflow Server name.
  3. Enter the Netflow server IP/domain. You can enter IPv4 or IPv6 addresses.

  4. Enter the Netflow server port number (UDP port). Records are sent to the Netflow server over the specified port.

    Default: 2055

Note

The traffic of only those firewall rules that have Log firewall traffic turned on is sent to the Netflow server.

Note

You can configure up to five Netflow servers.

Note

Sophos supports Netflow v5. You can export all the parameters of v5.