SonicWall

Configure the action connector for SonicWall.

This configuration will establish a trusted relationship between Radiant Security and your SonicWall firewall to enabled automated and one-click execution tasks.

Available actions

The following action is available after you set up the SonicWall API action connector. Keep in mind, additional permissions are required.

  • Block IP Address

At the end of this configuration, you will provide Radiant Security with these values:

  • Administrator Username

  • Administrator Password

  • SonicWall Base URL (public IP)

Prerequisites

Note: Radiant Security needs to be able to connect to the Firewall HTTPs management to be able to execute the actions. Radiant Security IP addresses are listed below.

Radiant IP addresses:

  • 100.21.80.201

  • 52.11.97.167

  • 35.164.70.154

Add an administrator in SonicWall

  1. Login to your SonicWall firewall.

  2. Navigate to Device > Settings > Administration - Audit/SonicOS API.

  1. Enable the SonicOS API toggle button.

  2. Enable RFC-2617 HTTP Basic Access authentication.

  3. Click Accept to apply the changes.

  4. Navigate to Network > System > Interfaces.

  5. Click the interface assigned to WAN and click the Pencil button to edit it.

  6. For User Login, enable the HTTPS option.

Click OK to apply the changes.

  1. Navigate to Device > Users > Local Users & Groups.

  2. Click Add User and enter the following information:

    • Name: RadiantSecurityAdmin

    • Password: Set a secure password

    Keep all of the other default settings unchanged.

  1. Click the Groups tab.

  2. Select SonicWALL Administrators from the left panel and click the right facing arrow to add it to the right panel.

  3. Click Save.

  4. On the top panel click Local Groups.

    • Click SonicWALL Administrators to edit it.

    • Click Administration.

    • Enable Members go straight to the management UI on web login.

    • Click Save.

Add the action connector in Radiant Security

  1. Login to Radiant Security.

  2. From the navigation menu, select Settings > Action Connectors and click + Add Connector to create a new action connector.

  3. Search for and select SonicWall API and then click Credentials.

  4. Under Credential Name, enter a credential name (use a descriptive name such as Sonicwall - Credentials).

  5. Under Required Credentials, enter the information you obtained from the previous section:

    • Username: Administrator username

    • Password: Adminiator password

    • API Base URL: SonicWall Base URL (public IP/URL of the firewall)

  6. Click Add Connector to save your changes.

Authenticate on the API

The SonicWall API uses Basic Authentication, so you must encode the user and password as Base64 using the format user:password, and include it in the Authorization header:

Example:

user = admin
password = 12345

admin:12345 -> base64 encode -> YWRtaW46MTIzNDU=

Header:
Authorization: Basic YWRtaW46MTIzNDU=
PreviousSentinelOneNextCommunication Tools

Last updated