supporting document for Pre Deployment checklists
Sensor is a gateway appliance (physical in most cases) that receives a SPAN/Mirror copy of all the traffic moving in and out of the firewall. Most Static Analysis and DPI happen at the sensor. The Sensor is also responsible for describing the traffic model(s) and sending over the metadata to the master for further analysis.
Is used to collect Logs and Flows from the client network. It needs to upload the compressed data to Collector in the cloud.
Is responsible agentless Response & Remediation and needs to communicate with the Master in the cloud.
Simple network architecture depicting Sensor, GW Collector and Responder in a typical deployment.