Integrating SonicWall Capture Client with SonicWall Firewalls

By integrating Capture Client with SonicWall firewalls, administrators gain greater visibility and control over endpoints behind the firewalls. The key features delivered are:

• Endpoint Security Enforcement– Endpoints behind the firewall that do not have Capture Client running, will not be able to access Internet-based services via the firewall. Users of these endpoints will be prompted to download and install Capture Client via a Block page in their browser to regain connectivity to the Internet.

• User Visibility and Single Sign-On (SSO) – IP addresses of endpoints behind the firewall are automatically mapped to the user logged into the endpoints at the time which is used for user activity reporting as well as single-sign on (SSO) to the firewall for user-based access policies. 

• Network Threat Alerts – Endpoints running Capture Client that trigger threat detections on the firewall by the GAV, IPS, App Control or Botnet engines will see a notification on their endpoint.
• Enabling DPI-SSL – Certificate Provisioning  can become a very cumbersome task and can hamper operational efficiency. With Capture Client Trusted Certificate Policies,  administrators can enforce the installation of SSL certificates that will be used to inspect encrypted traffic to/from endpoints using the DPI-SSL feature.

Enabling the integration and using these features requires some action from the administrator:

SSO must already be enabled on the Firewall because this is not a stand alone solution.

Pleare refer to the KB article: How can I configure Single Sign-On on SonicWall firewall?

1. Share the Capture Client licenses with your firewalls - this requires that the Capture Client product and the firewalls be registered in the same MySonicWall tenant. Administrators can choose to share the licenses with some/all of the firewalls - depending on where they want to enforce the use of Capture Client on endpoints.

2. Sharing licenses activates the Enforcement service on the firewalls which can now be configured as follows:

• Configure the Endpoint Security Enforcement service including enabling User SSO for User Visibility and enabling Network Threat Alerts
• Configure Endpoint Security Rules to enforce endpoints - if necessary create multiple profiles and rules to enforce differently for different endpoints in different Zones
• Configure DPI-SSL/TLS for Clients for visibility into encrypted traffic and use Capture Client Trusted Certificate Policies to deploy the certificates

Note – the integration features are only supported with firewalls running at least SonicOS 6.5.4 on Gen 6/6.5 firewalls or at least SonicOS/SonicOSX 7.0 on Gen7 firewalls.