SonicWALL UTM Firewall Overview
November 2010
Andy Barrow
SonicWALL Product Manager
+44 1753 797944
Who are SonicWALL?

SonicWALL was founded in February 1991 to develop standards-based, network
infrastructure products to meet the needs of the small to medium business and
education markets.

Today, SonicWALL’s Internet security and transaction security solutions are
leading the way for a more diverse and secure Internet experience for small,
medium and large enterprises.
2
CONFIDENTIAL All Rights Reserved
4/8/2015
The SonicWALL Global Presence
Canada
United States
Mexico
Brazil
Belgium
United Kingdom
Germany
France
Spain
Italy
Russia
Dubai
Switzerland
Sweden
India
Japan
Korea
China
Hong Kong
Singapore
Australia
 25 offices around the world
 Conducting business in over 50 countries
3
CONFIDENTIAL All Rights Reserved
4/8/2015
How it all fits together
Market
Convergence
Vendor /
Technology
Convergence
End User /
Channel
Convergence
Keep Businesses Running
Increase IT Productivity
Manage Risks
Policy and Management
Business
Continuity
Content
Security
Network
Security
Content
Security
Business
Continuity
Policy and
Management
Unified
Threat
Management
Inbound &
Outbound
Content
Filtering
Secure
Backup and
Recovery
Policy
Creation
(Gateway AV,
Anti-Spy, IPS)
Network
Security
SSL-VPN
Compliance
Anti—Virus
Anti-Spyware
Anti-SPAM
Patch
Management
Comprehensive & Continuous Protection for our End-Users
Predictable & Profitable Growth for our Channel Partners
Monitoring
Reporting
Management
Recent 5 Star Awards – Across 4 Major
Product Categories
UTM – Network Security
5
CONFIDENTIAL All Rights Reserved
SSL VPN – Remote Access
Email Security Management
4/8/2015
Gartner Magic Quadrant - 2010
Magic Quadrant for Unified Threat Management Appliances
Source: Gartner October 2010
6
© 2005 SonicWALL, Inc. All Rights Reserved - Confidential
What’s a firewall?
A firewall is a dedicated appliance which
inspects network traffic passing through it,
and denies or permits passage based on a
set of rules. Wikipedia
7
CONFIDENTIAL All Rights Reserved
4/8/2015
Typical Deployment
8
CONFIDENTIAL All Rights Reserved
4/8/2015
Why do I need a firewall?
 To stop the wrong people getting into your network?
 Identity theft is big business
 Cabinet Office study – Cost of ID fraud to UK = £1.7Bn every
year
 FBI – 27.3 Million Americans have been victims costing
$48Bn!
 Personal data is everywhere
 DOB+ Address + fake utility bill = You 2.0
 C/Card details – Traded world wide
 New standards like PCI require you to have one
9
CONFIDENTIAL All Rights Reserved
4/8/2015
Networking Drivers & Trends
Business Drivers
 Reduction in operating costs
 Focus on TCO
 Mobilization of the workforce
 Compliance
 Outsourcing growth
 Gaining competitive advantage
Technology Trends
 Growth in real-time & Internet based
applications & communication
 SaaS / Web 2.0
 Virtualization of services
 Employees increasing utilize network
services – productive and unproductive
 High speed and available information
sharing is critical
 Increases in bandwidth and volume of
traffic
10
The Communications Landscape Is Rapidly Evolving
SonicWALL CONFIDENTIAL All Rights Reserved
The Facts at Work
25% of employees do peer-to-peer
file sharing at work
Equifax, 2007
16% of men and 8% of women admit
viewing pornography at work
USA Today, 2007
25% of office internet traffic
is non-business related
Burst Media Survey, 2008
11
CONFIDENTIAL All Rights Reserved
4/8/2015
Networks Exposed to New Threats

130% – The increase in unique
malware found in the wild from
July to November of 2008
(Kaspersky Labs)

4.2 million – The number of
URLs around the world that
harbor Malware
(Source: IT Pro, 2007)

Result – Trojans and malware
now outnumber viruses in terms
of risk to a network
(Kaspersky Labs)
12
CONFIDENTIAL All Rights Reserved
4/8/2015
Why do I need a new type of
Firewall?
 Because the Cyber criminals have got smarter.
 New and sneakier ways of getting in:
 Trojans
 Worms
 Spyware
 Botnets
 Applications like Instant Messenger and Skype create a
hole in your firewall.
 Recently, the FBI noted that 98% of organizations use
firewalls, but that 56% of them had still experienced
unauthorized network access.
13
CONFIDENTIAL All Rights Reserved
4/8/2015
What Are Employees Doing?








