The SonicWall TZ series of Unified Threat Management (UTM) firewalls is ideally suited for any organization that requires enterprise-grade network protection. SonicWall TZ series firewalls provide broad protection with advanced security services consisting of onbox and cloud-based anti-malware, anti-spyware, application control, intrusion prevention system (IPS), and URL filtering. To counter the trend of encrypted attacks, the TZ series has the processing power to inspect encrypted SSL/TLS connections: against the latest threats. Combined with Dell X-Series switches, selected TZ series firewalls can directly manage the security of these additional ports. Backed by the SonicWall Capture Threat Network, the SonicWall TZ series delivers continuous updates to maintain a strong network defense against cybercriminals. The SonicWall TZ series is able to scan every byte of every packet on all ports and protocols with almost zero latency and no file size limitations.
The SonicWall TZ series features Gigabit Ethernet ports, optional integrated 802.11ac wireless*, IPSec and SSL VPN, failover through integrated 3G/4G support, load balancing and network segmentation. The SonicWall TZ series UTM firewalls also provide fast, secure mobile access over Apple iOS, Google, Android, Amazon Kindle, Windows, Mac OS X and Linux platforms.
For wired and wireless small and home office environments, the SonicWall SOHO series delivers the same business-class protection large organizations.
Extensible architecture for extreme scalability and performance
The Reassembly-Free Deep Packet Inspection (RFDPI) engine is designed from the ground up with an emphasis on providing security scanning at a high performance level, to match both the inherently parallel and ever-growing nature of network traffic. When combined with multi-core processor systems, this parallel-centric software architecture scales up perfectly to address the demands of deep packet inspection at high traffic loads. The SonicWall TZ Series platform relies on processors that, unlike x86, are optimized for packet, crypto and network processing while retaining flexibility and programmability in the field – a weak point for ASICs systems. This flexibility is essential when new code and behavior updates are necessary to protect against new attacks that require updated and more sophisticated detection techniques.
Reassembly-Free Deep Packet Inspection (RFDPI) engine
The RFDPI engine provides superior threat protection and application control without compromising performance. This patented engine inspects the traffic stream to detect threats at Layers 3-7. The RFDPI engine takes network streams through extensive and repeated normalization and decryption in order to neutralize advanced evasion techniques that seek to confuse detection engines and sneak malicious code into the network. Once a packet undergoes the necessary preprocessing, including SSL decryption, it is analyzed against a single proprietary memory representation of three signature databases: intrusion attacks, malware and applications. The connection state is then advanced to represent the position of the stream relative to these databases until it encounters a state of attack, or another “match” event, at which point a pre-set action is taken. As malware is identified, the SonicWall firewall terminates the connection before any compromise can be achieved and properly logs the event. However, the engine can also be configured for inspection only or, in the case of application detection, to provide Layer 7 bandwidth management services for the remainder of the application stream as soon as the application is identified.
Security and protection
The dedicated, in-house SonicWall Capture Labs threat research team works on researching and developing countermeasures to deploy to the firewalls in the field for up-to-date protection. The team leverages more than one million sensors across the globe for malware samples, and for telemetry feedback on the latest threat information, which in turn is fed into the intrusion prevention, anti-malware and application detection capabilities. SonicWall firewall customers with current subscriptions are provided continuously updated threat protection around the clock, with new updates taking effect immediately without reboots or interruptions. The signatures on the appliances protect against wide classes of attacks, covering up to tens of thousands of individual threats with a single signature. In addition to the countermeasures on the appliance, all SonicWall firewalls also have access to SonicWall CloudAV, which extends the onboard signature intelligence with more than 20 million signatures, and growing. This CloudAV database is accessed via a proprietary light-weight protocol by the firewall to augment the inspection done on the appliance. With Geo-IP and botnet filtering capabilities, SonicWall next-generation firewalls are able to block traffic from dangerous domains or entire geographies in order to reduce the risk profile of the network.
Application intelligence and control
Application intelligence informs administrators of application traffic traversing the network, so they can schedule application controls based on business priority, throttle unproductive applications and block potentially dangerous applications. Real-time visualization identifies traffic anomalies as they happen, enabling immediate countermeasures against potential inbound or outbound attacks or performance bottlenecks. SonicWall application traffic analytics provide granular insight into application traffic, bandwidth utilization and security threats, as well as powerful troubleshooting and forensics capabilities. Additionally, secure single sign-on (SSO) capabilities enhance the user experience, increase productivity and reduce support calls. Management of application intelligence and control is simplified by using an intuitive web-based interface.
Flexible and secure wireless
Available as an optional feature, high-speed 802.11ac wireless* combines with SonicWall next-generation firewall technology to create a wireless network security solution that delivers comprehensive protection for wired and wireless networks.
This enterprise-level wireless performance enables WiFi-ready devices to connect from greater distances and use bandwidth-intensive mobile apps, such as video and voice, in higher density environments without experiencing signal degradation.
Firewall throughput: 300 Mbps
Full DPI throughput: 50 Mbps
Anti-malware throughput: 50 Mbps
IPS throughput: 100 Mbps
IMIX throughput: 60 Mbps
Max DPI connections: 10,000
New connections/sec: 1,800