Sophos UTM Example

Below is a quick configuration guide for Sophos UTM firewall.


  • Define a LogicMonitor Collector network host object
  • Assign the object to IPFIX Accounting
  • Update the LogicMonitor collector configuration to listen on the correct port for IPFIX export
First, log in to Sophos UTM firewall. Navigate to Logging & Reporting -> Reporting Settings -> IPFIX Accounting:


Select or define a new network host object for the LogicMonitor Collector:

Assign the network object to the IPFIX export and set a unique observation ID domain:

Since the default PFIX port of 4739 is not configurable on the Sophos end, you’ll need to edit the netflow.ports section of the collector’s agent.conf to listen on that port.