# Netflow Configuration Sophos XG

This guide outlines procedure to forward NetFlow records from Sophos XG Firewall to Log Collector.

* NetFlow is a network protocol that enables you to monitor bandwidth usage and traffic flow.
* If you add a NetFlow server to Sophos Firewall, it sends the NetFlow records of source, destination, and traffic volume to the NetFlow server.
* The records help you identify the protocols, policies, interfaces, and users consuming high bandwidth.
* You can use data analysis tools, such as Open Source Data Analyzer and PRTG to generate reports from the NetFlow records.
* Sophos XG firewalls support NetFlow v5. You can export all the parameters of v5.

### **Configure NetFlow**

1. Log into the firewall’s web admin console.
2. Navigate to System > Administration.
3. Select NetFlow from the top navigation panel.
4. Click on the + sign to create a new row.
5. In the Server Name field, enter a recognizable name for the Log collector.
6. In the NetFlow Server IP/Domain field, enter the Log collector IP address.
7. In the NetFlow Server Port field, enter the port number provided.

   ![](/files/aDJf3vjvTVzTPv8kmYe0)

**Note** :

* Sophos XG devices will only collect NetFlow from firewall rules that are logged.
* So if it’s not already enabled, you’ll need to ensure the Log Firewall Traffic option is enabled for all rules that are passing traffic.

\*\* Below procedure is applicable only if Traffic logging is not enabled.

### Enable Traffic Logging

1. **Enable firewall traffic logs**:

* Go to **Firewall > Edit Firewall Rule** to view the status of logging and security policies.
* Enable logging of firewall traffic from Log Traffic section. It ensures that traffic passing through the Firewall rule has been logged and can be viewed from Log Viewer.
* We recommend you enable logging for all firewall rules.

![](/files/iKtRyZmFR5vbl2TD7JNh)

**Reference:** <https://doc.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Administration/NetflowConfiguration/index.html>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.blusapphire.io/log-forwarding/mirror-span-port-configuration/netflow-configuration-sophos-xg.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.