WIXLIB

Application intelligence and controlApplication intelligence informsadministrators of application traffictraversing their network so they canschedule application controls based onbusiness priority, throttle unproductiveapplications and block potentiallydangerous applications. Real-timevisualization identifies traffic anomaliesas they happen, enabling immediatecountermeasures against potentialinbound or outbound attacks orperformance bottlenecks.SonicWall Application Traffic Analytics1provide granular insight into applicationtraffic, bandwidth utilization andsecurity threats, as well as powerfultroubleshooting and forensicscapabilities. Additionally, secure singlesign-on (SSO) capabilities ease theuser experience, increase productivityand reduce support calls. Managementof application intelligence and controlis simplified by the intuitive webbased interface.Global management and reportingFor highly regulated organizationswanting to achieve a fully coordinatedsecurity governance, compliance andrisk management strategy, the optionalSonicWall Global Management System1(GMS ) provides administrators aunified, secure and extensible platformto manage SonicWall firewalls, wirelessaccess points and switches through acorrelated and auditable workstreamprocess. GMS enables enterprises toeasily consolidate the management ofsecurity appliances, reduce administrativeand troubleshooting complexities,and govern all operational aspects ofthe security infrastructure, includingcentralized policy management andenforcement; real-time event monitoring;user activities; application identifications;flow analytics and forensics; complianceand audit reporting; and more. GMS alsomeets the firewall change managementrequirements of enterprises through aworkflow automation feature. With GMSworkflow automation, all enterprises willgain agility and confidence in deployingthe right firewall policies, at the righttime and in conformance to complianceregulations. GMS provides a coherent wayto manage network security by business1Requires added subscription5processes and service levels, dramaticallysimplifying lifecycle management ofyour overall security environments ascompared to managing on a device-bydevice basis.SonicWall GMS Secure Compliance edInfrastructureReporting CentralizedmanagementSonicWall Firewall Error-free policymanagement Strong access control Comprehensiveaudit trailsSonicWall WANAccelerationX-Series Switchwith PoE PCI, HIPAA, SOXreport templates Lower operating costsPort Expansion ScalabilitySonicWallSonicWave AP

FeaturesRFDPI ENGINEFeatureDescriptionReassembly-Free Deep PacketInspection (RFDPI)This high-performance, proprietary and patented inspection engine performs stream-based, bi-directional traffic analysis,without proxying or buffering, to uncover intrusion attempts and malware and to identify application traffic regardless of port.Bi-directional inspectionScans for threats in both inbound and outbound traffic simultaneously to ensure that the network is not used to distributemalware and does not become a launch platform for attacks in case an infected machine is brought inside.Stream-based inspectionProxy-less and non-buffering inspection technology provides ultra-low latency performance for DPI of millions ofsimultaneous network streams without introducing file and stream size limitations, and can be applied on common protocolsas well as raw TCP streams.Highly parallel and scalableThe unique design of the RFDPI engine works with the multi-core architecture to provide high DPI throughput and extremelyhigh new session establishment rates to deal with traffic spikes in demanding networks.Single-pass inspectionA single-pass DPI architecture simultaneously scans for malware, intrusions and application identification, drasticallyreducing DPI latency and ensuring that all threat information is correlated in a single architecture.FIREWALL AND NETWORKINGFeatureDescriptionREST APIsAllows the firewall to receive and leverage any and all proprietary, original equipment manufacturer and third-partyintelligence feeds to combat advanced threats such as zero-day, malicious insider, compromised credentials, ransomware andadvanced persistent threats.Stateful packet inspectionAll network traffic is inspected, analyzed and brought into compliance with firewall access policies.High availability/clusteringThe SuperMassive Series supports Active/Passive (A/P) with state synchronization, Active/Active (A/A) DPI and Active/Active clustering high availability modes. Active/Active DPI offloads the deep packet inspection load to cores on the passiveappliance to boost throughput.DDoS/DoS