14
CONFIDENTIAL All Rights Reserved
Web surfing
Twitter, Facebook
Downloading files
Instant messaging
Streaming video
Web 2.0 applications
Playing games
Personal email
4/8/2015
…and More Non-Traditional Malware
The Prediction
Malware specifically disguised as "benign social networking links" will be
the top threat to data security in 2009.
(Georgia Tech's Information Security Center Emerging Cyber Threats Report for 2009)
The Reality
Target:
Set-up:
Lure:
Attack:
Infect:
Result:
LinkedIn
Create bogus celebrity LinkedIn profiles
Place link to celebrity “videos” in profile
Download of “codec” required to view video
Codec is actually Malware
System compromised
Beyonce
Kirsten
Dunst
Christina
Ricci
Kate
Hudson
(Gregg Keizer, Computerworld Jan 7, 2009)
15
CONFIDENTIAL All Rights Reserved
4/8/2015
New Risks
The New Paradigm of Network Communications Brings New Risk
SonicWALL CONFIDENTIAL All Rights Reserved
2010 Challenges
 Threats Aren’t Decreasing
User Population
 Increases in malware and malcode
 Threats go invisible
 Poor Application Visibility
 Abundance of unknown application use
 Ports are ineffective at blocking
application use
 Network misuse is rampant
 Increased Network Complexity
 Bandwidth efficiency is a top concern
 Admins want to manage and control
network traffic based on identity
Expanding App Usage
Open Access to Internet
Increase in “Unknown”
Traffic
Limited Control Over
Content
Security Required By
Application
Ever-increasing thirst for
Bandwidth
Network Use
SonicWALL CONFIDENTIAL All Rights Reserved
Current Solutions Present Challenges
Threats
Current
Required
Application Access
3
Application Layer Threats
Proxy
Software Vulnerabilities
2
Worms
IDS/IDP
Basic Applications
Legacy System Access
Complete
Inspection must
span the
communication
spectrum
1
Traditional Firewall

Network safeguards are changing with threats; As threats move up the
OSI model, inspection must be more complete and scalable

Application visibility is paramount to overcome the next generation of
threats and productivity issues

Siloed solutions are the current response due to performance but multilayered protection is the future
SonicWALL CONFIDENTIAL All Rights Reserved
Next Generation Security Requirements
What Is the Ideal Solution for Next Generation Protection?
Solutions
Threats
Application Access
Application Layer Threats
App Layer
Software Vulnerabilities
Real-time Prot.
IDP/IPS/File
Worms
Basic Applications
Content Filter
DPI Firewall
Legacy System Access
Multi-Tiered Protection
1.
Consolidated & Integrated Security Technology
 Covering a Wide Spectrum of Content-based, File-based & Application
Layer Attacks
2.
Application Visibility
 Inspection of Real-time & Latency Sensitive Applications/Traffic
3.
Scalable & High Performing
 High Speed Protection Against Perimeter and Internal Network
Challenges
SonicWALL CONFIDENTIAL All Rights Reserved
Introducing SonicWALL’s UTM
Firewall Appliances
Next Generation NSA Architecture
2010 Security
Requirements
1.
SonicWALL
Solution Features
Consolidated & Integrated Security
Technology
Multi-Tiered Protection Technology
2.
Application Visibility - Inspection of
Real-time & Latency Sensitive
Applications/Traffic
Re-Assembly Free DPI (RFDPI)
3.
21
Scalable & High Performing
Enough to Protect Against
Perimeter and Internal Network
Challenges
SonicWALL CONFIDENTIAL All Rights Reserved
Multi-Core High Perf. Architecture
Introducing the SonicWALL NSA and
NSA E-Class Series
The SonicWALL® Network Security Appliance (NSA) Series - the first multicore Unified Threat Management (UTM) platform that delivers application
aware Unified Threat Management without compromising performance
From the NSA240 through to the
award winning E-Class E8500 with
multi-Gigabit throughput
 Next-Generation Unified Threat
Management
 Application Visibility & Awareness
with ReAssembly-Free DPI (RFDPI)
 Revolutionary Multi-Core
Performance for Ultimate Scalability
 Best-In-Class Performance and
RFDPIEngine
EngineArchitecture
Architecture
RTDPI
RTDPI
Engine
Architecture
Protection
+
+
Unified Threat Protection
Re-Assembly Free Design
SonicWALL CONFIDENTIAL All Rights Reserved
Multi-Core
SonicWALL Network Security
Appliance Features
1. Security Integration
2. Ultimate Connectivity
 Complete UTM Protection with Gateway
Anti-Virus, Anti-Spyware and IDP
 Next Generation Application Firewall
 Content & Application Filtering
 “Clean VPN” Protection
 Secure IPSec Site-to-Site VPN
Connectivity
 Exceptional User Policy Control and
Access to Resources
 Wireless Mobility
 Network Availability
3. Reliability & Optimization
4. Flexible Deployments
 Highly Redundant Hardware – Power/Fans
 One Point of Network Control
 Business Application Prioritization & QoS
 Integrated Server Load Balancing Feature-set
23
© 2005 SonicWALL, Inc. All Rights Reserved - Confidential
 Data Center, Campus & Department
Network Applications
Transparent L2 Bridge Mode
 Integrated Wireless Switch Deployment
 Ease of Deployment & Management
SonicWALL Network Security
Appliance Features
 Multi-Function Security Integration
Deep Packet Firewall

