I have a Sophos UTM virtual firewall at home. We use LiveAction at work and I recently downloaded the 14 day trial to play around with at home.
I should be able to do IPFIX, correct? The Sophos has IPFIX enabled and pointed to the LiveAction vm, but nothing is happening. The “Configure Flow” option is always greyed out. The Sophos device added fine. There were no issues with credentials or anything.
Should this not be working?
I haven’t heard anything about the Sophos device but we certainly manage many other firewalls. Did you add it as a snmp device or probe? Sounds like it was SNMP.
Unfortunately, not all devices conform to RFC1213. I suspect it doesn’t support IPaddrtable and LiveNX needs that in order to overlay flow data on top of the topology. You may have to manually add the IP addr of the discovered interfaces. Goto “Advanced Add” to do that.
If that doesn’t work, you may have to add it as a probe. We would be happy to help you with this. Just contact our support team.
I just uploaded a few slides…
I don’t seem to have credentials that I can use to view the slides. I don’t have a box account.
Thank you. Not sure what that process does other than allow me to select specific interfaces while adding the device. Nonetheless, I removed the device and re-added it using advanced add. I still cannot configure any flow on it.
Easier if I get support to help you with this over webex so we can walk you thro’. Can you send me an email firstname.lastname@example.org and I’ll connect you… Thanks…
It’s going to be tough for me to find time to do this during regular working hours. We use LiveAction at work, but it’s at home that I have been playing with IPFIX and the Sophos device.
Though, I did get it working with a different analyzer. I spun up a Plixer Scrutinizer vm and pointed the IPFIX config on the Sophos to it, and it sees the device and it’s flow just fine. It shows up as I10 (IPFIX v10), so I know the Sophos device is fine, it’s just LiveAction seems to have trouble with it.