Below is a quick configuration guide for Sophos UTM firewall.
Summary:
- Define a LogicMonitor Collector network host object
- Assign the object to IPFIX Accounting
- Update the LogicMonitor collector configuration to listen on the correct port for IPFIX export
First, log in to Sophos UTM firewall. Navigate to Logging & Reporting -> Reporting Settings -> IPFIX Accounting:
Select or define a new network host object for the LogicMonitor Collector:
Assign the network object to the IPFIX export and set a unique observation ID domain:
Since the default PFIX port of 4739 is not configurable on the Sophos end, you’ll need to edit the netflow.ports section of the collector’s agent.conf to listen on that port.
