-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Integrating SonicWall Capture Client with SonicWall Firewalls
06/27/2024 
29 People found this article helpful
472,443 Views
Description
By integrating Capture Client with SonicWall firewalls, administrators gain greater visibility and control over endpoints behind the firewalls. The key features delivered are:
- Endpoint Security Enforcement– Endpoints behind the firewall that do not have Capture Client running, will not be able to access Internet-based services via the firewall. Users of these endpoints will be prompted to download and install Capture Client via a Block page in their browser to regain connectivity to the Internet.
- User Visibility and Single Sign-On (SSO) – IP addresses of endpoints behind the firewall are automatically mapped to the user logged into the endpoints at the time which is used for user activity reporting as well as single-sign on (SSO) to the firewall for user-based access policies.
- Network Threat Alerts – Endpoints running Capture Client that trigger threat detections on the firewall by the GAV, IPS, App Control or Botnet engines will see a notification on their endpoint.
- Enabling DPI-SSL – Certificate Provisioning can become a very cumbersome task and can hamper operational efficiency. With Capture Client Trusted Certificate Policies, administrators can enforce the installation of SSL certificates that will be used to inspect encrypted traffic to/from endpoints using the DPI-SSL feature.
Resolution
Enabling the integration and using these features requires some action from the administrator:
1. Share the Capture Client licenses with your firewalls - this requires that the Capture Client product and the firewalls be registered in the same MySonicWall tenant. Administrators can choose to share the licenses with some/all of the firewalls - depending on where they want to enforce the use of Capture Client on endpoints.
2. Sharing licenses activates the Enforcement service on the firewalls which can now be configured as follows:
- Configure the Endpoint Security Enforcement service including enabling User SSO for User Visibility and enabling Network Threat Alerts
- Configure Endpoint Security Rules to enforce endpoints - if necessary create multiple profiles and rules to enforce differently for different endpoints in different Zones
- Configure DPI-SSL/TLS for Clients for visibility into encrypted traffic and use Capture Client Trusted Certificate Policies to deploy the certificates
Note – the integration features are only supported with firewalls running at least SonicOS 6.5.4 on Gen 6/6.5 firewalls or at least SonicOS/SonicOSX 7.0 on Gen7 firewalls.
Related Articles
- How to Decommission and Remove Devices in Capture Client Console
- SonicWall Capture Client and Jamf Pro
- Capture Client – Pre-requisites for Windows
YES
NO