attack protectionSYN flood protection provides a defense against DOS attacks using both Layer 3 SYN proxy and Layer 2 SYN blacklistingtechnologies. Additionally, it protects against DOS/DDoS through UDP/ICMP flood protection and connection rate limiting.IPv6 supportInternet Protocol version 6 (IPv6) is in its early stages to replace IPv4. With the latest SonicOS 6.2, the hardware will supportfiltering and wire mode implementations.Flexible deployment optionsThe SuperMassive Series can be deployed in traditional NAT, Layer 2 bridge, wire and network tap modes.WAN load balancingLoad-balances multiple WAN interfaces using Round Robin, Spillover or Percentage methods. Policy-based routing Createsroutes based on protocol to direct traffic to a preferred WAN connection with the ability to fail back to a secondary WAN inthe event of an outage.Advanced quality of service (QoS)Guarantees critical communications with 802.1p, DSCP tagging, and remapping of VoIP traffic on the network.H.323 gatekeeper and SIPproxy supportBlocks spam calls by requiring that all incoming calls are authorized and authenticated by H.323 gatekeeper or SIP proxy.Single and cascaded Dell X-Seriesnetwork switch managementManage security settings of additional ports, including Portshield, HA, POE and POE , under a single pane of glass using thefirewall management dashboard for Dell’s X-Series network switch.Biometric authenticationSupports mobile device authentication such as fingerprint recognition that cannot be easily duplicated or shared to securelyauthenticate the user identity for network access.Open authentication and social loginEnable guest users to use their credential from social networking service such as Facebook, Twitter, or Google to sign in andaccess the Internet and other guest services through a host's wireless, LAN or DMZ zones using pass-through authentication.Multi-domain authenticationEnables simple and fast way to administer security polices across all network domains. Manage individual policy to a singledomain or group of domains.MANAGEMENT AND REPORTINGFeatureDescriptionGlobal Management System1 (GMS)SonicWall GMS monitors, configures and reports on multiple SonicWall appliances through a single management console withan intuitive interface, reducing management costs and complexity.Powerful single device managementAn intuitive web-based interface allows quick and convenient configuration, in addition to a comprehensive command-lineinterface and support for SNMPv2/3.IPFIX/NetFlow applicationflow reportingExports application traffic analytics and usage data through IPFIX or NetFlow protocols for real-time and historical monitoringand reporting with tools such as SonicWall Scrutinizer or other tools that support IPFIX and NetFlow with extensions.6

FeaturesVIRTUAL PRIVATE NETWORKING (VPN)FeatureDescriptionAuto-provision VPNSimplifies and reduces complex distributed firewall deployment down to a trivial effort by automating the initial site-to-site VPNgateway provisioning between SonicWall firewalls while security and connectivity occurs instantly and automatically.VPN for site-to-site connectivityHigh-performance IPSec VPN allows the SuperMassive Series to act as a VPN concentrator for thousands of other large sites,branch offices or home offices.SSL VPN or IPSec clientremote accessUtilizes clientless SSL VPN technology or an easy-to-manage IPSec client for easy access to email, files, computers, intranet sitesand applications from a variety of platforms.Redundant VPN gatewayWhen using multiple WANs, a primary and secondary VPN can be configured to allow seamless, automatic failover and failbackof all VPN sessions.Route-based VPNThe ability to perform dynamic routing over VPN links ensures continuous uptime in the event of a temporary VPN tunnel failure, byseamlessly re-routing traffic between endpoints through alternate routes.CONTENT/CONTEXT AWARENESSFeatureDescriptionUser activity trackingUser identification and activity are made available through seamless AD/LDAP/Citrix1/Terminal Services1 SSO integrationcombined with extensive information obtained through DPI.GeoIP country trafficidentificationIdentifies and controls network traffic going to or coming from specific countries to either protect against attacks from knownor suspected origins of threat activity, or to investigate suspicious traffic originating from the network. Ability to create customcountry and Botnet lists to override an incorrect country or Botnet tag associated with an IP address.Regular expression DPI filteringPrevents data leakage by identifying and controlling content crossing the network