Security Analytics Engine 1.2 - SonicWALL Configuration Guide

Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Introduction to using SonicWALL with the Security Analytics Engine SonicWALL requirements

SonicWALL Processor Service Installation and Configuration

Introduction to the SonicWALL Processor service SonicWALL Processor service installation SonicWALL Processor service configuration

SonicWALL Firewall Configuration Settings

Introduction to the SonicWALL firewall Required SonicWALL configuration

Optional SonicWALL Configuration

Introduction to the optional SonicWALL configurations User identification (recommended) Client computer name identification SSL-Encrypted detection

User identification (recommended)

Optional SonicWALL Configuration > User identification (recommended)

Although not required, it is strongly recommended that you take advantage of the user authentication options available with SonicWALL in order to best protect your applications from being accessed by a user ID associated with undesirable activity. SonicWALL user identification is a complex subject, with each option having both benefits and risks. For that reason, all options should be reviewed prior to configuration. In addition, see the SonicOS Administrator’s Guide for more information about configuring user authentication.

Client computer name identification

Optional SonicWALL Configuration > Client computer name identification

In order for the SonicWALL firewall to provide computer name information in the AppFlow packets, and subsequently in the Security Analytics Engine user and IP address activity record details, enable MAC-IP Anti-spoofing in the firewall administration, as follows:

Expand Network in the left-hand pane and select MAC-IP Anti-spoof.
Using the Settings for <nn> interface(s) drop-down, select the desired firewall interface (for example, XO is typically the LAN interface).
Click the button in the Configure column to open the Edit MAC-IP Anti-Spoof Settings dialog.
Select the check boxes for the following items:
- Enable - Enable MAC-IP based anti-spoofing
- Spoof Detection - Create MAC-IP spoof detection list for packets failing to match anti-spoof cache
- Allow Management - All traffic destined to the box will be allowed without a valid MAC-IP Anti-spoof cache
Click the OK button. Over time, the cache of detected computer names can be viewed in the Spoof Detected List.

SSL-Encrypted detection

Optional SonicWALL Configuration > SSL-Encrypted detection

In order for the SonicWALL firewall to inspect SSL-encrypted (HTTPS) web traffic, and subsequently provide user and IP address activity detection details for HTTPS web activity, enable DPI-SSL in the firewall administration.

Expand DPI-SSL in the left-hand pane and select Client SSL.
Select the Enable SSL Client Inspection check box and select the following sub-options (listed security services).
- Intrusion Prevention
- Gateway Anti-Virus
- Gateway Anti-Spyware
You may also enable additional options.

In the Certificate field drop-down, select the certificate to use for client SSL inspection.

NOTE: The selected certificate must be trusted by the client machines in order to avoid prompts and warnings for users. See the SonicOS Administrator’s Guide for more information on selecting and configuring browser trust for the selected certificate.

(Optional) Configure any necessary DPI-SSL inclusion/exclusion options.
Click the Accept button to save the configuration.

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

Security Analytics Engine 1.2 - SonicWALL Configuration Guide

User identification (recommended)

Client computer name identification

SSL-Encrypted detection