Enterprise Security Connector is a VM that you deploy in your enterprise to act as a DNS forwarder, DNS sinkhole, or an HTTP Forwarder.

Secure DNS Forwarder. An internal DNS resolver that forwards traffic to SIA where SIA policy is applied. DNS Forwarder allows you to identify machines that are making requests. By default, the DNS forwarder is enabled in Security Connector version 2.6.8 or later. For more information, see Security Connector as a DNS forwarder.
DNS sinkhole. Receives suspicious or malicious traffic. As a DNS sinkhole, Security Connector identifies machines that are infected with malware, attempts to download malware, or communicates with C&C servers. For more information, see Security Connector as a DNS sinkhole.
HTTP Forwarder. An enterprise proxy that forwards web traffic to SIA Proxy. For more information, see Security Connector as an HTTP Forwarder.

Download and deployment

You can deploy Security Connector on VMware ESXi, Microsoft Hyper-V, Amazon Web Services (AWS), or Microsoft Azure. If you plan to deploy Security Connector on VMware ESXi or Microsoft Hyper-V, you can download Enterprise Security Connector image file from the Security Connector page. You or an IT administrator needs to deploy the downloaded file or files as a VM in your network.

If you plan to deploy Security Connector on the AWS or Microsoft Azure cloud platforms, the image file is available in the AWS and Azure marketplaces. Support for AWS and Azure is available with Security Connector version 3.5.0 or later.

For VM requirements and an overview of the steps that are required to set up the security connector, see Setup virtual machine requirements and Set up the security connector.

As part of the security connector setup process, you define how network traffic flows to and from the security connector. In addition to identifying the corporate DNS server or resolver, you also configure two network interfaces.

For the DNS or HTTP Forwarder, you can configure the number of interfaces that Security Connector uses for data. You can use one interface for ingress and egress traffic, or you can use two interfaces where one interface is for ingress traffic and the other interface is for egress traffic. By using two interfaces, your organization can apply different firewall rules to inbound and outbound traffic.

📘
Security Connector as a sinkhole always uses two interfaces. While you can change the number of interfaces for HTTP Forwarder and DNS Forwarder, you cannot change this setting for the sinkhole.

In the Security Connector, you configure these interfaces:

en1 interface (formerly the data interface). Depending on the number of interfaces you select for data, this interface can be used for inbound traffic, or for both inbound and outbound traffic.
- When you select one interface, the en1 interface is for both inbound and outbound traffic.
- When you select two interfaces, the en1 interface is for inbound traffic. In this situation, the en1 interface also includes the Web Console. The Web Console is where you configure settings for the VM and perform administrative operations.
  The en1 interface IP address is the IP address of the DNS Forwarder and HTTP Forwarder.
en2 interface (formerly the management interface). If there are two interfaces used for data, this interface is for outbound traffic. When there’s one interface configured, the en2 interface is used for the Web Console only.

After the security connector is configured with the network settings, you need to activate it. SIA allows you to generate the one-time code that is required for activation. After the connector is configured and activated, it communicates with SIA. Information about the security connector connection is shown in SIA including the security connector's IP address and the status of the communication.

📘
You can secure the Web Console with TLS by generating an Akamai certificate or uploading an intermediate certificate that’s signed by your organization’s certificate authority. If you're using SIA Proxy, the proxy MITM certificate is the certificate that’s automatically used for the Web Console. For more information, see Security Connector Web Console.