AWN101 Sensor - Internal Tap Deployment
Updated Nov 13, 2023Deploy an AWN101 Sensor with internal tap
You can deploy an AWN101 Sensor with internal tap.
The AWN101 Sensor is an external network device that allows you to monitor network traffic. When the sensor is deployed with internal tap, the sensor passively captures all network traffic between the switch and the firewall.
This image provides a simplified network map of a sensor with internal tap deployment:
Callout | Description |
---|---|
A | Network switch |
B | Management port network connection |
C | AWN101 Sensor with internal tap deployment |
D | Firewall |
E | Internet |
Before you begin
-
Verify that these items are in the box from Arctic Wolf®:
-
AWN101 Sensor
Note: Your sensor has a tamper-evident asset ID: AWN-12XXXXXX. Contact your Concierge Security® Team (CST) at security@arcticwolf.com if the asset ID is missing or was tampered with.
-
Three CAT6 RJ45 Ethernet cables, 2m
-
A crossover RJ45 Ethernet cable (red), 2m - Use only if needed
-
A mini USB to USB 2.0 adapter cable, 0.5m
-
An AC30 US Power cord, 2m
-
A power supply
-
A set of rack ears - Use only if needed
-
-
Add all necessary IP addresses, ports, and services to your allowlist for full AWN101 Sensor functionality.
Tip: To see the complete list of IP addresses that you must allowlist, go to the Arctic Wolf Unified Portal, and then click Help > Allowlist Requirements. The IP addresses that must be allowlisted are listed under Sensors.
-
If you rate-limit the AWN101 Sensor with Quality of Service (QoS), remove this for best performance.
-
If your firewall provides SSL/TLS inspection, do not perform this inspection on the AWN101 Sensor management IP address.
-
If you are using an application proxy or layer 7 filter on your firewall, allow outbound traffic over OpenVPN for the AWN101 Sensor management IP address.
Steps
- Set up a customer-configured appliance.
- Install the hardware.
- Connect the sensor for internal tap deployment.
Step 1: Set up a customer-configured appliance
Note: This step only applies if you selected customer-configured appliance on your onboarding form.
See Set up a customer-configured appliance for more information.
Step 2: Install the hardware
-
Install the sensor in the applicable rack location.
If needed, use the provided rack ears.
-
Using a CAT6 RJ45 Ethernet cable, connect the management port (port 4) on the sensor to the outbound connection on your network switch.
-
Connect the AC30 US power cord to the power supply.
-
Thread one end of the power supply to the AC-adapter connector on the sensor, and then plug the other end into a power source.
-
Turn on the sensor power.
The power LED is green when the sensor power is on.
-
Ping the management IP address that you provided to Arctic Wolf to check network connectivity.
-
Wait 15 minutes, and then make sure the status LED is green. This shows that the sensor is connected to the Arctic Wolf monitoring service.
-
If you cannot successfully complete these steps, contact your CST at security@arcticwolf.com.
Step 3: Connect the sensor for internal tap deployment
-
Create a 1G internal tap bridge with ports 1 and 2:
- Using a CAT6 RJ45 Ethernet cable, connect port 1 (WAN0) on the sensor to the inside interface of your firewall.
- Using a CAT6 RJ45 Ethernet cable, connect port 2 (LAN0) on the sensor to your network switch.
-
(Optional) Create a 1G mirror port connection:
-
Configure a mirror port on your network switch.
See the configuration instructions provided by your network switch manufacturer for more information:
-
Using a CAT6 RJ45 Ethernet cable, connect port 3 (LAN1) on the sensor to the mirror port on your network switch.
-
-
Wait one minute, and then make sure network connectivity for network devices is not affected.
Note: If network connectivity is affected, disconnect the sensor from the network, and then contact your CST at security@arcticwolf.com to schedule a troubleshooting session.
-
Contact your CST at security@arcticwolf.com to confirm that Arctic Wolf is seeing your network traffic.
AWN101 Sensor components
Use these diagrams to identify the components of the AWN101 Sensor:
Tip: Orange callouts show mandatory connections. Dotted lines show internal tap bridges.
Front of sensor
Back of sensor
Callout | Sensor component | Port configuration | Cable used | Connected to |
---|---|---|---|---|
A | Console port | - | Mini USB to USB 2.0 adapter cable | Computer. Only connect when sensor configuration changes are necessary. See the Serial Console User Guide for more information. |
B | USB 3.0 port (1 of 2) | - | - | - |
C | Port 4: Management | - | CAT6 RJ45 Ethernet cable | Network switch |
D | Port 3: LAN1 | 1G mirror | CAT6 RJ45 Ethernet cable* | (Optional) Network switch. Not normally used for internal tap. |
E | Port 2: LAN0 | 1G internal tap | CAT6 RJ45 Ethernet cable | Network switch |
F | Port 1: WAN0 | 1G internal tap | CAT6 RJ45 Ethernet cable | Firewall |
G | HDD activity LED | - | - | - |
H | Power LED | - | - | - |
I | Status LED | - | - | - |
J | Power button | - | - | - |
K | AC-adapter connector | - | Power supply, and AC30 US power cord | Power source |
*This cable is not provided by Arctic Wolf.