through regular expression matching.CAPTURE ADVANCED THREAT PROTECTION1FeatureDescriptionMulti-engine sandboxingThe multi-engine sandbox platform, which includes virtualized sandboxing, full system emulation, and hypervisor level analysistechnology, executes suspicious code and analyzes behavior, providing comprehensive visibility to malicious activityBlock until verdictProvides the ability to create custom country and Botnet lists to override an incorrect country or Botnet tag associated with anIP address.Broad file type analysisSupports analysis of a broad range of file types, including executable programs (PE), DLL, PDFs, MS Office documents, archives, JAR,and APK plus multiple operating systems including Windows, Android, Mac OS and multi-browser environments.Rapid deployment of signaturesWhen a file is identified as malicious, a signature is immediately deployed to firewalls with SonicWall Capture subscriptions andGRID Gateway Anti-Virus and IPS signature databases and the URL, IP and domain reputation databases within 48 hours.Capture ClientCapture Client is a unified client platform that delivers multiple endpoint protection capabilities, including advanced malwareprotection and support for visibility into encrypted traffic. It leverages layered protection technologies, comprehensive reportingand endpoint protection enforcement.CAPTURE SECURITY APPLIANCE (CSa)FeatureDescriptionCompliance-centeredmalware detectionAnalyze suspicious files in your own environment without sending files or results to a third-party cloud.Built-in integrationsCSa supports out of the box integrations with other security solutions (firewalls and email security) from SonicWall.Near real-time protectionSonicWall’s patented RTDMI technology helps detect malware quickly, even for previously unknown malware, that CSa can enablethe block until verdict capability on SonicWall next-generation firewalls.DeploymentCSa can be configured on a private network directly connected to a singular edge firewall or be reachable over the Internet directlyor using VPN by branch firewalls.ENCRYPTED THREAT PREVENTION1FeatureDescriptionTLS/SSL decryption andinspectionDecrypts and inspects SSL/TLS traffic on the fly, without proxying, for malware, intrusions and data leakage, and appliesapplication, URL and content control policies in order to protect against threats hidden in TLS/SSL encrypted traffic. Included withsecurity subscriptions for all models.SSH inspectionDeep packet inspection of SSH (DPI-SSH) decrypts and inspect data traversing over SSH tunnel to prevent attacks thatleverage SSH.INTRUSION rotectionTightly integrated intrusion prevention system (IPS) leverages signatures and other countermeasures to scan packet payloads forvulnerabilities and exploits, covering a broad spectrum of attacks and vulnerabilities.Automatic signature updatesThe SonicWall Threat Research Team continuously researches and deploys updates to an extensive list of IPS countermeasures thatcovers more than 50 attack categories. The new updates take effect immediately, without any reboot or service interruption required.Intra-zone IPS protectionBolsters internal security by segmenting the network into multiple security zones with intrusion prevention, preventing threatsfrom propagating across the zone boundaries.7

FeaturesINTRUSION PREVENTION1 CONT'DBotnet command and control(CnC) detection and blockingIdentifies and blocks command and control traffic originating from bots on the local network to IPs and domains that are identifiedas propagating malware or are known CnC points.Protocol abuse/anomalydetection and preventionIdentifies and blocks attacks that abuse protocols in an attempt to sneak past the IPS.Zero-day protectionProtects the network against zero-day attacks with constant updates against the latest exploit methods and techniques that coverthousands of individual exploits.Anti-evasion technologyExtensive stream normalization, decoding and other techniques ensure that threats do not enter the network undetected byutilizing evasion techniques in Layers 2-7.THREAT PREVENTION1FeatureDescriptionGateway anti-malwareThe RFDPI engine scans all inbound, outbound and intra-zone traffic for viruses, Trojans, key loggers and other malware in files ofunlimited length and size across all ports and TCP streams.CloudAV malware protectionA continuously updated database of tens of millions of threat signatures resides in the SonicWall cloud servers and is referenced toaugment the capabilities of the onboard signature database, providing RFDPI with extensive coverage of threats.Around-the-clock securityupdatesNew threat