SonicWALL UTM Firewall Overview
November 2010
Andy Barrow
SonicWALL Product Manager
+44 1753 797944
Who are SonicWALL?
SonicWALL was founded in February 1991 to develop standards-based, network infrastructure products to meet the needs of the small to medium business and education markets.
Today, SonicWALL’s Internet security and transaction security solutions are leading the way for a more diverse and secure Internet experience for small, medium and large enterprises.
04/19/232 CONFIDENTIAL All Rights Reserved
United States
BelgiumUnited KingdomGermanyFranceSpainItalyRussiaDubaiSwitzerlandSweden
Canada
JapanKoreaChinaHong KongSingaporeAustraliaBrazil
Mexico
India
The SonicWALL Global Presence
25 offices around the world Conducting business in over 50 countries
04/19/233 CONFIDENTIAL All Rights Reserved
Policy and Management
Business ContinuityBusiness Continuity
NetworkSecurityNetworkSecurity
ContentSecurityContentSecurity
MarketConvergence
Vendor /Technology
Convergence
End User /Channel
Convergence
Content Security
NetworkSecurity
BusinessContinuity
Policy andManagement
Inbound & OutboundContent Filtering
Anti—VirusAnti-SpywareAnti-SPAM
UnifiedThreat
Management
(Gateway AV, Anti-Spy, IPS)
SSL-VPN
Secure Backup and Recovery
Compliance
Patch Management
Policy Creation
MonitoringReporting
Management
Comprehensive & Continuous Protection for our End-UsersPredictable & Profitable Growth for our Channel Partners
Comprehensive & Continuous Protection for our End-UsersPredictable & Profitable Growth for our Channel Partners
Keep Businesses Running Increase IT Productivity
Manage Risks
How it all fits together
Recent 5 Star Awards – Across 4 Major Product Categories
UTM – Network Security SSL VPN – Remote Access Email Security Management
04/19/235 CONFIDENTIAL All Rights Reserved
Gartner Magic Quadrant - 2010
© 2005 SonicWALL, Inc. All Rights Reserved - Confidential6
Source: Gartner October 2010
Magic Quadrant for Unified Threat Management Appliances
CONFIDENTIAL All Rights Reserved7
What’s a firewall?
A firewall is a dedicated appliance which inspects network traffic passing through it, and denies or permits passage based on a set of rules. Wikipedia
04/19/23
Typical Deployment
04/19/238 CONFIDENTIAL All Rights Reserved
CONFIDENTIAL All Rights Reserved9
Why do I need a firewall?
To stop the wrong people getting into your network?
Identity theft is big business Cabinet Office study – Cost of ID fraud to UK = £1.7Bn every
year FBI – 27.3 Million Americans have been victims costing
$48Bn! Personal data is everywhere
DOB+ Address + fake utility bill = You 2.0 C/Card details – Traded world wide
New standards like PCI require you to have one
04/19/23
SonicWALL CONFIDENTIAL All Rights Reserved
Networking Drivers & Trends
10
Technology Trends
Growth in real-time & Internet based applications & communication
SaaS / Web 2.0
Virtualization of services
Employees increasing utilize network services – productive and unproductive
High speed and available information sharing is critical
Increases in bandwidth and volume of traffic
Business DriversBusiness Drivers
Reduction in operating costs
Focus on TCO
Mobilization of the workforce
Compliance
Outsourcing growth
Gaining competitive advantage
The Communications Landscape Is Rapidly Evolving
The Facts at Work
25% of employees do peer-to-peer file sharing at work
Equifax, 2007
16% of men and 8% of women admit viewing pornography at work
USA Today, 2007
25% of office internet traffic is non-business related
Burst Media Survey, 2008
04/19/2311 CONFIDENTIAL All Rights Reserved
Networks Exposed to New Threats
130% – The increase in unique malware found in the wild from July to November of 2008 (Kaspersky Labs)
4.2 million – The number of URLs around the world that harbor Malware(Source: IT Pro, 2007)
Result – Trojans and malware now outnumber viruses in terms of risk to a network(Kaspersky Labs)
04/19/2312 CONFIDENTIAL All Rights Reserved
Why do I need a new type of Firewall?
Because the Cyber criminals have got smarter. New and sneakier ways of getting in:
Trojans Worms Spyware Botnets
Applications like Instant Messenger and Skype create a hole in your firewall.
Recently, the FBI noted that 98% of organizations use firewalls, but that 56% of them had still experienced unauthorized network access.
