Exciting news! We are redesigning the Arctic Wolf Help Documentation site to provide a better user experience. Our new site will launch on May 1, 2024.

Arctic Wolf Appliances


Serial Console User Guide

Updated Mar 19, 2024

Serial console

You can use the serial console interface to restart or reconfigure an appliance when you connect to it using a cable or AirConsole adapter.

This is typically used for troubleshooting when:

Requirements

Based on your appliance model, make sure you meet these requirements:

Appliance model Cable Driver Appliance chipset
AWN101 Sensor Black mini USB serial cable Prolific driver PL2303
AWN200 Sensor Blue RJ45 to USB serial cable with PL2303TA chipset OS X FTDI driver -
AWN201 Sensor Blue RJ45 to USB serial cable with PL2303TA chipset OS X FTDI driver -
AWN202 Sensor Blue RJ45 to USB serial cable with PL2303TA chipset OS X FTDI driver -
AWN203 Sensor DB9 to USB cable - -
AWN301 Sensor DB9 to USB cable - -
AWN1000 Sensor Blue RJ45 to USB serial cable with PL2303TA chipset OS X FTDI driver -
AWN 200 Series Scanner Blue RJ45 to USB serial cable with PL2303TA chipset OS X FTDI driver -

Serial console driver installation

Based on the Arctic Wolf® appliance model, the driver included with your operating system (OS) might not be compatible with the serial console. If applicable, install the necessary driver so that you can use the serial console.

Install the console session driver for AWN101 sensors

  1. If your device was previously used for another console session, uninstall the previous driver. If you are using a macOS or Linux device, run this command in a terminal to uninstall the driver:

    sudo rm -rf /System/Library/Extensions/ProlificUsbSerial.kext
  2. Contact your Concierge Security® Team (CST) at security@arcticwolf.com for information about where to download the latest latest Prolific PL2303 driver.

  3. Install the Prolific PL2303 driver.

    Notes:

    • macOS requires approval before installation. You are prompted to enter your password during the installation.
  4. Connect the sensor to your Windows device using the cable from Requirements.

Install the console session driver for AWN200 and AWN1000 sensors on Windows

Notes:

  1. Connect the sensor to your Windows device using the cable from Requirements.
  2. Open Device Manager with administrator permissions.
  3. Expand the Ports (COM & LPT) list.
  4. If the driver name is THIS IS NOT PROLIFIC PL2303. PLEASE CONTACT YOUR SUPPLIER, complete these steps to install a compatible driver:
    1. Right-click THIS IS NOT PROLIFIC PL2303. PLEASE CONTACT YOUR SUPPLIER, and then select Uninstall device.
    2. Download the PL2303-WIN7_8_10_11.zip file, and then extract the files.
    3. Run the PL2303_Prolific_DriverInstaller_v1.8.0.exe executable to download the driver.
    4. Reboot your Windows device.
    5. In Device Manager, in the Ports (COM & LPT) section, verify that the name of the driver is Prolific USB-to-Serial Comm Port (COM3).

Install the console session driver for AWN201 or AWN202 sensors, or AWN200 scanners

Notes:

  • Only complete this task for AWN201 sensors, AWN202 sensors, and AWN200 scanners. No drivers are necessary for AWN203 or AWN301 sensors.
  • Only complete this task if your device runs on Linux or a macOS version earlier than Mojave. Windows devices and macOS versions after High Sierra already have the necessary drivers.
  1. Connect the sensor or scanner to your device using the cable from Requirements.

  2. Open a terminal, and then run this command to identify the serial device name:

    ls /dev/tty* | grep -i usb

    This can return multiple USB device names for the computer.

  3. Run this command:

    sudo screen /dev/<usb_serial_device> 115200

    Where:

    • <usb_serial_device> is one of the serial USB device names from the previous step. For example, for Linux, enter sudo screen /dev/ttyUSB0 115200.

AirConsole requirements

AirConsole is a portable, battery powered RS232 serial port over WiFi or a Bluetooth adapter. If you cannot use a physical cable, and you own an AirConsole adapter, you can use it instead.

For AirConsole, you need:

To connect AirConsole:

  1. Open the AirConsoleOSX application on your macOS device.
  2. Change AirConsole from Auto to Manual.
  3. Enter the hostname of the AirConsole. For example, aircon1.
  4. Run this command to connect to the AirConsole device:
    sudo screen /dev/cu.Airconsole-1 <serial_number>
    Where:
    • <serial_number> is the serial number of the device.

Connect to the serial console

Note: If you are setting up your sensor through serial console, make sure that you have the necessary equipment and drivers. See Requirements for a list of necessary equipment for each appliance.

Based on your OS, complete one of these actions:

On-screen instructions display how to navigate the serial console UI. Generally, you can do these actions using these keys:

Serial console tasks

When you use the serial console with an activated appliance, these tasks are available:

Note: If you leave the serial console session idle while performing a task, you are redirected to the main task screen and your changes are not saved.

Update the network parameters

  1. On the main task screen, on the management interface, select Reconfigure.

  2. Select either DHCP or Static networking to configure your management interface.

  3. If you select Static networking, configure these settings:

    • IP address
    • Netmask/Subnet
    • Primary DNS server
    • Secondary DNS server
    • Gateway
  4. Click Next.

    A series of connectivity tests are run. If the tests:

    • Pass — You are redirected to the main task screen.
    • Fail — Click Back to return to the previous screen, and then change the configuration and rerun the connectivity tests.

View the current configuration and connectivity status

Note: You cannot make any modifications to the configuration from this screen.

