SonicWall Firewall Enhanced Out-of-the-box Response Integration
To learn more about Out-of-the-box Integrations and their benefits, please refer to this article.
In this article, you will learn how to set up SonicWall Firewall to receive and block adversaries detected by Lumu and improve the detection & response capabilities of your organization.
Requirements
- SonicWall License: Content Filtering
- SonicWall OS 6.5 / 7
-
An active Lumu Defender subscription
SonicWall Next-Gen FW OOTB Integration
Add Integration
1. Log into your Lumu account through the Lumu Portal and navigate to the integrations screen.
2. Locate the SonicWall Next-Gen FW integration in the available apps area and click on the add button, then click to view details.
3. Familiarize yourself with the integration details available in the app description and click the activation button below to activate the integration.
4. To activate the integration, you need to select one of the two Integration modes. The one that corresponds to SonicWall Firewall with Content Filtering license is the Enhanced one. Add a description and select the threat types you want to include.
5. Once you create the integration, you will be provided with the Integration ID:
The SonicOS API must be enabled for the integration to work properly.
SonicWall Firewall configuration
Create an user for the integration (recommended)
It’s recommended to create a dedicated user for integrating Lumu with SonicWall. Using your Firewall GUI do the following:
1. Create a new local user, and assign to it the role SonicWALL Administrators or a FULL_ADMIN role.
2. In the assigned group, change the administration settings to enable the Members go straight to the management UI on web login checkbox.
For further reference on how to create administrative users, please refer to SonicWall documentation How can I configure additional Administrator User profiles in SonicOS Enhanced?
Enable the API
SonicOS 6.5
Follow these instructions to enable the API:
-
Login to the Firewall GUI.
-
In the top navigation bar click on Manage. In the left navigation bar click on Appliance and in the options that are displayed select Base Settings.
-
On the page that opens, scroll down and search for SonicOS API, once you have found it, check the Enable SonicOS API box and select the authentication method(s), we suggest leaving the configuration as it is in the image example below. Now click on Accept.
-
In the same Manage tab section, click on the API option on the left navigation bar. In the page, click on the following link
HTTPS://SONICOS-API.SONICWALL.COM.
-
On this new page scroll down until you find the IP and PORT sections that are used for the integration. Continue configuring SonicWall according to the needs of your organization.
SonicOS 7
Follow these instructions to enable the API:
-
Login to the Firewall GUI.
-
At the top navigation bar click on Device.
-
In the left navigation bar click on Settings and in the options that are displayed select Administration.
-
On the page that opens, click on the Audit / SonicOS API tab and in the SONICOS API section, enable SonicOS API and select the authentication method(s). We recommend leaving the configuration as it is similar to the image below.
-
In the top navigation bar click on Home, then in the left navigation bar click on API and on the page click on the following link https://sonicos-API.sonicwall.com.
-
A new page will appear. Scroll down to the IP and PORT section, here you can customize the integration. Continue configuring SonicWall according to the needs of your organization.
Lumu SonicWall Next-Gen FW Integration Tool
Now, it is time to use the Lumu Integration Tool. In the links below, you can find different repositories where the required code and instructions are provided. You can choose the one that best fits your needs and run the code using the tool that you prefer.
SonicWall Further Steps
After you have run the integration tool and activated the integration for the first time, you will have a new Uri List Group called
Lumu-Uri-List-Group
. You must use this group within a new Content Filtering Policy or Security Policy according to the version and mode of SonicOS.
Related Articles
SonicWall Firewall Simplified Out-of-the-Box Response Integration
Requirements SonicWall Firewall SonicWall Operating System 6.5 or 7 For SonicOS 6.5, the integration is tested with SonicOS 6.5.4.5-53n or above. Please follow the instructions in the corresponding section to deploy it. Lumu License Lumu Defender ...Juniper SRX Firewall Out-of-the-box Response Integration
To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. In this article, you will find out how to configure Juniper SRX Firewall to receive and block adversaries detected by Lumu and improve the detection & ...SonicWall Firewall Out-of-the-Box Response Integration Setup Primer
The SonicWall Firewall Out-of-the-Box integration offers two separate modes in order to better accommodate the flexibility and capabilities of SonicWall Firewall. These modes are Simplified, tailored for List-type implementations of SonicWall, and ...Netgate pfSense® Firewall Out-of-the-box Response Integration
This integration lets you generate integration URLs with customized lists according to the needs of your organization. With Threat Types lists, you can define the type of adversary to be included in your lists. To learn more about Out-of-the-box ...Check Point Next Generation Firewall (NGFW) Out-of-the-box Response Integration
To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. This article shows how to create an Automated Intelligence Feed List using Check Point Next-Gen Firewall (NGFW). Requirements Check Point NGFW Gaia OS ...