Capture Security Appliance Getting Started Guide

Deployment Examples

There are three primary deployments for the Capture Security Appliance:

  • Single Office/Single Location

    The CSa can be deployed anywhere on the network. It must be reachable via an IP address, and SonicWall firewalls connected to it must be able to access it via UDP on port 2259.

    Firewalls and Email Security systems can send suspicious files to the CSa for analysis within the local network, rather than using the SonicWall Capture ATP cloud service.

    Single office deployment

  • Distributed Enterprise / Multiple Locations

    Multiple offices or branches can share access to a single CSa device, deployed either in the headquarters data center or in a remote data center accessible by all devices.

    Files can be sent to the CSa directly over the internet or over VPN.

    You can use either SonicWall GMS or the cloud-based NSM centralized management solutions for rapid configuration of multiple SonicWall systems to point to the CSa.

    Distributed offices in CSa deployment

  • REST API Gateway

    The Capture Security Appliance has a REST API interface that can be used to submit files for analysis and query results by threat intelligence teams via their own scripts, web-portal integrations and other security products.

    Instructions on how to get started with API scripting for the CSa along with code samples are available at

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.