  1. On the main task screen, select Show the current configuration.

    This information displays:

    • Customer-ID — The customer ID.
    • Deployment-ID — The deployment ID.
    • Deployment-Type — One of these deployment types: Internal Tap, Mirroring, or Scanner.
    • Network Type — One of these network types: DHCP or Static networking.
    • Connectivity to Switchboard — One of these connectivity statuses: PASS or FAIL.
  2. Click Next to return to the main task screen.

Reconfigure the deployment type

  1. On the main task screen, select Reconfigure the deployment type.
  2. Select Internal Tap, Mirroring, or Scanner.
  3. Click Next to return to the main task screen.

Note: You might need to restart your appliance to apply the new deployment type.

Restart the appliance

Configure an appliance to use a proxy server

Proxy servers for appliances are configured using the serial console. Only management interface traffic over OpenVPN is sent to the proxy server.

Notes:

  • If you are setting up your appliance through serial console — Make sure that you have the necessary equipment and drivers.

    See Requirements for a list of necessary equipment for each appliance.

  • If you are configuring an appliance to use a proxy server — Make sure that you have:

    • Configured your proxy server
    • Set up the serial console, and the IP address and port information of your proxy server.

Before you begin

Steps

  1. Connect to the serial console.

    See Connect to the serial console for more information.

  2. Click Next.

    See Navigate the serial console for more information.

  3. In the Use a proxy? Select an option: dialog, click Yes.

  4. Click the Provide the following proxy information section, configure these settings:

    Note: Only management interface traffic over OpenVPN is sent to the proxy server.

    • Server IP address — Enter the proxy server IP address for your appliance.
    • Server port — Enter the proxy server port information.
  5. Click Next.

    A confirmation message reading Applying configuration appears while the configuration is being applied.

    Caution: This process can take several minutes to complete. Do not navigate away from this screen or close the serial console session until the configuration is applied.

    When the configuration has been applied, the option to verify the network connection appears.

  6. (Optional) Click Yes to run the network connectivity tests.

    Note: You do not need to verify the network connectivity, but Arctic Wolf strongly recommends that you do.

    Caution: Make sure that a network cable is connected before you verify the network connection.

  7. Click Next.

  8. If you clicked Yes to run the connectivity tests, a series of connectivity tests are run.

  9. If the connectivity tests:

    • Pass — Click Next.
    • Fail — Click Back, and then change the configuration and rerun the connectivity tests.
  10. Click Next.

  11. If you want to configure more post-activation settings, click Next to return to the main task menu.

Serial console diagnostics

You can run diagnostic tests to troubleshoot device issues. These diagnostic options are available:

Run a ping test

  1. Navigate to the main task screen.

  2. Select Diagnostic tests.

  3. Select Ping Test.

  4. Enter the hostname or IP address of the host you want to ping, and then click Next.

    A list of ping statistics displays. This can include the number of packets received and transmitted, the packet loss, and the time it took to transmit.

    For example:

    PING <ip_address> (<ip_address>) x(y) bytes of data
    <z> bytes from <ip_address> icmp_seq=<n> tt1=<tt> time=<time> ms
    ...
    
    --- <ip_address> ping statistics ---
    <n> packets transmitted, <n> received, 0% packet loss, time <time>ms
    rtt min/avg/max/mdev = <min>/<avg>/<max>/<mdev>

Run a traceroute

  1. Navigate to the main task screen.

  2. Select Diagnostic tests.

  3. Select Traceroute.

  4. Enter the hostname or IP address of the host you want to traceroute, and then click Next.

    For example, the output displays a traceroute path similar to:

    traceroute to <ip_address> (<ip_address>), <n> hops max
      1   <ip_address> <x>ms !* <y>ms !* <z>ms !*

View service status

  1. Navigate to the main task screen.

  2. Select Diagnostic tests.

  3. Select Service Status.

  4. Select OpenVPN, and then select Check service.

    This information displays:

    • NRestarts — The number of times the service restarted.
    • Id — The ID of the service.
    • LoadState — Whether the service is loaded.
    • ActivateState — Whether the service is activated.
    • SubState — A more detailed state of the service. For example, running, failed, or exited.

View VPN status

You can run a VPN status check to confirm whether the device is receiving traffic on port 443.

  1. Navigate to the main task screen.

  2. Select Diagnostic tests.

  3. Select VPN Status.

    For example, the output displays a VPN status similar to:

    Tunnel: <status>

View device information

  1. Navigate to the main task screen.

  2. Select Diagnostic tests.

  3. Select Device Information.

    This information displays:

    • Serial — The serial number of the device.
    • Device — The device model.
    • Customer-ID — Your customer ID.
    • Deployment-ID — The deployment ID of the device.
    • Deployment-Type — The deployment type of the device. For example, Mirroring.

Run networking interface diagnostics

  1. Navigate to the main task screen.

  2. Select Diagnostic tests.

  3. Select Networking Interface Diagnostics.

    For example, the output is similar to:

    Deployment-Type: <deployment_type>
    External IP: <ip_address>
    
    Interface Info:
    Iface Name   Admin State     Link Status      IP Address     MTU
    
    <iface1>     <admin_state1>  <link_status1>   <ip_address1>  <mtu1>
    <iface2>     <admin_state2>  <link_status2>   <ip_address2>  <mtu2>
    ...

    The output contains this information:

    • Deployment-Type — The deployment type of the device. For example, Mirroring.
    • External IP — The IP address of the sensor.
    • Interface Info — This information is displayed for each interface:
      • Iface Name — The name of the interface. For example, lan0.
      • Admin State — The admin state of the interface.
      • Link Status — The physical link status of the interface.
      • IP Address — The IP address of the interface.
      • MTU — The maximum transmission unit (MTU) size of the interface.