Deploy an AWN1000 10G Sensor with internal tap

You can deploy your AWN1000 10G Sensor with internal tap.

For more information about the network configuration of internal tap deployment, see Arctic Wolf Sensor internal tap deployment.

Note:

Some detections may not be available if sensors cannot see the relevant network traffic, including traffic flowing through different switches or unmonitored firewalls. Make sure that sensors are properly placed across all network egress points.
During connectivity tests, appliances may communicate with external IP addresses behind a cloud service that Arctic Wolf hosts.

These actions are required:

Verify that these items are in the box from Arctic Wolf®:
- AWN1000 Sensor with 10G card
  Note:
  Your sensor has a tamper-evident asset ID: AWN-12XXXXXX. Contact your Concierge Security® Team (CST) at security@arcticwolf.com if the asset ID is missing or was tampered with.
- Three CAT6 RJ45 Ethernet cables, 2m
- A crossover RJ45 Ethernet cable (red), 2m — Use only if needed
- Two LC-LC short range multi-mode fiber cables, 1m
- Two LC-LC long range single-mode fiber cables, 1m — If 10G Fiber Long Range was ordered
- Four LC-LC short range multi-mode fiber cables, 1m — If 10G Short Range was ordered
- Four LC-LC long range single-mode fiber cables, 1m — If 10G Long Range was ordered
- An AC30 US power cord
  Note:
  - If you are in these countries, you are shipped a country-specific power cord:
    - Australia
    - Brazil
    - China
    - European Union
    - India
    - Israel
    - Italy
    - Switzerland
    - United Kingdom
  - If you are outside of these countries, you are shipped an AC30 US power cord.
- Two AC30 US power cords
  Note:
  - If you are in these countries, you are shipped country-specific power cords:
    - Australia
    - Brazil
    - China
    - European Union
    - India
    - Israel
    - Italy
    - Switzerland
    - United Kingdom
  - If you are outside of these countries, you are shipped AC30 US power cords.
- A set of rack ears — Use only if needed
- A set of rack rails
Add all necessary IP addresses, ports, and services to your allowlist for full appliance functionality.
Tip: To see the IP addresses that you must allowlist, sign in to the Arctic Wolf Unified Portal, click Resources > Allowlist Requirements, and then view the IP addresses in the section for your product.
If you rate-limit the appliance with Quality of Service (QoS), remove this for best performance.
If your firewall provides SSL/TLS inspection, do not do this inspection on the appliance management IP address.
If you use an application proxy or layer 7 filter on your firewall, allow outbound traffic for the appliance management IP address.

Configure log forwarding. For more information, see Syslog forwarding.

Install the hardware

Install the sensor in the applicable rack location.

If needed, use the provided rack ears or rails.
Using a CAT6 RJ45 Ethernet cable, connect the management port on the sensor to the outbound connection on your network switch.
Using the two AC30 US power cords, connect the power connectors on the sensor to a power source.

Note:
Arctic Wolf recommends that you use an uninterruptible power supply (UPS) to prevent interruptions from power surges.
Turn on the sensor power.

The power LED is green when the sensor power is on.
Ping the management IP address that you provided to Arctic Wolf to verify network connectivity.
Verify that the sensor is connected to the Arctic Wolf monitoring service:
1. Connect to the serial console.
  
  See Connect to the serial console for more information.
2. View the sensor connectivity status.
  
  See View the current configuration and connectivity status for more information.
Wait 15 minutes, and then make sure the status LED is green. This shows that the sensor is connected to the Arctic Wolf monitoring service.
If you cannot successfully complete these steps, contact your CST at security@arcticwolf.com.

Connect the sensor for internal tap deployment

Create a 10G internal tap bridge with WAN0 and LAN0:
1. Using an LC-LC short range multi-mode fiber cable, connect WAN0 on the sensor to the inside interface of your firewall.
2. Using an LC-LC short range multi-mode fiber cable, connect LAN0 on the sensor to your network switch.
Optional: If you need to bridge an additional internal interface to your firewall, repeat the previous step with your second uplink to create an additional 10G internal tap bridge with WAN1 and LAN1.

Note:
Although you can configure two 10G bridges, the aggregate throughput of all ports cannot exceed 10G.
Optional: If you need to bridge additional internal interfaces to your firewall, use CAT6 RJ45 Ethernet cables to create additional 1G internal tap bridges with any of these port pairs:
- WAN2 and LAN2
- WAN3 and LAN3
- WAN4 and LAN4
- WAN5 and LAN5
Wait one minute, and then make sure network connectivity for network devices is not affected.

Note:
If network connectivity is affected, disconnect the sensor from the network, and then contact your CST at security@arcticwolf.com to schedule a troubleshooting session.
Contact your CST at security@arcticwolf.com to make sure that Arctic Wolf can see your network traffic.

AWN1000 10G Sensor components

Tip:

Orange callouts show mandatory connections. Dotted lines show internal tap bridges.

Front of sensor

Back of sensor


Callout	Sensor component	Port configuration	Cable used	Connected to
A	Console port (RJ45)	-	-	-
B	Port 1: LAN6	10G mirror	-	-
C	Port 3: LAN8	10G mirror	-	-
D	Management port	-	CAT6 RJ45 Ethernet cable	Network switch
E	WAN2	1G internal tap	CAT6 RJ45 Ethernet cable	(Optional) Firewall
F	LAN2	1G internal tap	CAT6 RJ45 Ethernet cable	(Optional) Network switch
G	WAN3	1G internal tap	CAT6 RJ45 Ethernet cable*	(Optional) Firewall
H	LAN3	1G internal tap	CAT6 RJ45 Ethernet cable*	(Optional) Network switch
I	Reset	-	-	-
J	Power LED	-	-	-
K	HDD activity LED	-	-	-
L	Status LED	-	-	-
M	USB 3.0 port (1 of 2)	-	-	-
N	Port 2: LAN7	10G mirror	-	-
O	Port 4: LAN9	10G mirror	-	-
P	Console port (mini USB)	-	-	-
Q	WAN4	1G internal tap	CAT6 RJ45 Ethernet cable*	(Optional) Firewall
R	LAN4	1G internal tap	CAT6 RJ45 Ethernet cable*	(Optional) Network switch
S	WAN5	1G internal tap	CAT6 RJ45 Ethernet cable*	(Optional) Firewall
T	LAN5	1G internal tap	CAT6 RJ45 Ethernet cable*	(Optional) Network switch
U	WAN0	10G internal tap	LC-LC short range multi-mode fiber cable	Firewall
V	LAN0	10G internal tap	LC-LC short range multi-mode fiber cable	Network switch
W	WAN1	10G internal tap	LC-LC short range multi-mode fiber cable*	(Optional) Firewall
X	LAN1	10G internal tap	LC-LC short range multi-mode fiber cable*	(Optional) Network switch
Y	ESD jack	-	-	-
Z	Grounding post	-	-	-
AA	Alarm mute button	-	-	-
AB	Power switch	-	-	-
AC	Power connector	-	AC30 US power cord	Power source
AD	Power connector	-	AC30 US power cord	Power source

*This cable is not provided by Arctic Wolf.

Sensors, Scanners, and Log Collectors