Integrating SonicWall Capture Client with SonicWall Firewalls

Description

By integrating Capture Client with SonicWall firewalls, administrators gain greater visibility and control over endpoints behind the firewalls. The key features delivered are:

  • Endpoint Security Enforcement– Endpoints behind the firewall that do not have Capture Client running, will not be able to access Internet-based services via the firewall. Users of these endpoints will be prompted to download and install Capture Client via a Block page in their browser to regain connectivity to the Internet.

Image

  • User Visibility and Single Sign-On (SSO) – IP addresses of endpoints behind the firewall are automatically mapped to the user logged into the endpoints at the time which is used for user activity reporting as well as single-sign on (SSO) to the firewall for user-based access policies. 

 Image

  • Network Threat Alerts – Endpoints running Capture Client that trigger threat detections on the firewall by the GAV, IPS, App Control or Botnet engines will see a notification on their endpoint.
  • Enabling DPI-SSL – Certificate Provisioning  can become a very cumbersome task and can hamper operational efficiency. With Capture Client Trusted Certificate Policies,  administrators can enforce the installation of SSL certificates that will be used to inspect encrypted traffic to/from endpoints using the DPI-SSL feature.

Resolution

Enabling the integration and using these features requires some action from the administrator:

SSO must already be enabled on the Firewall because this is not a stand alone solution.

Please refer to the KB article: How can I configure Single Sign-On on SonicWall firewall?

1. Share the Capture Client licenses with your firewalls - this requires that the Capture Client product and the firewalls be registered in the same MySonicWall tenant. Administrators can choose to share the licenses with some/all of the firewalls - depending on where they want to enforce the use of Capture Client on endpoints.

2. Sharing licenses activates the Enforcement service on the firewalls which can now be configured as follows:

3. Login to your Capture Client Management portal and navigate to Policy | Client Policy and check your firewall serial number within "Enforced Firewalls" and update the policy.

Note :

  1. If the firewall serial number is not selected within enforced firewalls list on CMC portal, the endpoint with capture client agent installed will not be authenticated on firewall and internet access will not be granted. 
  2. The integration features are only supported with firewalls running at least SonicOS 6.5.4 on Gen 6/6.5 firewalls or at least SonicOS/SonicOSX 7.0 on Gen7 firewalls. 

Related Articles

  • How to use Resource Monitor to see if a Capture Client Interoperability Exclusion is Being Applied
    Read More
  • How to purge crash dumps created by Capture Client Threat Protection Engine
    Read More
  • Capture Client – Migrate local CMC user login to MySonicWall account login
    Read More
not finding your answers?