AWN1000 10G Sensor - Internal Tap Deployment

Updated Nov 13, 2023

Deploy an AWN1000 10G Sensor with internal tap

You can deploy an AWN1000 10G Sensor with internal tap.

The AWN1000 10G Sensor is an external network device that allows you to monitor network traffic. When the sensor is deployed with internal tap, the sensor passively captures all network traffic between the switch and the firewall.

This image provides a simplified network map of a sensor with internal tap deployment:

Network with internal tap deployment

Callout Description
A Network switch
B Management port network connection
C AWN1000 10G Sensor with internal tap deployment
D Firewall
E Internet

Before you begin

Steps

  1. Set up a customer-configured appliance.
  2. Install the hardware.
  3. Connect the sensor for internal tap deployment.

Step 1: Set up a customer-configured appliance

Note: This step only applies if you selected customer-configured appliance on your onboarding form.

See Set up a customer-configured appliance for more information.

Step 2: Install the hardware

  1. Install the sensor in the applicable rack location.

    If needed, use the provided rack ears or rails.

  2. Using a CAT6 RJ45 Ethernet cable, connect the management port on the sensor to the outbound connection on your network switch.

  3. Using the two AC30 US power cords, connect the power connectors on the sensor to a power source.

  4. Turn on the sensor power.

    The power LED is green when the sensor power is on.

  5. Ping the management IP address that you provided to Arctic Wolf to check network connectivity.

  6. Verify that the sensor is connected to the Arctic Wolf monitoring service:

    1. Install the drivers for your sensor.

      See Console session drivers for all other appliances for more information.

    2. Connect to the serial console.

      See Connect to the serial console for more information.

    3. View the sensor connectivity status.

      See View the current configuration and connectivity status for more information.

  7. If you cannot successfully complete these steps, contact your CST at security@arcticwolf.com.

Step 3: Connect the sensor for internal tap deployment

  1. Create a 10G internal tap bridge with WAN0 and LAN0:

    1. Using an LC-LC short range multi-mode fiber cable, connect WAN0 on the sensor to the inside interface of your firewall.
    2. Using an LC-LC short range multi-mode fiber cable, connect LAN0 on the sensor to your network switch.
  2. (Optional) If you need to bridge an additional internal interface to your firewall, create an additional 10G internal tap bridge. Repeat the previous step with WAN1 and LAN1.

    Note: Although you can configure two 10G bridges, the aggregate throughput of all ports cannot exceed 10G.

  3. (Optional) If you need to bridge additional internal interfaces to your firewall, use CAT6 RJ45 Ethernet cables to create additional 1G internal tap bridges with any of these port pairs:

    • WAN2 and LAN2
    • WAN3 and LAN3
    • WAN4 and LAN4
    • WAN5 and LAN5
  4. Wait one minute, and then make sure network connectivity for network devices is not affected.

    Note: If network connectivity is affected, disconnect the sensor from the network, and then contact your CST at security@arcticwolf.com to schedule a troubleshooting session.

  5. Contact your CST at security@arcticwolf.com to confirm that Arctic Wolf is seeing your network traffic.

AWN1000 10G Sensor components

Use these diagrams to identify the components of the AWN1000 10G Sensor:

Tip: Orange callouts show mandatory connections. Dotted lines show internal tap bridges.

Front of sensor

AWN1000 10G Sensor

Back of sensor

AWN1000 10G Sensor

Callout Sensor component Port configuration Cable used Connected to
A Console port (RJ45) - - -
B Port 1: LAN6 10G mirror - -
C Port 3: LAN8 10G mirror - -
D Management port - CAT6 RJ45 Ethernet cable Network switch
E WAN2 1G internal tap CAT6 RJ45 Ethernet cable (Optional) Firewall
F LAN2 1G internal tap CAT6 RJ45 Ethernet cable (Optional) Network switch
G WAN3 1G internal tap CAT6 RJ45 Ethernet cable* (Optional) Firewall
H LAN3 1G internal tap CAT6 RJ45 Ethernet cable* (Optional) Network switch
I Reset - - -
J Power LED - - -
K HDD activity LED - - -
L Status LED - - -
M USB 3.0 port (1 of 2) - - -
N Port 2: LAN7 10G mirror - -
O Port 4: LAN9 10G mirror - -
P Console port (mini USB) - - -
Q WAN4 1G internal tap CAT6 RJ45 Ethernet cable* (Optional) Firewall
R LAN4 1G internal tap CAT6 RJ45 Ethernet cable* (Optional) Network switch
S WAN5 1G internal tap CAT6 RJ45 Ethernet cable* (Optional) Firewall
T LAN5 1G internal tap CAT6 RJ45 Ethernet cable* (Optional) Network switch
U WAN0 10G internal tap LC-LC short range multi-mode fiber cable Firewall
V LAN0 10G internal tap LC-LC short range multi-mode fiber cable Network switch
W WAN1 10G internal tap LC-LC short range multi-mode fiber cable* (Optional) Firewall
X LAN1 10G internal tap LC-LC short range multi-mode fiber cable* (Optional) Network switch
Y ESD jack - - -
Z Grounding post - - -
AA Alarm mute button - - -
AB Power switch - - -
AC Power connector - AC30 US power cord Power source
AD Power connector - AC30 US power cord Power source

*This cable is not provided by Arctic Wolf.