SonicWALL CSa 1000 Getting Started Manual page 5

To utilize the Capture Security Appliance with a connected firewall, the firewall must be able to ping and
communicate via UDP port 2259. Email Security and API scripts need to be able to ping and access the Capture
Security Appliance via HTTPS. As long as the firewalls ,Email Security or API Connector can ping the CSa, it is
operational.
The Capture Security Appliance operates in one-arm mode. Traffic does not pass through it and the CSa does
not sniff files from the network. Files must be sent to the CSa by the supported sources (firewall, Email Security or
API).
The current capabilities of the Capture Security Appliance include:
Analysis:
l
Global Verdict Lookup – SHA256 reputation lookup is performed before proceeding to static and
l
dynamic analysis.
RTDMI Static & Dynamic Analysis
l
Whitelist / Blacklist
l
User Role Management – Ability to create various roles (such as security analyst, network engineer) and
l
control what the various roles can see, access and edit.
Scheduled Reporting & Alerts – Ability to create scheduled reports for groups of file sources on a
l
schedule.
Security Dashboard – Provides a quick glance at file activity.
l
Configuration Backup & Management – Provides safe upgrade/downgrade operations.
l
API Access – Provides access for file analysis.
l
Capture Security Appliance 1000 Getting Started Guide 5
Technical Overview