WIXLIB

Security and protectionThe dedicated, in-house DellSonicWALL Threat Research Teamworks on researching and developingcounter-measures to deploy to thefirewalls in the field for up-to-dateprotection. The team leverages morethan one million sensors across theglobe for malware samples, and fortelemetry feedback on the latest threatinformation, which in turn is fed intothe intrusion prevention, anti-malwareand application detection capabilities.Dell SonicWALL NGFW customersbenefit from continuously updatedthreat protection around the clock, withnew updates taking effect immediatelywithout reboots or interruptions. Thesignatures resident on the appliancesApplication intelligenceand controlApplication intelligence informsadministrators of application traffictraversing their network, so they canschedule application controls based onbusiness priority, throttle unproductiveapplications and block potentiallydangerous applications. Real-timevisualization identifies traffic anomaliesas they happen, enabling immediatecountermeasures against potentialinbound or outbound attacks orperformance bottlenecks.Dell SonicWALL Application TrafficAnalytics provide granular insight intoapplication traffic, bandwidth utilizationand security threats, as well aspowerful troubleshooting and forensicscapabilities. Additionally, secure SingleSign-On (SSO) capabilities ease theuser experience, increase productivityand reduce support calls.The Dell SonicWALL GlobalManagement System (GMS )simplifies management of applicationintelligence and control using anintuitive, web-based interface.are designed to protect against wideclasses of attacks, covering tens ofthousands of individual threats with asingle signature.In addition to the countermeasureson the appliance, NSA appliances alsohave access to the Dell SonicWALLCloudAV Service, which extendsthe onboard signature intelligencewith over 30 million signatures. ThisCloudAV database is accessed via aproprietary, light-weight protocol bythe firewall to augment the inspectiondone on the appliance. With Geo-IPand botnet filtering capabilities, DellSonicWALL NGFWs are able to blocktraffic from dangerous domains orentire geographies in order to reducethe risk profile of the network.ProtectionCollectionCreationClassification

FeaturesRFDPI engineFeatureDescriptionReassembly-Free Deep PacketInspection (RFDPI)This high-performance, proprietary and patented inspection engine performs streambased bi-directional traffic analysis, without proxying or buffering, to uncover intrusionattempts, malware and identify application traffic regardless of port.Bi-directional inspectionScans for threats in both inbound and outbound traffic simultaneously to ensure that thenetwork is not used to distribute malware, and does not become a launch platform forattacks in case an infected machine is brought inside.Stream-based inspectionProxy-less and non-buffering inspection technology provides ultra-low latency performancefor DPI of millions of simultaneous network streams without introducing file and stream sizelimitations, and can be applied on common protocols as well as raw TCP streams.Highly parallel and scalableThe unique design of the RFDPI engine works with the multi-core architecture to providehigh DPI throughput and extremely high new session establishment rates to deal withtraffic spikes in demanding networks.Single-pass inspectionA single-pass DPI architecture simultaneously scans for malware, intrusions andapplication identification, drastically reducing DPI latency and ensuring that all threatinformation is correlated in a single architecture.Capture ATPFeatureDescriptionMulti-engine sandboxingThe multi-engine sandbox platform, which includes virtualized sandboxing, full systememulation and hypervisor level analysis technology, executes suspicious code andanalyzes behavior, providing comprehensive visibility into malicious activity.Broad file type and size analysisAnalyzes a broad range of file types including executable programs (PE), DLL, PDFs, MSOffice documents, archives, JAR, and APK plus multiple operating systems (Windows,Android, Mac OS X) and multi-browser environments.Rapid deployment of signaturesWhen a file is identified as malicious, a signature is immediately deployed to firewallswith an active SonicWALL Capture subscription as well as GRID Gateway Anti-virus andIPS signature databases plus URL, IP and domain reputation databases within 48 hours.Block until verdictTo prevent potentially malicious files from entering the network, files sent to the cloudfor analysis can be held at the gateway until a verdict is determined.Intrusion preventionFeatureDescriptionCountermeasure-based protectionTightly integrated intrusion prevention system (IPS) leverages signatures and othercountermeasures to scan packet payloads for vulnerabilities and exploits, covering abroad spectrum of attacks and vulnerabilities.Automatic signature updatesThe Dell SonicWALL Threat Research Team continuously researches and deploys updatesto an extensive list of IPS countermeasures that covers more than 50 attack categories. Thenew updates take immediate effect without any reboot or service interruption required.Intra-zone IPS protectionBolsters internal security by segmenting the network into multiple security zones withintrusion prevention, preventing threats from propagating across the zone boundaries.Botnet command and control (CnC)detection and blockingIdentifies and blocks command and control traffic originating from bots on the local networkto IPs and domains that are identified as propagating malware or are known CnC points.Protocol abuse/anomaly detectionand preventionIdentifies and blocks attacks that abuse protocols in an attempt to sneak past the IPS.Zero-day protectionProtects the network against zero-day attacks with constant updates against the latestexploit methods and techniques that cover thousands of individual exploits.Anti-evasion technologyExtensive stream normalization, decoding and other techniques ensure that threats donot enter the network undetected by utilizing evasion techniques in Layers 2-7.

