This guide describes how to deploy the AWN1000 10G Sensor with internal tap. This figure shows a simplified network map of an internal tap deployment:
In the box
These items are in the box:
- AWN1000 Sensor
- Three ethernet cables
- Power cord
- One red crossover ethernet cable - Use only if needed
- Two aqua short range LC-LC multi-mode fiber cables
- Optional rack ears for mounting
- Rack mount rails
Before you begin
Before you install your sensor:
- For best performance, do not rate limit the sensor with Quality of Service (QoS).
- Your sensor is equipped with a tamper evident asset ID, AWN-12XXXXXX. Contact firstname.lastname@example.org if the asset ID is missing or appears tampered with.
Note: If your firewall performs SSL/TLS inspection, AllowList the sensor management IP address and verify that your firewall allows outbound access from that IP address over port 443 to the IP addresses listed under If you are a Managed Detection and Response (MDR) customer on the Arctic Wolf IP Addresses page in the Arctic Wolf Portal.
This figure shows the sensor ports used in this installation procedure:
To perform the staging installation:
Rack the sensor in its final location.
Use an ethernet cable to connect the Management Port on the sensor to a network switch with an outbound connection.
Plug in and power on the sensor.
Tip: The Power LED turns green when the sensor is on.
Ping the management IP address that you provided to Arctic Wolf to verify network connectivity.
Wait 15 minutes, and then verify if the Sensor Status LED, which is second from the top, turns green. This means that the sensor is connected to the Arctic Wolf monitoring service.
Email email@example.com if you cannot perform steps 3, 4, or 5 successfully.
To configure the AWN1000 10G sensor with internal tap:
Use the LC-LC multi-mode fiber cable to connect port 15 on the sensor as part of a bypass pair to the inside interface of your firewall, and use the other one of these cables to connect port 16 in the same bypass pair on the sensor to your switch.
(Optional) Connect an additional bridge to port 14 on the sensor as part of a bypass pair to the inside interface of your firewall, and connect port 13 in the same bypass pair on the sensor to your switch.
Note: Although you can configure two 10G intersects, the aggregate throughput of all ports cannot exceed 10G.
Wait one minute, and then verify that network connectivity for network devices is unaffected.
Note: If network connectivity is affected, disconnect the sensor from the network and email firstname.lastname@example.org to schedule a troubleshooting session.
Contact email@example.com to confirm that Arctic Wolf is seeing your network traffic.