updates are automatically pushed to firewalls in the field with active security services, and take effect immediatelywithout reboots or interruptions.Bi-directional raw TCPinspectionThe RFDPI engine is capable of scanning raw TCP streams on any port bi-directionally preventing attacks that they to sneak byoutdated security systems that focus on securing a few well-known ports.Extensive protocol supportIdentifies common protocols such as HTTP/S, FTP, SMTP, SMBv1/v2 and others, which do not send data in raw TCP, and decodespayloads for malware inspection, even if they do not run on standard, well-known ports.APPLICATION INTELLIGENCE AND CONTROL1FeatureApplication controlDescriptionControl applications, or individual application features, that are identified by the RFDPI engine against a continuously expandingdatabase of over thousands of application signatures, to increase network security and enhance network productivity.Custom application identification Control custom applications by creating signatures based on specific parameters or patterns unique to an application in its networkcommunications, in order to gain further control over the network.Application bandwidthmanagementGranularly allocate and regulate available bandwidth for critical applications or application categories while inhibiting nonessentialapplication traffic.Granular controlControl applications, or specific components of an application, based on schedules, user groups, exclusion lists and a range ofactions with full SSO user identification through LDAP/AD/Terminal Services/Citrix integration.CONTENT FILTERING1FeatureDescriptionInside/outside content filteringEnforce acceptable use policies and block access to websites containing information or images that are objectionable orunproductive with Content Filtering Service.Enforced content filtering clientExtend policy enforcement to block internet content for Windows, Mac OS, Android and Chrome devices located outside thefirewall perimeter.Granular controlsBlock content using the predefined categories or any combination of categories. Filtering can be scheduled by time of day, such asduring school or business hours, and applied to individual users or groups.Web cachingURL ratings are cached locally on the SonicWall firewall so that the response time for subsequent access to frequently visited sitesis only a fraction of a second.ENFORCED ANTI-VIRUS AND ANTI-SPYWARE1FeatureDescriptionMulti-layered protectionUtilize the firewall capabilities as the first layer of defense at the perimeter, coupled with endpoint protection to block, virusesentering network through laptops, thumb drives and other unprotected systems.Automated enforcement optionEnsure every computer accessing the network has the most recent version of anti-virus and anti-spyware signatures installed andactive, eliminating the costs commonly associated with desktop anti-virus and anti-spyware management.Automated deployment andinstallation optionMachine-by-machine deployment and installation of anti-virus and anti-spyware clients is automatic across the network,minimizing administrative overhead.Always on, automatic virusprotectionFrequent anti-virus and anti-spyware updates are delivered transparently to all desktops and file servers to improve end userproductivity and decrease security management.Next-generation antivirusCapture Client uses a static artificial intelligence (AI) engine to determine threats before they can execute and roll back to aprevious uninfected state.Spyware protectionPowerful spyware protection scans and blocks the installation of a comprehensive array of spyware programs on desktops andlaptops before they transmit confidential data, providing greater desktop security and performance.18Requires added subscription

Feature summaryFirewallApplication identification2 Stateful packet inspection Application control DHCP server Reassembly-Free Deep Packet Inspection Application traffic visualization Bandwidth management DDoS attack protection(UDP/ICMP/SYN flood) Application component blocking Link aggregation (static and dynamic) Application bandwidth management Port redundancy Custom application signature creation A/P high availability with state sync Data leakage prevention A/A clustering Application reporting over NetFlow/IPFIX Inbou

JAR and APK. For complete endpoint protection, the SonicWall Capture Client combines next-generation antivirus technology with SonicWall's cloud-based multi-engine sandbox with optional integration with SonicWall firewalls. Capture Labs The dedicated, in-house SonicWall Capture Labs threats research team researches and develops