Application Firewall



Intrusion Prevention
Anti-Malware
Content Filtering
Full Ant-SPAM
 Application Visibility





Bandwidth Management

CONFIDENTIAL All Rights Reserved
“Clean VPN” Secure IPSec Site-to-Site VPN Connectivity,
Clean Wireless, Wireless Switch / Controller
Exceptional User Policy Control and Access to Resources
Integrated Wireless Switch offer “Clean Wireless”
Reliability, Optimization & Flexibility





24
Integrated Application Firewall
Policy control over Applications, Application use & File Types
Ultimate Connectivity

Clean Wireless
Clean VPN
Complete Threat Protection with Intrusion Prevention & AntiMalware/Virus/Spyware
Content Control & URL Filtering
Full “Enterprise” quality Integrated Anti-SPAM
Protect whole infrastructures such as StoneWare Access
Highly Redundant Hardware – Power/Fans
Business Application Prioritization & QoS
Integrated Server Load Balancing Feature-set
Flexible Deployments branch office, corporate & department
network Applications
Award winning: Deployment & Management
4/8/2015
Introducing SonicOS 5.8
 Application Firewall Feature
Set
 High Availability with
statesync
 Integrated Load Balancing
 Application Bandwidth
Management
 Single Sign On
 Fully Dynamic GUI
 And more…
SonicOS 5.8 Redefines Deployment & Management
Simplicity and Functionality
25
SonicWALL CONFIDENTIAL All Rights Reserved
True L7 Application Intelligence
Standard with CGSS on all models from TZ210 upwards
Real time application visibility and control of users / apps
Fully customisable
Fully integrated into UTM appliance
Simple to manage
SonicWALL CONFIDENTIAL All Rights Reserved
The answer is…Application Intelligence
 Intelligence




