SonicWALL CSa 1000 Getting Started Manual
  1. Manuals
  2. Brands
  3. SonicWALL Manuals
  4. Firewall
  5. CSa 1000
  6. Getting started manual
SonicWALL CSa 1000 Getting Started Manual

SonicWALL CSa 1000 Getting Started Manual

Capture security appliance
Hide thumbs Also See for CSa 1000:
Table of Contents

Advertisement

Quick Links

Download this manual
Capture Security Appliance
Getting Started Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the CSa 1000 and is the answer not in the manual?

Questions and answers

Related Manuals for SonicWALL CSa 1000

Summary of Contents for SonicWALL CSa 1000

  • Page 1 Capture Security Appliance Getting Started Guide...

  • Page 2: Table Of Contents

    Change the Administrator Password Initial Setup Using Web Management Register and License Upgrade the Firmware Configure Allowed Devices Related Documents for Additional Configuration Creating a MySonicWall Account SonicWall Support About This Document Capture Security Appliance 1000 Getting Started Guide Contents...

  • Page 3: Introduction

    Introduction Welcome to the SonicWall Capture Security Appliance Getting Started Guide. This guide provides the information you need to deploy your Capture Security Appliance (CSa) in your network, configure the initial settings, and prepare it to start analyzing suspicious files from your firewalls, Email Security systems and API connectors.

  • Page 4: Technical Overview

    Reporting Role-Based access You can connect the Capture Security Appliance to a supported SonicWall firewall and/or SonicWall Email Security appliance, or to an API Connector. Because the Capture Security Appliance is IP addressable, it does not need to be connected directly to a firewall or Email Security appliance in order to process files.
  • Page 5 To utilize the Capture Security Appliance with a connected firewall, the firewall must be able to ping and communicate via UDP port 2259. Email Security and API scripts need to be able to ping and access the Capture Security Appliance via HTTPS. As long as the firewalls ,Email Security or API Connector can ping the CSa, it is operational.

  • Page 6: Deployment Examples

    The CSa can be deployed anywhere on the network. It must be reachable via an IP address, and SonicWall firewalls connected to it must be able to access it via UDP on port 2259. Firewalls and Email Security systems can send suspicious files to the CSa for analysis within the local network, rather than using the SonicWall Capture ATP cloud service.
  • Page 7 Instructions on how to get started with API scripting for the CSa along with code samples are available at https://github.com/sonicwall. Capture Security Appliance 1000 Getting Started Guide Deployment Examples...

  • Page 8: Prerequisites For Csa Deployment

    Prerequisites for CSa Deployment The following SonicWall appliances and versions are supported in a Capture Security Appliance deployment: Capture Security Appliance running 1.2.0 or newer Firewalls running SonicOS/X 7.0.0 or newer Firewalls running SonicOS 6.5.4.6 or newer Email Security running 10.0.6 or newer...

  • Page 9: High-Level Task List

    High-Level Task List The following are the steps for a successful deployment of your Capture Security Appliance: 1. Physically connect the CSa to your network device and management computer 2. Log into the CSa 3. Change the admin account password (highly recommended) 4.

  • Page 10: Hardware Overview

    Hardware Overview This section describes the hardware components of the CSa 1000 appliance. FRONT PANEL ILLUSTRATION FRONT PANEL COMPONENT DESCRIPTIONS Item Description LCD controls Display port - Disabled Console port for serial connection Settings are: Speed=115200, Data bits=8, Stop bits=1, Parity=None, Flow control=None...
  • Page 11 Item Description Reset button Power button X0/X1 - 1 Gigabit interfaces X0 is a Dedicated Management interface X1 can be configured as a WAN interface and used for WAN management X2/X3 - 1 Gigabit interfaces Can be configured as a WAN interface / WAN management X4/X5 - 1 Gigabit interfaces Can be configured as a WAN interface / WAN management X6/X7 - 10G interface...
  • Page 12 BACK PANEL ILLUSTRATION BACK PANEL COMPONENT DESCRIPTIONS Item Descriptions Hard drives (2 x 960GB storage modules, RAID) Primary power supply Fans (3) Redundant power supply In addition to the two RAID disks that contain the appliance data, the CSa1000 also has internal storage used for the operating system and maintenance which is not accessible or serviceable by users.

  • Page 13: Connect And Power On

    Connect and Power On This section describes the initial physical setup of your Capture Security Appliance . To connect and power on your Capture Security Appliance: 1. Install the appliance into a rack with your other networking equipment. The Capture Security Appliance is designed to be mounted in a standard 19-inch rack mount cabinet.

  • Page 14: Change The Administrator Password

    Change the Administrator Password For security, SonicWall recommends that you change the password for the administrator account as the first step of the initial setup of your Capture Security Appliance. To change the administrator password: 1. Log into the CSa web management interface as the administrator using the default credentials, admin / password.

