Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Does Capture Client work on remote computers not connected to SonicWall firewall?

bzperrybzperry Newbie ✭
in Capture Client

Do all the features work with Capture Client on a computer that is not connected to the SonicWall firewall? Such as Capture ATP and DPI-SSL to decrypt SSL traffic

I also assume you can still manage the client wherever it is located through the Capture Client Management Portal https://captureclient.sonicwall.com

Category: Capture Client
Reply

Comments

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @bzperry Capture Client works independently from the Firewall and will be managed through Cloud Security Center (Management Portal). On that matter it's like any other Endpoint security solution.

    The DPI-SSL component of Capture Client is more of a certificate deployment helper, not relevant if you don't have DPI-SSL at your Firewall. Decryption of SSL traffic is done at the Endpoint anyways :)

    —Michael@BWC

  • bzperrybzperry Newbie ✭

    Thanks Michael, so if I understand you correctly, Capture Client loses two of its strongest features (Capture ATP & DPI-SSL) if installed on a users computer or laptop that is at home, hotel, etc and not on the office network where say a TZ series firewall with Capture ATP & DPI-SSL is located.
    Therefore it cannot decrypt the HTTPS traffic or leverage multiple sandbox engines to analyze files, and would only rely on Sentinal One cloud intelligence to detect known viruses by using Virus Total, and use Sentinal One's Dynamic Behaviour Tracking if not detected as a known virus.

    1. However if the users remote computer with Capture Client is connected to the TZ series firewall via an IPSec or SSL VPN, would Capture Client then be able to leverage Capture ATP for analysis of files?
    2. Would the remote computer with proper certificate installed, also be able to leverage DPI-SSL on the TZ series firewall to decrypt SSL traffic to scan it for threats if connected to the VPN? And if so I assume it be better to set the VPN Client Connections to "This Gateway Only"/Tunnel All mode instead of "Split Tunnels" so all the web traffic from the user's computer is sent across the VPN and out through the firewall's internet connection?
    3. I would think the remote computer connected to office network via VPN in Tunnel All mode would also be protected with Security Services on the TZ firewall such as Gateway AV, Anti-Spyware, Geo-IP Filter, etc as well. Is this correct?

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @bzperry you can see Capture Client as an independent product from the Firewall.

    Capture ATP (auto mitigation) is done on the Endpoint not on the Firewall if enabled in the CC policy. If you have Capture ATP and DPI-SSL enabled on the Firewall as well, it will be inspected there first, but you don't need to rely on it.

    DPI-SSL is done on the Firewall, if the traffic goes through the SNWL then it will be inspected by DPI-SSL, Capture Client only helps with deploying the needed CA certificate. Your endpoint always can see the whole traffic, encrypted and decrypted and no DPI-SSL is needed on the Endpoint.

    DPI-SSL is just a proxy to enable the Firewall to have a (limited) view on the traffic.

    In my opinion (I advocated this a few times here) scanning traffic at the perimeter can do only a minor job, the endpoint does know the whole storyline (which is a SentinelOne term) and can decide over good and bad.

    —Michael@BWC

Sign In or Register to comment.