How to license and setup Capture Advance Threat Protection in SonicOS 6.2.6.x and above

10/14/2021 215 21218

DESCRIPTION:

Capture Advance Threat Protection (Capture ATP) Overview:

The SonicWall Capture ATP solution is available in SonicOS 6.2.6.x and above.

Capture ATP helps SonicWall firewall identify whether a file is a virus or not by transmitting the file to the Cloud where the SonicWall Capture ATP cloud service analyzes the file to determine if it is a virus and it then sends the results to the SonicWall firewall. This process is done in real time while the file is being processed by the SonicWall firewall. Capture ATP uses the UFTP protocol to transfer the file. UFTP stand for User Datagram Protocol (UDP) File Transfer Protocol (FTP).

The Capture ATP process of a SonicWall firewall communicating with the SonicWall Capture ATP cloud service involves six major steps:

1. The SonicWall firewall sends the file to SonicWall Capture ATP cloud services.
2. The SonicWall Capture ATP cloud services saves the file in its repository.
3. SonicWall Capture ATP cloud services analyses the file.
4. SonicWall Capture ATP cloud services. stores the results in the SonicWall Capture ATP cloud services database.
5. SonicWall Capture ATP cloud services access the SonicWall Capture ATP cloud services database.
6. SonicWall Capture ATP cloud services sends results to the SonicWall firewall.

The firewall is located in the customer premises. The SonicWall Capture ATP cloud services and database. are located at a Dell SonicWall facility. 

The FQDN of the SonicWall Capture ATP cloud services is resolved by the SonicWall firewall periodically. This FQDN is also resolved anytime it is changed by the License Manager.

RESOLUTION:

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Get the SonicWall Capture ATP License

SonicWall Capture ATP is only available in SonicOS 6.2.6.x and above.

Go to Monitor | System Status to view Security Services license status.

In this example, Capture ATP is "Not Licensed" 

Go to Manage | Licenses page and and go to Manage Security Services Online

To Active, Upgrade, or Renew services, use any option from two methods provided.

If selected number 2 method, then by clicking from here, you will see as in image below:

Login with your MySonicWAll account.

Next you will be offered a Try option for Capture Advanced Threat Protection

Click on "Try" option in Capture Advanced Threat Protection for the Free Trial page

Now, your System | status page will show Capture ATP as Licensed

Manage | License  page will also show Capture ATP as Licensed.

Note: Even when Capture ATP is shown as Licensed, you will also need to enable the Capture ATP Service in SonicOS

Enable the Capture ATP service in SonicOS

To enable Capture ATP, go to Manage | Security Services  | Capture ATP | Settings page

Under Basic Setup Checklist

Enable Gateway Anti-Virus and Cloud Anti-Virus Database by clicking on "(manage settings)"

Clicking on manage settings takes you to Security Services | Gateway Anti-Virus page

Enable check box for "Enable Gateway Anti-Virus"
Enable check box for "Enable Cloud Anti-Virus Database"

Click on Accept

Next, return to Capture ATP, go to Capture ATP | Settings page

Under Basic Setup Checklist, the Capture ATP subscription should show a valid until date and an "enable it" link

Click on the "enable it" link

Make sure that the line items for Gateway Anti-Virus and Cloud Anti-Virus has a green check mark.

Check the Capture ATP status

go to Capture ATP | Settings page

Under Basic Setup Checklist: Capture ATP is Enabled until date (it should have a Green Check)

To disable Capture ATP, click on the "disable it" link

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

Get the SonicWall Capture ATP License

SonicWall Capture ATP is only available in SonicOS 6.2.6.x and above.

Go to System | Status to view Security Services license status.

In this example, Capture ATP is "Not Licensed" 

Go to System | Licenses page and and scroll down to Manage Security Services Online

Go to line "To Active, Upgrade, or Renew services, click here"

Click on the "click here" link for your MySonicWall License Management

Enter your MySonicWall username and password and click Submit

Next you will be offered a Try option for Capture Advanced Threat Protection

Click on "Try" option in Capture Advanced Threat Protection for the Free Trial page

This is your Capture ATP free trial page

In the Data Center nearest to you drop down box, select the location nearest to you

Click the Continue box to activate

Now, your System | status page will show Capture ATP as Licensed

Note: Even when Capture ATP is shown as Licensed, you will also need to enable the Capture ATP Service in SonicOS

Enable the Capture ATP service in SonicOS

To enable Capture ATP, go to Capture ATP | Settings page

Under Basic Setup Checklist

Enable Gateway Anti-Virus and Cloud Anti-Virus Database by clicking on "(manage settings)"

Clicking on manage settings takes you to Security Services | Gateway Anti-Virus page

Enable check box for "Enable Gateway Anti-Virus"
Enable check box for "Enable Cloud Anti-Virus Database"

Click on Accept

Next, return to Capture ATP, go to Capture ATP | Settings page

Under Basic Setup Checklist, the Capture ATP subscription should show a valid until date and an "enable it" link

Click on the "enable it" link

Make sure that the line items for Gateway Anti-Virus and Cloud Anti-Virus has a green check mark.

Check the Capture ATP status

go to Capture ATP | Settings page

Under Basic Setup Checklist: Capture ATP is Enabled until date (it should have a Green Check)

To disable Capture ATP, click on the "disable it" link