• Capture Security Appliance
• Introduction
• Technical Overview
• Deployment Examples
• Prerequisites for CSa Deployment
• High-Level Task List
• Hardware Overview
• Connect and Power On
• Change the Administrator Password
• Initial Setup Using Web Management
• Register and License
• Upgrade the Firmware
• Configure Allowed Devices
• Related Documents for Additional Configuration
• Creating a MySonicWall Account
• SonicWall Support
  • About This Document

Deployment Examples

There are three primary deployments for the Capture Security Appliance:

• Single Office/Single Location

  The CSa can be deployed anywhere on the network. It must be reachable via an IP address, and SonicWall firewalls connected to it must be able to access it via UDP on port 2259.

  Firewalls and Email Security systems can send suspicious files to the CSa for analysis within the local network, rather than using the SonicWall Capture ATP cloud service.

  

• Distributed Enterprise / Multiple Locations

  Multiple offices or branches can share access to a single CSa device, deployed either in the headquarters data center or in a remote data center accessible by all devices.

  Files can be sent to the CSa directly over the internet or over VPN.

  You can use either SonicWall GMS or the cloud-based NSM centralized management solutions for rapid configuration of multiple SonicWall systems to point to the CSa.

  

• REST API Gateway

  The Capture Security Appliance has a REST API interface that can be used to submit files for analysis and query results by threat intelligence teams via their own scripts, web-portal integrations and other security products.

  Instructions on how to get started with API scripting for the CSa along with code samples are available at https://github.com/sonicwall.