Configuring SonicWALL Devices Using IPFIX

All of these allow you to export flows, report to a flow collector within the SonicWALL network, control what flows are reported externally or internally, and report based on already existing firewall rules.  A few more options down the list you will check off External Flow Reporting Type. When you drop that down and click the IPFIX with extensions.  This allows Scrutinizer to report on all the juicy SonicWALL templates.

Now enter the IP address of the server running Scrutinizer in the External Collector’s IP Address and (if you must) input the IP address to the VPN Tunnel. The External Collector UDP Port is where you input whichever port you prefer; just make sure port 2055 is not blocked on the firewall. Now I would check off both boxes to Send Static Flows and Templates at Regular Intervals. This is good to have checked off for dynamic flows like we are about to send.

In this configuration, I am not enabling the IPFIX Collector, because I am using Scrutinizer to do my 3^rd party collecting. Now scroll down a bit until you reach Event Settings. You can leave these alone until you get to Report Flows on Kilo Bytes Exchanged. Make sure that is checked and change Kilobytes Exchanged to 1. Scroll up and hit Accept at the top and in a few minutes you should be seeing some nice SonicWALL reports being generated by Scrutinizer.

For a look at how Scrutinizer reports on IPFIX data from SonicWALL hardware read Mike’s blog.

In part 2 of this blog, I will talk about the benefits of having SonicWALL reporting.