Reassembly Free Deep Packet Inspection
Identify & categorise traffic by source / destination
Identify & categorise traffic by application (not just port / protocol)
Identify & categorise traffic by user / group (not just IP )
 Control
 Intelligence based policy enforcement
 Application & content control with 3000+ applications
 Application level bandwidth management
 Visualisation
 View network threats & trends in real time
 View application traffic by users
 View application bandwidth useage (ingress / egress)
27
CONFIDENTIAL All Rights Reserved
4/8/2015
The answer is… DPI – Reassmbly Free
 Reassembly Free Deep
Packet Inspection
 Avoid Latency (no buffering)
 Unique to SonicWALL
 Deep packet Inspection
 Doesn’t just check the list
 It searches…Deep inside
…the data packet
 All SonicWALL firewalls are
Deep Packet inspection
Firewalls
28
CONFIDENTIAL All Rights Reserved
4/8/2015
Layer 7 Application Visibility and
Control
29
© 2010 SonicWALL, Inc. All Rights Reserved - Confidential
Deployment Flexibility
Deployments: Central Site, Distributed Networks, Layer 2 Bridge, Wireless
Switch, Real-Time Application Protection
SonicWALL CONFIDENTIAL All Rights Reserved
SonicWALL GRID Network
Data Collection
Protection Development
Deployed Protection
Data Collection
010101010101010010
101010101001010101
010010101010100101
010101010100101010
101010010101001010
10100
UTM Appliances
NSA Series
24x7 Security Team
SonicWALL’s Global Response Internet Defense (GRID) Network works 24x7
by gathering and sharing security intelligence across all product platforms
SonicWALL CONFIDENTIAL All Rights Reserved
Product Specifications
SonicWALL UTM product range
No. of users
0 to 10
10 to 25
25 to 50
50 to 75
75 to 150
150 to 300
300 to 700
700 to 1000
1000 to
1500
1500 to 5000
Model
TZ 100/w
TZ 200/w
TZ 210/w
NSA 240
NSA 2400
NSA 3500
NSA 4500
NSA E5500
NSA E6500
NSA E7500
Interfaces
5 Ethernet
5 Ethernet
2 Gigabit/E + 4
Ethernet
3 Gigabit/E
+ 6 Ethernet
Throughput
90 Mbps
200 Mbps
200 Mbps
600 Mbps
775 Mbps
1,5 Gbps
2,75 Gbps
4 Gbps
4,5 Gbps
5,6 Gbps
UTM Through
25 Mbps
35 Mbps
50 Mbps
110 Mbps
150 Mbps
240 Mbps
600 Mbps
850 Mbps
1,6 Mbps
1,7 Gpbs
VPN Site
toSite
5
10
15
25
75
800
1 500
4 000
6 000
10 000
Client IPSEC
(max)
1 (25)
2 (10)
2 (25)
2 (25)
10 (250)
50 (1 000)
500 (3 000)
2 000 (4 000)
2 000 (6 000)
2 000 (10 000)
Client SSL
(max)
0 (5)
2 (10)
2 (10)
2 (15)
2 (25)
2 (30)
2 (30)
2 (50)
2 (50)
2 (50)
SMB
33
6 Gigabit/E
Mid-Market
4 Gigabit/E + 4
Gigabit Fibre
8 Gigabit/E
Enterprise
4/8/2015
SonicWALL NEW UTM Appliance
SonicWALL NSA E8500 UTM Appliance
Featuring :
4 Gigabit/E + 4SFP Interfaces
8 GB Stateful Inspection throughput
2.2GB UTM throughput
34
CONFIDENTIAL All Rights Reserved
4/8/2015
NSA Series
NSA 5000
NSA 4500
NSA 3500
NSA 2400 MX
NSA 2400
NSA 240
SonicOS Version
Enhanced 5.8
Enhanced 5.8
Enhanced 5.8
Enhanced 5.8
Enhanced 5.8
Enhanced 5.8
Interfaces
6GE
6GE
6GE
16 GE
6GE
6GE
Stateful Firewall
Throughput
1.8 Gbps
2.75 Gbps
1.5 Gbps
775 Mbps
775 Mbps
600 Mbps
1.2 Gbps
600 Mbps
240 Mbps
150 Mbps
150 Mbps
110 Mbps
UTM GAV
Throughput
500 Mbps
690 Mbps
350 Mbps
160 Mbps
160 Mbps
115 Mbps
UTM IPS
Throughput
680 Mbps
1.4 Gbps
750 Mbps
275 Mbps
275 Mbps
195 Mbps
3DES / AES VPN
Performance
350 Mbps
1.0 Gbps
625 Mbps
300 Mbps
300 Mbps
150 Mbps
RAM
1GB
512 MB
512 MB
512 MB
512 MB
1GB
Future SonicOS
Future SonicOS
Future SonicOS
Future SonicOS
Future SonicOS
Future SonicOS
