AWN202 Sensor Internal Tap Deployment
Deploy an AWN202 Sensor with internal tap Direct link to this section
The AWN202 Sensor is an external network device that allows you to monitor network traffic. When the sensor is deployed with internal tap, the sensor passively captures all network traffic between the switch and the firewall.
This image provides a simplified network map of a sensor with internal tap deployment:
|B||Management port network connection|
|C||AWN202 Sensor with internal tap deployment|
Before you begin Direct link to this section
Verify that you received the following items from Arctic Wolf:
Note: Your sensor has a tamper-evident asset ID: AWN-12XXXXXX. Contact email@example.com if the asset ID is missing or was tampered with.
Three CAT6 RJ45 Ethernet cables, 2m
Crossover RJ45 Ethernet cable (red), 2m — Use only if needed
AC30 US Power cord, 2m
Set of rack ears — Use only if needed
For best performance, do not rate-limit the sensor with Quality of Service (QoS).
If your firewall does SSL/TLS inspection, AllowList the sensor management IP address, and then check that your firewall allows outbound access from that IP address over port 443 to the necessary IP addresses.
To see the complete list of IP addresses that you must allowlist, go to the Arctic Wolf Portal, and then click Account > Arctic Wolf IP Addresses. The IP addresses that must be allowlisted are listed under If you are a Managed Detection and Response (MDR) customer.
Steps Direct link to this section
- Set up a customer-configured appliance.
- Install the hardware.
- Connect the sensor for internal tap deployment.
Step 1: Set up a customer-configured appliance Direct link to this section
Note: This step only applies if you selected customer-configured appliance on your onboarding form.
See Set up a customer-configured appliance for additional information.
Step 2: Install the hardware Direct link to this section
Install the sensor in the applicable rack location.
If necessary, use the provided rack ears.
Using a CAT6 RJ45 Ethernet cable, connect the management port (port 1) on the sensor to the outbound connection on your network switch.
Using the AC30 US power cord, connect the power connector on the sensor to a power source.
Turn on the sensor power.
The Power LED is green when the sensor power is on.
Ping the management IP address that you provided to Arctic Wolf to check network connectivity.
Wait 15 minutes, and then make sure the Status LED is green. This shows that the sensor is connected to the Arctic Wolf monitoring service.
If you cannot successfully complete these steps, email firstname.lastname@example.org.
Step 3: Connect the sensor for internal tap deployment Direct link to this section
Create a 1G internal tap bridge with ports 5 and 6:
- Using a CAT6 RJ45 Ethernet cable, connect port 5 (WAN0) on the sensor to the inside interface of your firewall.
- Using a CAT6 RJ45 Ethernet cable, connect port 6 (LAN0) on the sensor to your network switch.
(Optional) If you need to bridge an additional internal interface to your firewall, create an additional 1G internal tap bridge. Repeat the previous step with ports 3 and 4.
(Optional) Create a 1G mirror port connection:
Configure a mirror port on your network switch.
See the setup instructions provided by your network switch manufacturer for more information:
Using a CAT6 RJ45 Ethernet cable, connect port 2 on the sensor to the mirror port on your network switch.
Wait one minute, and then make sure network connectivity for network devices is not affected.
Note: If network connectivity is affected, disconnect the sensor from the network, and then email email@example.com to schedule a troubleshooting session.
Email firstname.lastname@example.org to confirm that Arctic Wolf is seeing your network traffic.
AWN202 Sensor components Direct link to this section
Use these diagrams to identify the components of the AWN202 Sensor:
Tip: Orange callouts show mandatory connections. Dotted lines show internal tap bridges.
Front of sensor
Back of sensor
|Callout||Sensor component||Port configuration||Cable used||Connected to|
|C||USB port (1 of 2)||-||-||-|
|D||Port 1: management port||-||CAT6 RJ45 Ethernet cable||Network switch|
|E||Port 2: LAN2||1G mirror||CAT6 RJ45 Ethernet cable*||(Optional) Network switch|
|F||Port 3: WAN1||1G internal tap||CAT6 RJ45 Ethernet cable*||(Optional) Firewall|
|G||Port 4: LAN1||1G internal tap||CAT6 RJ45 Ethernet cable*||(Optional) Network switch|
|H||Port 5: WAN0||1G internal tap||CAT6 RJ45 Ethernet cable||Firewall|
|I||Port 6: LAN0||1G internal tap||CAT6 RJ45 Ethernet cable||Network switch|
|K||HDD activity LED||-||-||-|
|M||Display screen navigation buttons||-||-||-|
|P||Power connector||-||AC30 US power cord||Power source|
*This cable is not provided by Arctic Wolf.