Threat preventionFeatureDescriptionNetwork-based malware protectionThe Dell SonicWALL RFDPI engine scans all inbound, outbound and intra-zone trafficfor viruses, Trojans, key loggers and other malware in files of unlimited length and sizeacross all ports and TCP streams.CloudAV malware protectionA continuously updated database of over 30 million threat signatures resides in the DellSonicWALL cloud servers and is referenced to augment the capabilities of the onboardsignature database, providing RFDPI with extensive coverage of threats.Cloud-based sandboxingDell SonicWALL Capture Advance Threat Protection Service uses cloud-based, multiengine sandboxing, including full system emulation, virtualization and hypervisor leveltechniques, to analyze suspicious files, detect malicious behavior and block unknownand zero-day attacks at the gateway.Around-the-clock security updatesThe Dell SonicWALL Threat Research Team analyzes new threats and releasescountermeasures 24 hours a day, 7 days a week. New threat updates are automaticallypushed to firewalls in the field with active security services, and take effect immediatelywithout reboots or interruptions.SSL decryption and inspectionDecrypts and inspects SSL traffic on the fly, without proxying, for malware, intrusionsand data leakage, and applies application, URL and content control policies in order toprotect against threats hidden in SSL encrypted traffic.Bi-directional raw TCP inspectionThe RFDPI engine is capable of scanning raw TCP streams on any port bi-directionally,preventing attacks that try to sneak by outdated security systems that focus on securinga few well-known ports.Extensive protocol supportIdentifies common protocols such as HTTP/S, FTP, SMTP, SMBv1/v2 and others, which donot send data in raw TCP, and decodes payloads for malware inspection, even if they donot run on standard, well-known ports.Enforced Anti-Virus andAnti-Spyware Client softwareAutomatically detect non-compliant endpoint machines and install the Dell Anti-Virusand Anti-Spyware software* machine-by-machine across the network regardlessof whether devices are inside the corporate network or outside connected via VPN.Windows only.*Requires the Dell SonicWALL Anti-Virus and Anti-Spyware Client softwareApplication intelligence and controlFeatureDescriptionApplication controlControls applications, or individual application features, which are identified by the RFDPIengine against a continuously expanding database of over 3,500 application signatures,to increase network security and enhance network productivity.Custom application identificationControls custom applications by creating signatures based on specific parameters orpatterns unique to an application in its network communications, in order to gain furthercontrol over the network.Application bandwidth managementGranularly allocate and regulate available bandwidth for critical applications orapplication categories while inhibiting nonessential application traffic.On-box/off-box traffic visualizationIdentifies bandwidth utilization and analyzes network behavior with real-time, on-boxapplication traffic visualization and off-box application traffic reporting via NetFlow/IPFix.Granular controlControls applications, or specific components of an application, based on schedules,user groups, exclusion lists and a range of actions with full SSO user identificationthrough LDAP/AD/Terminal Services/Citrix integration.

