Guide

Set up the security connector

Suggest Edits

Before you begin

Complete these high-level steps to set up Security Connector.

To set up the security connector:

  1. Add the security connector. See Add a security connector.

  2. Download Enterprise Security Connector. See Download Security Connector.

    📘

    In version 3.5.0 or later, you can deploy a Security Connector image file on Amazon Web Services (AWS) and Microsoft Azure. On these cloud platforms, the Security Connector image file is available in the AWS and Azure marketplaces. You do not download the image file from Enterprise Center.

  3. Deploy Security Connector on a VM:

  4. Log in to Security Connector and create a password for the security connector, see Create a security connector password.

  5. In the security connector, configure network settings for the Security Connector interfaces and the DNS name servers. See Configure the en1 interface, Configure the en2 interface, and Configure DNS name servers.
    Configure your corporate resolvers as the DNS name servers.

  6. Configure the number of network interfaces that you want to use for Security Connector data. For more information, see Select one or two interfaces for DNS or HTTP Forwarder data.

  7. Generate an activation code for the security connector you added in ​SIA​. See Generate an activation code.

  8. Activate the security connector. See Activate the security connector.

  9. Run a connectivity test to confirm that the security connector can connect to ​Akamai​ services. See Run a connectivity test.

  10. To configure Security Connector as a DNS sinkhole:

    1. Create or modify a policy to associate the security connector with a threat category or a custom list. You should assign a security connector to the malware or C&C categories. See Assign security connectors to a policy.
    2. Test the security connector to ensure that it communicates with ​SIA​ and delivers event data to ​SIA​. See Test the security connector.

  11. To configure Security Connector as a DNS forwarder:

    1. If there are internal domains or IP addresses that you don’t want directed to ​SIA​ and prefer are handled by the corporate resolver, see Configure internal IP addresses, DNS suffixes, and email domains.
    2. Configure enterprise machines to forward DNS requests to DNS Forwarder. This is the IP address of the en1 interface (formerly the data interface). Make sure that you provide the IP addresses of the primary and secondary DNS forwarders, as well as the IP address of the corporate resolver. The corporate resolver should be listed as the last item in the ordered list to make sure it's only used as a fallback resolver.
    3. If you would like a different authoritative server to handle local requests instead of the DNS server configured on the Security Connector’s network, you can configure a local DNS server in your DNS Forwarder configuration. This allows the corporate DNS resolver that you configured as a Security Connector DNS Server to act as a fallback recursive resolver when SIA DNS cloud is not reachable. To configure a local server, see Configure local DNS servers.
    4. If you want to forward specific DNS traffic to an internal or external resolver in your network, set up conditional forwarding rules. For instructions, see Configure conditional forwarding.

  12. To configure Security Connector as an HTTP Forwarder, see Configure HTTP Forwarder.

  13. Add email addresses of administrators or other users within your organization that you want notified when there is a software upgrade available for the security connector. See Add email addresses for Security Connector upgrade notifications.

Updated 3 months ago