AWN101 Sensor Mirroring Deployment

Deployment Guide

Overview

This guide describes how to deploy the AWN101 Sensor with mirroring. This figure shows a simplified network map of a mirroring deployment:

In the box

These items are in the box:

Before you begin

Before you install your sensor:

Note: If your firewall performs SSL/TLS inspection, AllowList the sensor management IP address and verify that your firewall allows outbound access from that IP address over port 443 to the IP addresses listed under If you are a Managed Detection and Response (MDR) customer on the Arctic Wolf IP Addresses page in the Arctic Wolf Portal.

This figure shows the sensor ports used in this installation procedure:

AWN101 Sensor

Staging installation

To perform the staging installation:

  1. Rack the sensor in its final location.

  2. Use an ethernet cable to connect the Management Port, port 4, on the sensor to a network switch with an outbound connection.

  3. Plug in and power on the sensor.

Tip: Tighten the sleeve on the plug to ensure a secure connection.

Power button

  1. Ping the management IP address that you provided to Arctic Wolf to verify network connectivity.

  2. Wait 15 minutes, and then verify if the Sensor Status LED, which is second from the top, turns green. This means that the sensor is connected to the Arctic Wolf monitoring service.

  3. Email security@arcticwolf.com if you cannot perform steps 3, 4, or 5 successfully.

Production installation

To perform the product installation:

  1. Configure up to three ports on your switch as mirror ports. For more information, see Switch Port Mirroring.

  2. Use ethernet cables to connect up to three mirror ports, ports 1, 2, and 3, on the sensor to your switch.

    You must connect at least one mirror port. This sensor supports a maximum of three mirror ports.

  3. Contact security@arcticwolf.com to confirm that Arctic Wolf is seeing your network traffic.