04/19/2313 CONFIDENTIAL All Rights Reserved
What Are Employees Doing?
Web surfing Twitter, Facebook Downloading files Instant messaging Streaming video Web 2.0 applications Playing games Personal email
04/19/2314 CONFIDENTIAL All Rights Reserved
…and More Non-Traditional Malware
The PredictionMalware specifically disguised as "benign social networking links" will be the top threat to data security in 2009.(Georgia Tech's Information Security Center Emerging Cyber Threats Report for 2009)
The Reality
Target: LinkedIn
Set-up: Create bogus celebrity LinkedIn profiles
Lure: Place link to celebrity “videos” in profile
Attack: Download of “codec” required to view video
Infect: Codec is actually Malware
Result: System compromised
(Gregg Keizer, Computerworld Jan 7, 2009)
Beyonce
Kirsten Dunst
Christina Ricci
Kate Hudson
04/19/2315 CONFIDENTIAL All Rights Reserved
SonicWALL CONFIDENTIAL All Rights Reserved
New Risks
The New Paradigm of Network Communications Brings New Risk
SonicWALL CONFIDENTIAL All Rights Reserved
2010 Challenges
User PopulationUser Population
Expanding App UsageExpanding App Usage
Open Access to InternetOpen Access to Internet
Increase in “Unknown”Traffic
Increase in “Unknown”Traffic
Limited Control Over Content
Limited Control Over Content
Security Required By Application
Security Required By Application
Threats Aren’t Decreasing Increases in malware and malcode Threats go invisible
Poor Application Visibility Abundance of unknown application use Ports are ineffective at blocking
application use Network misuse is rampant
Increased Network Complexity Bandwidth efficiency is a top concern Admins want to manage and control
network traffic based on identity Ever-increasing thirst forBandwidth
Ever-increasing thirst forBandwidth
Network UseNetwork Use
SonicWALL CONFIDENTIAL All Rights Reserved
Current Solutions Present Challenges
Network safeguards are changing with threats; As threats move up the OSI model, inspection must be more complete and scalable
Application visibility is paramount to overcome the next generation of threats and productivity issues
Siloed solutions are the current response due to performance but multi-layered protection is the future
Current
Traditional Firewall
Threats
Legacy System Access
IDS/IDPBasic Applications
Worms
Application Access
Application Layer ThreatsProxy
Software Vulnerabilities
1
2
3
Required
Complete Inspection must span the communication spectrum
Complete Inspection must span the communication spectrum
SonicWALL CONFIDENTIAL All Rights Reserved
Next Generation Security Requirements
1. Consolidated & Integrated Security Technology Covering a Wide Spectrum of Content-based, File-based & Application
Layer Attacks
2. Application Visibility Inspection of Real-time & Latency Sensitive Applications/Traffic
3. Scalable & High Performing High Speed Protection Against Perimeter and Internal Network
Challenges
Solutions
Multi-Tiered Protection
Threats
Legacy System Access
Basic Applications
Worms
Application Access
Application Layer Threats
Software Vulnerabilities
DPI Firewall
IDP/IPS/File
App Layer
Real-time Prot.
What Is the Ideal Solution for Next Generation Protection?