A/P w/Statesync
A/P w/Statesync
A/P w/Statesync
A/P w/Statesync
A/P w/Statesync
A/P w/Statesync
UTM Throughput
SSL-VPN
HA
35
SonicWALL CONFIDENTIAL All Rights Reserved
E-Series Solution Statistics
NSA E8500*
NSA E7500*
NSA E6500*
NSA E5500*
Unrestricted
Unrestricted
Unrestricted
Unrestricted
SonicOS Enhanced 5.8
SonicOS Enhanced 5.8
SonicOS Enhanced 5.8
SonicOS Enhanced 5.8
Multi-Core
16 Core
16 Core 600Mhz
16 Core 550Mhz
8 Core 550Mhz
Interfaces
(4) 10/100/1000 Copper
Gigabit Ports, (4) SFP
Ports, 1 Gbe HA port
(4) 10/100/1000 Copper
Gigabit Ports, (4) SFP Ports,
1 Gbe HA port
(8) 10/100/1000 Copper
Gigabit Ports, 1Gbe
HA port
(8) 10/100/1000 Copper
Gigabit Ports, 1Gbe HA
port
Stateful Firewall
Throughput
8 Gbps
5.6 Gbps
5 Gbps
3.9 Gbps
UTM Throughput
2.2 Gbps
1.7 Gbps
1.59 Gbps
850 Mbps
UTM GAV Throughput
2.25 Gbps
1.84 Gbps
1.69 Gbps
1.0 Gbps
UTM IPS Throughput
3.7 Gbps
2.58 Gbps
2.3 Gbps
2.0 Gbps
3DES/ AES VPN
Performance
4 Gbps
3 Gbps
2.7 Gbps
1.7 Gbps
Power Supplies
Dual Hot Swappable
Dual Hot Swappable
Single Power Supply
Single Power Supply
Cooling System
(Fans)
Dual Hot Swappable
Dual Hot Swappable
Dual Hot Swappable
Dual Hot Swappable
Visual Information
Display
Yes
Yes
Yes
Yes
Console Port
Yes
Yes
Yes
Yes
Yes (Future Use)
Yes (Future Use)
Yes (Future Use)
Yes (Future Use)
Node Count
SonicOS Version
Modular Expandability
* These are preliminary numbers subject to change // UTM, GAV, IPS tests performed using industry standard Spirent WebAvalance HTTP performance test
Next Generation Protection, Today
1.
The NSA and E-Class Series Integrates Security To Cover The Widest
Spectrum of Content-based, File-based & Application Layer Attacks
2.
The NSA and E-Class Series Is Designed to Increase Application
Visibility - Delivering Real-time & Latency Sensitive Applications/Traffic
For Future Proofed Investment
3.
The NSA and E-Class Series Is the Most Highly Performing & Scalable
Solution In Class
The Industry’s First Multi-core UTM Appliance delivering application visibility &
deep packet inspection without significantly impacting network throughput
SonicWALL CONFIDENTIAL All Rights Reserved
Competition
Better Protection & Performance
Solutions Are Not Created Equal
4500
4000
Performance (Mbps)
3500
3000
2500
2000
1500
1000
500
0
NSA
3500
NSA
4500
NSA
5000
FW Performance
ASA
5520
ASA
5510
FG
FG
300A 200A
w HD w HD
VPN Performance
FG
100A
IPS Performance
SSG- SSG- SSG UTM350M 320M 140M 1-450
GAV Performance
Deeper Inspection & Greater Performance
SonicWALL CONFIDENTIAL All Rights Reserved
*Competitive data obtained from vendor datasheet.
Better Protection & Performance
Solutions Are Not Created Equal
5000
4500
4000
Performance
(Mbps)
3500
3000
2500
2000
1500
1000
500
0
SonicWALL Juniper ISG
NSA E7500
2000
Firew all Performance
Fortinet
FortiGate
3000
Cisco ASA Checkpoint
5550
UTM-1 2050
VPN Performance
GAV Performance
Nokia IP
390
IPS Performance
Deeper Inspection & Greater Performance
General USP’s
 Total-protection – (GAV/IPS/Anti-Spyware) + AppF
 Connectivity Fail-Over (W/W – UMTS)
 Certified & Standards based – EAL4+
 Price/Quality!
 Distributed environments (many locations)
 10% extra discount for government / schools
 Secure Wireless Connectivity
 Filtering on internet use (Content Filtering)
 Offer support and licenses included
WHAT TO FIND – WHERE?
 3 main resources:
 www.sonicwall.com
 https://partnerlink.sonicwall.com/emea/
 www.mysonicwall.com