Getting Started with Capture Security Center

03/26/2020 160 16214

DESCRIPTION:

To start, you need to have a MySonicWall account to access Capture Security Center and related web services. To set that up, go to https://mysonicwall.com and click on Sign Up.

After registration, and successful account activation, go to https://cloud.sonicwall.com to launch Capture Security Center.

Capture Security Center Services

Initially only the Licensing and MySonicWall tiles will be highlighted. Other service tiles will get highlighted later based on the added firewalls / enabled services.

Threat Meter – SonicWall Security center showing worldwide Threats.

Cloud GMS (CGMS) 2.0 – Include Firewall Management, Reporting & Analytics.

Capture Client – Include security enforcement, DPI-SSL certificate management, behavioral monitoring,

CAS - To secure SaaS application usage and reduce risk by delivering discovery, visibility, and control.

Licensing - Allows to quickly view and activate SonicWall licensing.

MySonicWall – Allows access to MySonicWall account to manage user accounts and products.

To enable and access above service/s, follow specific instructions below for each services. As mentioned earlier, it may require additional licensing on the firewall to enable some services.

Threat Meter

The SonicWall Security Center provides a three-page view of the worldwide attacks. These views can be seen by clicking on the orange bars at the bottom of the window.

1. Login to CSC.
2. Click THREAT METERS link at the top.
3. This takes you directly to the SonicWall Security Center.
   
   
   
4. By default it shows Worldwide Attack. To change view, click at the very bottom link.

CGMS (Management / Reporting / Analytics)

• Registering Firewall for CSC

1. Navigate to https://cloud.sonicwall.com and login using your MySonicWall credentials.
2. Select the MySonicWall tile.
3. On the MySonicWall Dashboard, click  Add Product icon.
4. Enter the serial number and click Continue.
   
   
   
5. Provide the Friendly name and the Authentication code.
6. Select the Product group from the drop-down menu.
7. Click Register.

• Licensing Firewall for CSC services

1. Once registered, navigate back to the License panel and enable / purchase the license for the firewall.
2. Type of Licenses: Below are license type and overview as what is included.
   
   CSC Management Lite: For Limited Firewall Management
   CSC Management: Includes CSC Management Lite + Group level management, Workflow
   CSC Management & Reporting: Includes CSC Management + Reports + Schedule Reports
   CSC Analytics: CSC Management Lite + Reports + Schedule Reports + Drilldown + CAS
   
   
   
3. Upon licensing the Firewall, navigate back to CSC main page and click on the Licensing tab and your firewall should be listed there. Now hover over the Firewall and at the extreme end of the row (right side) click on ‘Try’ and then go back to main CSC page.
4. Once back on CSC main page, click on Management and then add the firewall there. If using Zero Touch, you should see the firewall under Device Manager.

Adding Firewall to CSC / CGMS:There are two ways to d this.

• Manually Adding firewall to CSC / CGMS

1. Login to CSC and click Management tile which will take you to the CGMS.
2. Navigate to Device Manager | Global View and right click.
3. Click Add Unit and provide details in the popup box.
   
   
   
4. If needed click the Advanced setting and click OK.
   
   
   
5. Once added, the unit will start showing under Global View and under Status you can see the acquisition history.
   
   
6. If non-SonicWall firewalls are between Capture Security Center and a SonicWall firewall please allow the following inbound/outbound services/ports.

• Inbound from CSC to firewall
  
  HTTPS management port – 443 or other custom port
  ESP - 50
  IKE ports – UDP 500 & UDP 4500
  
  
• Outbound from firewall to CSC
  
  Syslog port – UDP 514
  ESP - 50
  IKE ports – UDP 500 & UDP 4500
  If using Zero Touch, TCP port 21021 is required.
  
  
• Using Zero Touch

1. Please refer to the ‘Getting Started Guide - Zero Touch’ to enable and acquire firewall using Zero Touch - https://software.sonicwall.com/gmsvp/Dev-Training/index.html.
2. Once the firewall is added and acquired into the GMS, you should be able to Manage firewall, see reporting data or analytics depending on the license enabled on the firewall.
3. Return to the Capture Security Center by clicking on the down arrow ( ) at the top of the page and then click on other Tiles like Reporting, Analytics etc. to check data there.

Capture Client: To provision the Capture Client on CSC follow below steps.

1. Select MySonicWall from the Capture Security Center.
2. Navigate to Product Management | My Products.
3. Select the ‘+’ icon to Add Client Licenses.
   
   
   
4. Enter a name for the Client License Group. The name may be up to 30 characters.
5. Click Confirm.
6. In the newly created product, click  Licenses tab.
7. Scroll down to Capture Client. You may need to scroll down using the inside scroll bar.
   
   
   
8. Click Key icon for Capture Client Advanced Protection to activate the service.
9. Enter the activation key (provided by your SonicWall) and click Submit.
10. Click on the link for Capture Client Advanced Protection.
11. Go back to CSC main page and click Capture Client Tile to access.

Cloud App Security: See below steps to enable CAS

1. Enable license i.e. CSC Analytics as CAS bundled as a part of the Analytics license.
2. Once enabled login back to CSC and click on CAS tile. You should see the below Dashboard.
   
   
   
   

   NOTE: Make sure that you are seeing data in Web Activity Reports on the Reports / Analytics panel for the firewall.

3. If you have multiple firewalls licensed and enabled for CAS click on the dropdown box (top right) and select the firewall.