Content filteringFeatureDescriptionInside/Outside content filteringEnforce acceptable use policies and block access to websites containing information orimages that are objectionable or unproductive with Content Filtering Service. Extend policyenforcement to block internet content for devices located outside the firewall perimeterwith the Content Filtering Client.Granular controlsBlock content using the predefined categories or any combination of categories. Filteringcan be scheduled by time of day, such as during school or business hours, and applied toindividual users or groups.Dynamic rating architectureAll requested web sites are cross-referenced against a dynamically updated database inthe cloud categorizing millions of URLs, IP addresses and domains in real time.Web cachingURL ratings are cached locally on the Dell SonicWALL firewall so that the response timefor subsequent access to frequently visited sites is only a fraction of a second.Enforced anti-virus and anti-spywareFeatureDescriptionMulti-layered protectionA firewall’s gateway anti-virus solution provides the first layer of defense at the perimeter,however viruses can still enter the network through laptops, thumb drives and otherunprotected systems. Utilize a layered approach to anti-virus and anti-spywareprotection to extend to both client and server.Automated enforcementEnsure every computer accessing the network has the most recent version of antivirus and anti-spyware signatures installed and active, eliminating the costs commonlyassociated with desktop anti-virus and anti-spyware management.Automated deployment andinstallationMachine-by-machine deployment and installation of anti-virus and anti-spyware clientsis automatic across the network, minimizing administrative overhead.Always on, automatic virusprotectionFrequent anti-virus and anti-spyware updates are delivered transparently to all desktopsand file servers to improve end user productivity and decrease security management.Spyware protectionPowerful spyware protection scans and blocks the installation of a comprehensive arrayof spyware programs on desktops and laptops before they transmit confidential data,providing greater desktop security and performance.Firewall and networkingFeatureDescriptionStateful Packet InspectionAll network traffic is inspected, analyzed and brought into compliance with firewallaccess policies.DDoS/DoS attack protectionSYN Flood protection provides a defense against DOS attacks using both Layer 3 SYN proxyand Layer 2 SYN blacklisting technologies. Additionally, it provides the ability to protectagainst DOS/DDoS through UDP/ICMP flood protection and connection rate limiting.Flexible deployment optionsThe NSA series can be deployed in traditional NAT, Layer 2 Bridge, Wire Mode andNetwork Tap modes.IPv6 supportThe NSA series supports IPv6, the internet protocol that increases the number of availableIP addresses. NSA series firewalls have achieved IPv6 Ready Phase 1/2 as well as ICSA Labsenterprise certification which includes IPv6 testing.

Firewall and networking con'tFeatureDescriptionHigh availability/clusteringThe NSA series supports Active/Passive with state synchronization, Active/Active DPIand Active/Active Clustering high availability modes. Active/Active DPI offloads the DeepPacket Inspection load to cores on the passive appliance to boost throughput.WAN load balancingLoad balances multiple WAN interfaces using Round Robin, Spillover or Percentagebased methods.Policy-based routingCreates routes based on protocol to direct traffic to a preferred WAN connection with theability to fail back to a secondary WAN in the event of an outage.Advanced QoSGuarantees critical communications with 802.1p and DSCP tagging, and remapping ofVoIP traffic on the network.H.323 gatekeeper and SIPproxy supportBlocks spam calls by requiring that all incoming calls are authorized and authenticated byH.323 gatekeeper or SIP proxy.Management and reportingFeatureDescriptionGlobal Management SystemThe Dell SonicWALL GMS monitors, configures and reports on multiple Dell SonicWALLappliances through a single management console with an intuitive interface to reducemanagement costs and complexity.Powerful, single device managementAn intuitive, web-based interface allows quick and convenient configuration in additionto a comprehensive CLI and support for SNMPv2/3.Application flow reportingExports application traffic analytics and usage data for real-time and historicalmonitoring and reporting with tools such as Dell SonicWALL GMS or Analyzer.Virtual Private NetworkingFeatureDescriptionIPSec VPN for site-to-siteconnectivityHigh-performance IPSec VPN allows the NSA series to act as a VPN concentrator forthousands of other large sites, branch offices or home offices.SSL VPN and IPSec clientremote accessUtilizes clientless SSL VPN technology or an easy-to-manage IPSec client for easy accessto email, files, computers, intranet sites and applications from a variety of platforms.Redundant VPN gatewayWhen using multiple WANs, a primary and secondary VPN can be configured to allowseamless automatic failover and failback of all VPN sessions.Route-based VPNThe ability to perform dynamic routing over VPN links ensures continuous uptime inthe event of a temporary VPN tunnel failure, by seamlessly re-routing traffic betweenendpoints through alternate routes.Content/context awarenessFeatureDescriptionUser activity trackingUser identification and activity are made available through seamless AD/LDAP/Citrix/TerminalServices SSO integration combined with extensive information obtained through DPI.GeoIP country traffic identificationIdentifies and controls network traffic going to or coming from specific countries toeither protect against attacks from known or suspected origins of threat activity, or toinvestigate suspicious traffic originating from the network.Regular Expression DPI filteringPrevents data leakage by identifying and controlling content crossing the networkthrough regular expression matching.

