Just last week I was helping a customer configure SonicWALL devices for the first time. Configuring a SonicWALL device is not all that difficult. Let’s take a look at how it’s done.

First, you log into the SonicWALL GUI, scroll down the left navigation pane and click Flow Reporting. Continue to scroll down to get to the meat of the configuration options.  Make sure the top five check boxes are checked:SonicWALL Configuration

-Enable Flow Reporting

-Report to App Flow Collector

-Report to External Flow Collector

-Enable Interface Based Reporting

-Enable Firewall-Rules Based Reporting

All of these allow you to export flows, report to a flow collector within the SonicWALL network, control what flows are reported externally or internally, and report based on already existing firewall rules.  A few more options down the list you will check off External Flow Reporting Type. When you drop that down and click the IPFIX with extensions.  This allows Scrutinizer to report on all the juicy SonicWALL templates.

Now enter the IP address of the server running Scrutinizer in the External Collector’s IP Address and (if you must) input the IP address to the VPN Tunnel. The External Collector UDP Port is where you input whichever port you prefer; just make sure port 2055 is not blocked on the firewall. Now I would check off both boxes to Send Static Flows and Templates at Regular Intervals. This is good to have checked off for dynamic flows like we are about to send.

configuring SonicWALL for IPFIX

In this configuration, I am not enabling the IPFIX Collector, because I am using Scrutinizer to do my 3rd party collecting. Now scroll down a bit until you reach Event Settings. You can leave these alone until you get to Report Flows on Kilo Bytes Exchanged. Make sure that is checked and change Kilobytes Exchanged to 1. Scroll up and hit Accept at the top and in a few minutes you should be seeing some nice SonicWALL reports being generated by Scrutinizer.

For a look at how Scrutinizer reports on IPFIX data from SonicWALL hardware read Mike’s blog.

 

In part 2 of this blog, I will talk about the benefits of having SonicWALL reporting.

Jamie Lee author pic

Jamie Lee

Jamie Lee is the west coast Regional Manager at Plixer. He works with prospects to solve the unique needs of their network and visits existing customers to assist with training. He enjoys developing new partnerships and building long-lasting relationships with his clients. Jamie loves the outdoors and his favorite hobbies include fishing, hiking, and football.

Related

Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

Leave a Reply