Sophos Firewall Operating System (SFOS) is a purpose-built OS that is the core of Sophos XG firewall. The architecture has multiple options for mitigating the latest threats and modern-day features like SD-WAN, cloud application traffic, etc. Sophos has a great GUI that makes the configuration quite easy, and you would rarely need to dive into CLI.

 

NetFlow configuration

Configuration of NetFlow export is really simple. Everything can be done via GUI:

  • Go to administration/Netflow
  • Add the server name, server IP, and port.

And of course, you need to enable Log firewall traffic for every firewall rule for it to be sent to the NetFlow server.

If you want to enable SNMP for NetVizura to resolve interface names, add SNMP community and enable SNMP agent on administration/SNMP. You can also enable SNMP traps here.

EventLog configuration

For the Syslog export, go to System Services/Log Settings. Add a Syslog server, with all the standard configurations. The facility level can be a random thing, while for the security level set log messages cut-off level depending on your needs.

 

As a final step, check the box to enable logs for all options. Bear in mind, Sophos has numerous log options and if you enable all of them you could receive millions of messages rather quickly.

With these settings configured, you should see Syslog messages on your NetVizura instance.