SonicWall Firewall Enhanced Out-of-the-box Response Integration
To learn more about Out-of-the-box Integrations and their benefits, please refer to
this article.
In this article, you will learn how to set up SonicWall Firewall to receive and block adversaries detected by Lumu and improve the detection & response capabilities of your organization.
Requirements
-
SonicWall License: Content Filtering
-
SonicWall OS 6.5 / 7
-
An active Lumu Defender subscription
SonicWall Next-Gen FW OOTB Integration
Add Integration
1. Log into your Lumu account through the Lumu Portal and navigate to the integrations screen.
2. Locate the SonicWall Next-Gen FW integration in the available apps area and click on the add button, then click to view details.
3. Familiarize yourself with the integration details available in the app description and click the activation button below to activate the integration.
4. To activate the integration, you need to select one of the two Integration modes. The one that corresponds to SonicWall Firewall with Content Filtering license is the Enhanced one. Add a description and select the threat types you want to include.
5. Once you create the integration, you will be provided with the Integration ID:
The SonicOS API must be enabled for the integration to work properly.
SonicWall Firewall configuration
Create an user for the integration (recommended)
It’s recommended to create a dedicated user for integrating Lumu with SonicWall. Using your Firewall GUI do the following:
1. Create a new local user, and assign to it the role SonicWALL Administrators or a FULL_ADMIN role.
2. In the assigned group, change the administration settings to enable the Members go straight to the management UI on web login checkbox.
Enable the API
SonicOS 6.5
Follow these instructions to enable the API:
-
Login to the Firewall GUI.
-
In the top navigation bar click on Manage. In the left navigation bar click on Appliance and in the options that are displayed select Base Settings.
-
On the page that opens, scroll down and search for SonicOS API, once you have found it, check the Enable SonicOS API box and select the authentication method(s), we suggest leaving the configuration as it is in the image example below. Now click on Accept.
-
In the same Manage tab section, click on the API option on the left navigation bar. In the page, click on the following link
HTTPS://SONICOS-API.SONICWALL.COM.
-
On this new page scroll down until you find the IP and PORT sections that are used for the integration. Continue configuring SonicWall according to the needs of your organization.
SonicOS 7
Follow these instructions to enable the API:
-
Login to the Firewall GUI.
-
At the top navigation bar click on Device.
-
In the left navigation bar click on Settings and in the options that are displayed select Administration.
-
On the page that opens, click on the Audit / SonicOS API tab and in the SONICOS API section, enable SonicOS API and select the authentication method(s). We recommend leaving the configuration as it is similar to the image below.
-
In the top navigation bar click on Home, then in the left navigation bar click on API and on the page click on the following link https://sonicos-API.sonicwall.com.
-
A new page will appear. Scroll down to the IP and PORT section, here you can customize the integration. Continue configuring SonicWall according to the needs of your organization.
Now, it is time to use the Lumu Integration Tool. In the links below, you can find different repositories where the required code and instructions are provided. You can choose the one that best fits your needs and run the code using the tool that you prefer.
-
Source Code repository
-
Dockerhub repository
SonicWall Further Steps
After you have run the integration tool and activated the integration for the first time, you will have a new Uri List Group called
Lumu-Uri-List-Group
. You must use this group within a new Content Filtering Policy or Security Policy according to the version and mode of SonicOS.