  • Page 15: Initial Setup Using Web Management

    This section describes how to configure network settings on your Capture Security Appliance, including time zone and mail server settings. If you haven't already changed the password for the administrator account, SonicWall strongly recommends that you do that right away. (Refer to Change the Administrator Password for instructions.)
  • Page 16 In the WAN section, configure the following settings: IPv4 – This is the IP address of the WAN interface. Select DHCP addressing if your DHCP server will provide an address, or enter a static IP address on your network. Any interface except X0 can be selected as the WAN/Management interface, including the 10GbE X6/7 ports.
  • Page 17 If the default subnet overlaps with the CSa WAN or LAN (X0) subnets, you must select a different subnet for the Internal Network from the Group list. 5. On the Time screen, select your timezone and optionally enter IP addresses for NTP Server 1, 2 and 3. Capture Security Appliance 1000 Getting Started Guide Initial Setup Using Web Management...
  • Page 18 6. On the Mail Server screen, optionally add your mail server settings. SonicWall recommends configuring a mail server. 7. Click Save to save your changes. 8. Test connectivity from your management computer by pinging the appliance WAN IP that you just saved, and by accessing it via HTTPS in your browser.

  • Page 19: Register And License

    Register and License Registration and licensing is a critical step in the initial setup of your Capture Security Appliance. Without it, the CSa will not perform file analysis, nor can you update its firmware. If you do not yet have a MySonicWall account, you can easily create one as described in Creating a MySonicWall Account.
  • Page 20 5. Optionally activate a REST API license for your Capture Security Appliance. You need a separate license to use an API Connector with the CSa, the REST API ACTIVATION FOR SONICWALL CAPTURE APPLIANCE license. License SKUs are available starting at 1 year and up to 6 years in one-year increments.
  • Page 21 7. On the Registration/Licensing screen, click the Synchronize with License Server button. The CSa pulls licensing information from the SonicWall License Server and is then fully registered and licensed. The next step is to upgrade firmware on your Capture Security Appliance. For instructions, continue to the Upgrade the Firmware section.

  • Page 22: Upgrade The Firmware

    Upgrade the Firmware SonicWall recommends running the latest firmware on your Capture Security Appliance. Your appliance must be registered and licensed in MySonicWall before you can update firmware on it. To update firmware on your CSa: 1. Log into your CSa as an administrator.
  • Page 23 The appliance loads the selected firmware and restarts. This may take a few minutes. The next step is to configure your Capture Security Appliance to accept files for analysis from your firewalls and other systems. Proceed to Configure Allowed Devices. Capture Security Appliance 1000 Getting Started Guide Upgrade the Firmware...

  • Page 24: Configure Allowed Devices

    Configure Allowed Devices Allowed devices are those firewalls, API Connectors, and Email Security systems from which the CSa will accept files for analysis. Configuring allowed devices is therefore a critical step in the initial setup of your Capture Security Appliance. To begin the configuration, log into your CSa as the administrator and navigate to the Configuration >...
  • Page 25 This is the last step needed for initial setup of your Capture Security Appliance. You may also wish to configure users, user roles, reporting options and other settings, and you will need to connect and configure your firewalls and other devices to communicate with your CSa. These topics are covered in other SonicWall documentation, described in the Related Documents for Additional Configuration section.

  • Page 26: Related Documents For Additional Configuration

    For information about configuring Email Security to use the Capture Security Appliance, refer to the: Email Security 10.0 Administration Guide These administration guides are available on the SonicWall Technical Documentation portal at https://www.sonicwall.com/support/technical-documentation. Filter by product, document type and version, or use the Search field to locate these documents.

  • Page 27: Creating A Mysonicwall Account

    You need to have a valid MySonicWall account to use Capture Security Appliance. A MySonicWall account is critical to receiving the full benefits from SonicWall security services, firmware updates, and technical support. MySonicWall is used to license your site and to activate or purchase licenses for other security services specific to your security solution.
  • Page 28 15. To set up the distributor information: a. Input the Distributor Name. b. Input the Customer Number. c. Click Add Distributor. 16. Click Finish. 17. Check your email for a verification code and enter it in the Verification Code* field. If you did not receive a code, contact Customer Support by clicking on the support link.

  • Page 29: Sonicwall Support

    SonicWall Support Technical support is available to customers who have purchased SonicWall products with a valid maintenance contract. The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. To access the Support Portal, go to https://www.sonicwall.com/support.

  • Page 30: About This Document

    Open Source Code SonicWall Inc. is able to provide a machine-readable copy of open source code with restrictive licenses such as GPL, LGPL, AGPL when applicable per license requirements. To obtain a complete machine-readable copy, send your written requests, along with certified check or money order in the amount of USD 25.00 payable to “SonicWall Inc.”, to:...

Table of Contents