Sophos UTM Example

Below is a quick configuration guide for Sophos UTM firewall.


  • Define a LogicMonitor Collector network host object
  • Assign the object to IPFIX Accounting
  • Update the LogicMonitor collector configuration to listen on the correct port for IPFIX export

First, log in to Sophos UTM firewall. Navigate to Logging & Reporting -> Reporting Settings -> IPFIX Accounting:


Select or define a new network host object for the LogicMonitor Collector:

Assign the network object to the IPFIX export and set a unique observation ID domain:

Since the default PFIX port of 4739 is not configurable on the Sophos end, you’ll need to edit the netflow.ports section of the collector’s agent.conf to listen on that port. 

More from LogicBlog

Amps robot shadow

Let's talk shop, shall we?

Get started