AWN301 10G Sensor Internal Tap Deployment

Deployment Guide

Overview

This guide describes how to deploy the AWN301 10G Sensor with internal tap. This figure shows a simplified network map of an internal tap deployment:

In the box

These items are in the box:

Before you begin

Before you install your sensor:

Note: If your firewall performs SSL/TLS inspection, AllowList the sensor management IP address and verify that your firewall allows outbound access from that IP address over port 443 to the IP addresses listed under If you are a Managed Detection and Response (MDR) customer on the Arctic Wolf IP Addresses page in the Arctic Wolf Portal.

This figure shows the sensor ports used in this installation procedure:

AWN301 10G Sensor

Staging installation

To perform the staging installation:

  1. Rack the sensor in its final location.

  2. Use an ethernet cable to connect the Management Port, as pictured above, on the sensor to a network switch with an outbound connection.

  3. Plug in and power on the sensor.

    Tip: The System health and ID indicator turns solid blue when the sensor is on.

  4. Ping the maintenance IP address that you provided to Arctic Wolf.

  5. Email security@arcticwolf.com if you cannot perform step 3 or 4 successfully.

Production installation

To deploy AWN301 sensor with mirroring:

  1. Use the LC-LC multi-mode fiber cable to connect a 10Gb port on the sensor as part of a bypass pair to the inside interface of your firewall, and use the other one of these cables to connect another 10Gb port in the same bypass pair on the sensor to your switch.

    Note: You need to use one single bypass port pair for this action. The available bypass pairs are wan0 and lan0, or wan1 and lan1.

  2. Wait one minute, and then verify that network connectivity for network devices is unaffected.

    Note: If network connectivity is affected, disconnect the sensor from the network and email security@arcticwolf.com to schedule a troubleshooting session.

  3. Contact security@arcticwolf.com to confirm that Arctic Wolf is seeing your network traffic.