Netflow is a network protocol that enables you to monitor bandwidth usage and traffic flow. If you add a Netflow server to Sophos Firewall, it sends the Netflow records of source, destination, and traffic volume to the Netflow server. The records help you identify the protocols, policies, interfaces, and users consuming high bandwidth. You can use data analysis tools, such as Open Source Data Analyzer and PRTG to generate reports from the Netflow records.
You can add, update, or delete Netflow servers.
- Go to Administration > Netflow.
- Enter the Netflow Server name.
- Enter the Netflow server IP/domain. You can enter IPv4 or IPv6 addresses.
Enter the Netflow server port number (UDP port). Records are sent to the Netflow server over the specified port.
The traffic of only those firewall rules that have Log firewall traffic turned on is sent to the Netflow server.
You can configure up to five Netflow servers.
Sophos supports Netflow v5. You can export all the parameters of v5.