How to add firewall to Flow Based On-Prem Analytics

This article provides instruction on how to add the firewall to On-Prem Analytics after the server has been installed. We will also go over the firewall settings that need to be enabled for the flow reporting to work.

Adding a firewall to your flow Analytics server include two steps, First to add the firewall to the Analytics server.  Second is to point the flow settings properly on the firewall to point to new server.  This article goes over those steps.

Pre-requisite:

Must have On-Prem Analytics server installed licensed and configured

Firewall/s must have App Visualization licensed and enabled

Adding a firewall to your flow Analytics server include two steps, First to add the firewall to the Analytics server.  Second is to point the flow settings properly on the firewall to point to new server.  This article goes over those steps.

STEP 1:

To add your firewall to Analytics, click the plus icon on the top left corner of your screen.

-In the Popup "Add Firewall" window you will need to add the a name for the firewall its Serial Number (Serial number of the Primary if using HA).

-The drop down options for Model are listed is as such.  Choose the best option for the firewall you will be adding.

SOHO/NSv Low

TZ/NSv Med

NSA/NSv High

SM/NSv

(SM is short for SuperMassive, but can also include current NSsp Large Enterprise firewall models)

-Once filled out click OK.

-Your firewall is now added to On-Prem Flow Analytics.

STEP 2:

The second step is to point your firewall to the On-Prem Analytics Server IP for flow reporting to work. 

1. Login to the Firewall and Click Device / AppFlow / Flow Reporting then click on the AppFlow Agent Tab.

2. Next, Toggle on the following options

  Send AppFlow To SonicWall AppFlow Agent [*]

  Send Real-Time Data To SonicWall AppFlow Agent

  Report On Connection CLOSE

3. Now go to Device / AppFlow / AppFlow Agent page and enter following info and click ‘Accept’

AppFlow server Address (This would be IP address of On-Prem Analytics server)

Source IP to use over VPN tunnel (Required only in case of Site to Site VPN tunnel to the AppFlow Server)

NOTE: Make sure that the Firewall is able to access the On-Prem Analytics flow server on UDP 2055 and UDP 9060

4.  Once done, click the ‘Synchronize Server’ button to get it synced with your Analytics server and pull latest signature / Application names.

Note: This is Important for viewing Signature and Application names, otherwise only the ID numbers will show up.

Similar Gen6 flow instructions can be found in the article below.

https://www.sonicwall.com/support/knowledge-base/gms-flow-server-configuration-settings-on-firewall/190205194634363/