By integrating Capture Client with SonicWall firewalls, administrators gain greater visibility and control over endpoints behind the firewalls. The key features delivered are:
Endpoint Security Enforcement– Endpoints behind the firewall that do not have Capture Client running, will not be able to access Internet-based services via the firewall. Users of these endpoints will be prompted to download and install Capture Client via a Block page in their browser to regain connectivity to the Internet.
User Visibility and Single Sign-On (SSO) – IP addresses of endpoints behind the firewall are automatically mapped to the user logged into the endpoints at the time which is used for user activity reporting as well as single-sign on (SSO) to the firewall for user-based access policies.
Network Threat Alerts – Endpoints running Capture Client that trigger threat detections on the firewall by the GAV, IPS, App Control or Botnet engines will see a notification on their endpoint.
Enabling DPI-SSL – Certificate Provisioningcan become a very cumbersome task and can hamper operational efficiency. With Capture Client Trusted Certificate Policies,administrators can enforce the installation of SSL certificates that will be used to inspect encrypted traffic to/from endpoints using the DPI-SSL feature.
Enabling the integration and using these features requires some action from the administrator:
1. Share the Capture Client licenses with your firewalls - this requires that the Capture Client product and the firewalls be registered in the same MySonicWall tenant. Administrators can choose to share the licenses with some/all of the firewalls - depending on where they want to enforce the use of Capture Client on endpoints.
2. Sharing licenses activates the Enforcement service on the firewalls which can now be configured as follows: