Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

SonicWALL WXA Series - C-cure

SonicWALL WXA – WAN Acceleration
Dennis Bergström, CISSP
SonicWALL Nordic
Technical Account Manager/SE
SonicWALL, Inc.
Dynamic Security for the Global Network
2
SonicWALL, Inc.
Dynamic Security for the Global Network
3
SonicWALL’s Legacy
4
Not only Next-Generation Firewalls – although they rock of course
SuperMassive™ E10000 Series
Data centers, ISPs
E10100
E10200
E10400
E10800
NSA E7500
NSA E6500
NSA E5500
NSA 3500
NSA 2400MX
NSA 2400
NSA 240
TZ 200 Series
TZ 100 Series
E-Class NSA Series
Medium to large
organizations
NSA E8510
NSA E8500
NSA Series
Branch offices and
medium sized organizations
NSA 4500
TZ Series
Small and remote
offices
TZ 210 Series
5
SonicWALL Product Line-up
Network Security
SSL VPN
Client
WAN Acceleration
App Intell &
Control
Clean Wireless – SonicPoint-N Series
Secure Remote Access
Connect
Mobile
Email Security
Backup and Recovery
Policy & Management
Spike
Access
Advanced
Reporting
Native Access Virtual
Modules
Assist
Virtual
Access
Web App
Firewall
Spike
Access
SonicWALL WXA Series
WXA 500 Live CD
WXA 2000
WXA 4000
7
Copyright 2011 SonicWALL Inc. All Right Reserved
WXA 5000
What Does WAN Acceleration Do?
 Improve Performance of Business Applications
 Optimize Response Times for Critical Applications
 Reduce Bandwidth Consumption
 Reduce associated Bandwidth Costs
… Make the network appear faster!
8
Copyright 2011 SonicWALL Inc. All Right Reserved
Have you ever…
…Collaborated with someone on a huge PowerPoint document with
• 10-15 revisions and passed the document back and forth?
• Did the collaboration over a slow internet connection?
…Accessed a large document on a shared site multiple times and
downloaded the whole file every time?
Redundant data sent back and forth results in waiting, wasting bandwidth and
productivity loss.
9
SonicWALL CONFIDENTIAL All Rights Reserved
There is a need for WAN Acceleration
Outpaced by Growing Bandwidth Requirements
Traditional QoS Ineffective
Application Latency
Redundant Traffic Consuming Bandwidth
10
Copyright 2011 SonicWALL Inc. All Right Reserved
Two front assault – the SonicWALL way
Traffic Shaping
• Ensure “Good Traffic” Composition
• Block Unwanted Traffic
• Utilize Bandwidth Effectively
Traffic Acceleration
• Traffic De-duplication
• WFS Caching
• Protocol Optimization
11
SonicWALL CONFIDENTIAL All Rights Reserved
WAN Acceleration Step 1 – Shape!
Bandwidth manage and control applications
 SonicWALL Application Intelligence, Control and Visualization
 1550+ Applications (3600+ signatures)
 Identify Applications
• Prioritize important traffic
• Block or restrict unimportant traffic
Goal:
“Good Traffic” at the gateway with Application
Intelligence & Control
12
SonicWALL CONFIDENTIAL All Rights Reserved
Shape! – Choose your traffic
Important Apps
13
Unimportant Apps
Shape! - Application Intelligence
Identify
Categorize
Control
Policy
Users/Groups
Critical Apps
Application Chaos
Reassembly-Free
Deep Packet Inspection
Ingress
Acceptable Apps
Egress
Unacceptable Apps
Cloud-Based
Extra-Firewall
Intelligence
Malware Blocked
Shape! – Get immediate insight for decisions
15
Shape! – Get your users to love you….
16
WAN Acceleration Step 2 – Accelerate!
Extremely Effective on:
 Email, PowerPoint, Excel spreadsheets, Word docs,
PDF
 SharePoint, Collaboration sites
 Files between 20Kb-20MB+
 Small Localized Changes
Benefits:
 Eliminate redundant traffic
 Increase responsiveness
 Improve user experience
17
SonicWALL CONFIDENTIAL All Rights Reserved
How does it really work?
Protocol Optimization
Reduce the chattiness of certain protocols like (WFS)
 Optimizes protocols like Windows File Sharing (WFS), FTP, email
 Makes an intelligent decision about the nature of the traffic to eliminate latency
 Decreases round-trips and chattiness of certain protocols
Before: WAN Acceleration
18
SonicWALL CONFIDENTIAL All Rights Reserved
With: WAN Acceleration
How does it really work?
WFS Acceleration
Decrease the amount of data to be sent across the WAN
=
Improves response times and transfer speeds when transfer
files between remote locations.
 File caching/de-duplication
 Metadata caching (File directory information)
 Active Directory Integration (The WXA becomes part of
the domain)
19
SonicWALL CONFIDENTIAL All Rights Reserved
How does it really work?
Understanding Byte-Caching
Without Byte Caching: 1 MB Change, Transfer Everything
VPN
(1 Mbps)
Work.pptx
8MB
Work.pptx
8MB
Total: 125 Sec = 2 Min, 5 Sec
8 MB / 1 Mbps = 62.5 Sec*
8 MB / 1 Mbps = 62.5 Sec
(1 Mbps = 1024 Kbps; 1024 Kbps / ( 8 Bits/Byte) = 128 Kbytes/Sec.; 8 MB = 8192 Kbytes; 8192/128 = 62.5 Sec.)
20
SonicWALL CONFIDENTIAL All Rights Reserved
How does it really work?
Understanding Byte-Caching
WITH Byte Caching: 1 MB Change, Transfer only the Change
VPN
(1 Mbps)
Work.pptx
8MB
Work.pptx
8MB
Total: 70.5 Sec = 1 min, 10.5 Sec
50.5 Second Saving = 40% Savings
8 MB / 1 Mbps = 62.5 Sec
1 MB / 1 Mbps = 8 Sec
(1 Mbps = 1024 Kbps; 1024 Kbps / ( 8 Bits/Byte) = 128 Kbytes/Sec.; 8 MB = 8192 Kbytes; 8192/128 = 62.5 Sec.)
21
SonicWALL CONFIDENTIAL All Rights Reserved
How does it really work?
Byte Caching
1. The WXA appliance builds and maintains
dictionaries based on most commonly passed
traffic
2. Data is replaced with tokens that the remote
WXA can use to recognize and reconstruct data
3. WXA Series CONVEYS data across the WAN
link.
22
SonicWALL CONFIDENTIAL All Rights Reserved
How does it really work?
What cannot be accelerated…
 De-duplication/Byte-Caching Acceleration relies on detecting repetition
1) Within a single file/stream
B
A
A
A
G
Z
A
2) Within a network
Web Page A
Web Page A
File 1
Web Page B
File 2
Web Page A
File 1
 Repetition signals an opportunity to optimize and accelerate.
 However, some traffic cannot be accelerated
 Traffic that does not repeat
 High-entropy traffic
(Hint: These two types of traffic are connected)
23
SonicWALL CONFIDENTIAL All Rights Reserved
How does it really work?
What cannot be accelerated…
High-Entropy Traffic
 Encrypted traffic
 SSL, IPSec
 Compressed traffic
 GZIP, RAR, 7zip, bzip
 Video, Audio
 Already optimized traffic
 RDP, Citrix
24
SonicWALL CONFIDENTIAL All Rights Reserved
Non-Repeating Traffic
 Single file in one direction
sent once
 Single web page access
 (High-Entropy Traffic)
This is how we do it!
Simple Two-Site Deployment
Result
 Traffic between two sites optimized with minimal
configuration
25
SonicWALL CONFIDENTIAL All Rights Reserved
You already know this!....
 WXA Management through host SNWL firewall interface.
 Firewall Takes Care of
 Auto provisioning of the WXA hardware or software solution (similar to SonicPoints)
 WXA license management
Consolidated management
 Application Control
 Firmware and configuration managed of the WXA appliance
 Deep Packet Inspection
 Wan Acceleration
 Health check probes of the WXA appliance
26
…and its really simple to get started!
 Firewall decides what traffic needs to be accelerated
 Default is “everything” that we can accelerate
Benefit: Decreases the amount of data sent over to the WXA for
processing
27
SonicWALL CONFIDENTIAL All Rights Reserved
Show me the money!
 Visualizes the benefits of using WAN Acceleration
28
SonicWALL CONFIDENTIAL All Rights Reserved
SonicWALL WXA Series
WXA 500 Live CD
WXA 2000
WXA 4000
29
Copyright 2011 SonicWALL Inc. All Right Reserved
WXA 5000
SonicWALL WXA Series Overview
WXA 500
WXA 2000
WXA 4000
WXA 5000
Min. SonicOS
Version
5.8.1
5.8.1
5.8.1
5.8.1
Recommended
Users1
20
120
240
360
Max WAN Accel
Flows
100
600
1200
1,800
Byte Caching
Yes
Yes
Yes
Yes
TCP
Acceleration
Yes
Yes
Yes
Yes
Compression
Yes
Yes
Yes
Yes
WFS
Acceleration
Yes2
Yes
Yes
Yes
Visualization
TCP/WFS
TCP/WFS
TCP/WFS
TCP/WFS
30
Copyright 2011 SonicWALL Inc. All Right Reserved
Choose anyone of these – they all speak WXA!
SuperMassive™ E10000 Series
Data centers, ISPs
E10100
E10200
E10400
E10800
NSA E7500
NSA E6500
NSA E5500
NSA 3500
NSA 2400MX
NSA 2400
NSA 240
TZ 200 Series
TZ 100 Series
E-Class NSA Series
Medium to large
organizations
NSA E8510
NSA E8500
NSA Series
Branch offices and
medium sized organizations
NSA 4500
TZ Series
Small and remote
offices
TZ 210 Series
31
Thank you…
Dennis Bergström, CISSP
SonicWALL Nordic
Technical Account Manager/SE
Related documents
Dell Presentation Template Standard 4:3 Layout
Dell Presentation Template Standard 4:3 Layout
Product Overview - Security Innovation Network
Product Overview - Security Innovation Network
Firewall services
Firewall services
SonicWALL UTM Overview Nov 10
SonicWALL UTM Overview Nov 10
Directorate Single Sky (SES) Support to CAA-NSA unit
Directorate Single Sky (SES) Support to CAA-NSA unit
the Presentation
the Presentation
SonicWALL Secure Upgrade Plus
SonicWALL Secure Upgrade Plus
Erin Corman
Erin Corman
Evans - Economic Outlook: National and State Conditions
Evans - Economic Outlook: National and State Conditions
Through a PRISM, Darkly
Through a PRISM, Darkly
Information Systems and Internet Security (ISIS) Lab Some Recent
Information Systems and Internet Security (ISIS) Lab Some Recent
Time Optimization
Time Optimization
Download