SonicOS feature summaryFirewall Reassembly-Free Deep PacketInspection Deep packet inspection for SSL Stateful packet inspection Stealth mode Common Access Card (CAC) support DOS attack protection UDP/ICMP/SYN flood protection SSL decryption and inspection IPv6 securityIntrusion prevention Signature-based scanning Automatic signature updates Bidirectional inspection engine Granular IPS rule capability GeoIP and reputation-based filtering Regular expression matchingAnti-malware Stream-based malware scanning Gateway anti-virus Gateway anti-spyware Bi-directional inspection No file size limitation Cloud malware databaseApplication control Application control Application component blocking Application bandwidth management Custom application signature creation Data leakage prevention Application reporting overNetFlow/IPFIX User activity tracking (SSO) Comprehensive applicationsignature databaseWeb content filtering URL filtering Anti-proxy technology Keyword blocking Bandwidth manage CFS ratingcategories Unified policy model with app control 56 content filtering categories Content Filtering ClientVPN IPSec VPN for site-to-site connectivity SSL VPN and IPSec client remoteaccess Redundant VPN gateway Mobile Connect for iOS, Mac OS X,Windows, Chrome, Android andKindle Fire Route-based VPN (OSPF, RIP)Networking Jumbo frames Layer-2 network discovery IPv6 Path MTU discovery Enhanced logging VLAN trunking RSTP (Rapid Spanning Tree Protocol) Port mirroring Layer-2 QoS Port security Dynamic routing SonicPoint wireless controller Policy-based routing Advanced NAT DHCP server Bandwidth management Link aggregation Port redundancy A/P high availability with state sync A/A clustering Inbound/outbound load balancing L2 bridge, wire mode, tap mode,NAT modeVoIP Granular QoS control Bandwidth management DPI for VoIP traffic H.323 gatekeeper and SIP proxysupportManagement and monitoring Web GUI Command line interface (CLI) SNMPv2/v3 Centralized management andreporting Logging Netflow/IPFix exporting App traffic visualization Centralized policy management Single Sign-On (SSO) Terminal service/Citrix support BlueCoat Security Analytics Platform Application and bandwidthvisualization IPv4 and IPv6 ManagementIPv6 IPv6 filtering 6rd (rapid deployment) DHCP prefix delegation Wire mode BGPCapture ATP Cloud-based multi-engine analysis Virtualized sandboxing Hypervisor level analysis

The Dell SonicWALL NSA 2600 is designed to address the needs of growing small organizations, branch offices and school campuses. Network Security Appliance 3600/4600 The Dell SonicWALL NSA 3600/4600 is ideal for branch office and small- to medium-sized corporate environments concerned about throughput capacity and performance.