Configuring Flow Exports on SonicWall Devices
For NetFlow analysis, you need to configure your devices to export flows to Site24x7 On-Premise Poller, which is the NetFlow collector. The On-Premise Poller will be listening to the particular port to receive flows.
Configure NetFlow exports on SonicWall devices using the graphical user interface (GUI).
Login to your SonicWall device console and click Log > Flow Reporting and follow the steps corresponding to the versions.
NetFlow v5 configuration
To configure typical Netflow version 5 flow reporting, follow the steps below:
- Check the box next to Enable flow reporting.
- Check the box next to Report to EXTERNAL flow collector to enable flows to be reported to an external flow collector.
- Check the box next to INTERFACE based reporting to report flows based on the initiator or responder interface. This step is optional.
- Check the box next to Firewall-Rules Based Reporting to report flows based on already existing firewall rules. This step is optional, but is required if flow reporting is done on selected interfaces.
- Select Netflow version-5 as the External Flow Reporting Type from the dropdown list if the Report to EXTERNAL flow collector is selected. Next, specify the External Collector’s IP address (IP address of the machine on which Site24x7 On-Premise Poller is installed).
- For the Source IP to Use for Collector on a VPN Tunnel, specify the source IP if the external collector must be reached by a VPN tunnel. This step is also optional.
- Specify the External Collector’s UDP port number. Learn how to find the port number of your On-Premise Poller.
NetFlow v9 configuration
To configure typical Netflow version 9 flow reporting, follow the steps below:
- Check the box next to Enable flow reporting. Note that if this is disabled, both internal and external flow reporting are also disabled.
- Check the box next to Report to EXTERNAL flow collector to enable flows to be reported to an external flow collector.
- Check the box next to INTERFACE based reporting to report flows based on the initiator or responder interface. This step is optional .
- Check the box next to Firewall-Rules Based Reporting to report flows based on already existing firewall rules. This step is optional, but is required if flow reporting is done on selected interfaces.
- Select Netflow version-9 as the External Flow Reporting Type from the dropdown list if the Report to EXTERNAL flow collector is selected. Next, specify the External Collector’s IP address (IP address of the machine on which Site24x7 On-Premise Poller is installed).
- For the Source IP to Use for Collector on a VPN Tunnel, specify the source IP if the external collector must be reached by a VPN tunnel. This step is optional .
- Specify the External Collector’s UDP port number. Learn how to find the port number of your On-Premise Poller.
- Check the box next to Send templates at regular intervals.
Netflow v9 uses templates that must be known to an external collector before sending data. After enabling this option, you can Generate ALL Templates by clicking the button in the topmost toolbar.
Refer to SonicWall's official documentation for more.