Professional Documents
Culture Documents
232-001765-00 Rev A SonicOS 5.5 Data Forensics With Solera
232-001765-00 Rev A SonicOS 5.5 Data Forensics With Solera
232-001765-00 Rev A SonicOS 5.5 Data Forensics With Solera
Document Scope
This feature module is provides information about how deep packet forensics combines a SonicWALL UTM
appliance and a Solera Networks data-recording appliance to accurately identify and store data regarding the
traffic and log events of deep-packet classification. These appliances together will be able to record network
traffic without dropping a single packet.
This document contains the following sections:
• “What is Deep Packet Forensics?” section on page 1
• “What is Solera?” section on page 2
• “Configuring Your Appliance with Solera” section on page 2
• “Methods of Access” section on page 3
The following is an example of the process of distributed event detection and replay:
1. The administrator defines the event trigger. For example, an Application Firewall policy is defined to
detect and log the transmission of an official document:
Methods of Access
The client and NPCS must be able to reach one another. Usually, this means the client and the NPCS will
be in the same physical location, both connected to the SonicWALL appliance. In any case, the client will
able to directly reach the NPCS, or will be able to reach the NPCS through the SonicWALL. Administrators
in a remote location will require some method of VPN connectivity to the internal network.