Content Filter
Introducing SonicWALL’s UTM Firewall Appliances
SonicWALL CONFIDENTIAL All Rights Reserved
Next Generation NSA Architecture
21
SonicWALLSolution Features
1. Consolidated & Integrated Security Technology
2. Application Visibility - Inspection of Real-time & Latency Sensitive Applications/Traffic
3. Scalable & High Performing Enough to Protect Against Perimeter and Internal Network Challenges
Multi-Tiered Protection TechnologyMulti-Tiered Protection Technology
2010 SecurityRequirements
Re-Assembly Free DPI (RFDPI)Re-Assembly Free DPI (RFDPI)
Multi-Core High Perf. ArchitectureMulti-Core High Perf. Architecture
SonicWALL CONFIDENTIAL All Rights Reserved
Next-Generation Unified Threat Management
Application Visibility & Awareness with ReAssembly-Free DPI (RFDPI)
Revolutionary Multi-Core Performance for Ultimate Scalability
Best-In-Class Performance and Protection
Introducing the SonicWALL NSA and NSA E-Class Series
RTDPI Engine ArchitectureRTDPI Engine ArchitectureRTDPI Engine Architecture
Re-Assembly Free Design
++Multi-Core
++Unified Threat Protection
The SonicWALL® Network Security Appliance (NSA) Series - the first multi-core Unified Threat Management (UTM) platform that delivers application aware Unified Threat Management without compromising performance
RFDPI Engine ArchitectureRFDPI Engine Architecture
From the NSA240 through to the award winning E-Class E8500 with multi-Gigabit throughput
© 2005 SonicWALL, Inc. All Rights Reserved - Confidential23
SonicWALL Network Security Appliance Features
23
2. Ultimate Connectivity Secure IPSec Site-to-Site VPN Connectivity Exceptional User Policy Control and Access to Resources Wireless Mobility Network Availability
1. Security Integration Complete UTM Protection with Gateway Anti-Virus, Anti-Spyware and IDP Next Generation Application Firewall Content & Application Filtering “Clean VPN” Protection
3. Reliability & Optimization Highly Redundant Hardware – Power/Fans One Point of Network Control Business Application Prioritization & QoS Integrated Server Load Balancing Feature-set
4. Flexible Deployments Data Center, Campus & Department Network ApplicationsTransparent L2 Bridge Mode Integrated Wireless Switch Deployment Ease of Deployment & Management
SonicWALL Network Security Appliance Features
Multi-Function Security Integration Complete Threat Protection with Intrusion Prevention & Anti-
Malware/Virus/Spyware Content Control & URL Filtering Full “Enterprise” quality Integrated Anti-SPAM Protect whole infrastructures such as StoneWare Access
Application Visibility Integrated Application Firewall Policy control over Applications, Application use & File Types
Ultimate Connectivity “Clean VPN” Secure IPSec Site-to-Site VPN Connectivity,
Clean Wireless, Wireless Switch / Controller Exceptional User Policy Control and Access to Resources Integrated Wireless Switch offer “Clean Wireless”
Reliability, Optimization & Flexibility Highly Redundant Hardware – Power/Fans Business Application Prioritization & QoS Integrated Server Load Balancing Feature-set Flexible Deployments branch office, corporate & department
network Applications Award winning: Deployment & Management
Deep Packet FirewallDeep Packet Firewall
Clean VPN Clean VPN
Intrusion PreventionIntrusion Prevention
Anti-Malware Anti-Malware
Content FilteringContent Filtering
Bandwidth ManagementBandwidth Management
Application FirewallApplication Firewall
Full Ant-SPAMFull Ant-SPAM
Clean WirelessClean Wireless
04/19/2324 CONFIDENTIAL All Rights Reserved
SonicWALL CONFIDENTIAL All Rights Reserved
Introducing SonicOS 5.8
25
SonicOS 5.8 Redefines Deployment & Management Simplicity and Functionality
Application Firewall Feature Set
High Availability with statesync
Integrated Load Balancing
Application Bandwidth Management
Single Sign On
Fully Dynamic GUI
And more…
True L7 Application Intelligence
SonicWALL CONFIDENTIAL All Rights Reserved
Standard with CGSS on all models from TZ210 upwardsReal time application visibility and control of users / appsFully customisableFully integrated into UTM applianceSimple to manage
The answer is…Application Intelligence
Intelligence Reassembly Free Deep Packet Inspection Identify & categorise traffic by source / destination Identify & categorise traffic by application (not just port / protocol) Identify & categorise traffic by user / group (not just IP )
Control Intelligence based policy enforcement Application & content control with 3000+ applications Application level bandwidth management
Visualisation View network threats & trends in real time View application traffic by users View application bandwidth useage (ingress / egress)
04/19/2327 CONFIDENTIAL All Rights Reserved
The answer is… DPI – Reassmbly Free
Reassembly Free Deep Packet Inspection Avoid Latency (no buffering) Unique to SonicWALL
Deep packet Inspection Doesn’t just check the list It searches…Deep inside
…the data packet
All SonicWALL firewalls are Deep Packet inspection Firewalls
04/19/2328 CONFIDENTIAL All Rights Reserved
Layer 7 Application Visibility and Control
© 2010 SonicWALL, Inc. All Rights Reserved - Confidential29
SonicWALL CONFIDENTIAL All Rights Reserved
Deployment Flexibility
Deployments: Central Site, Distributed Networks, Layer 2 Bridge, Wireless Switch, Real-Time Application Protection
SonicWALL CONFIDENTIAL All Rights Reserved
Data CollectionData CollectionData CollectionData Collection Protection DevelopmentProtection DevelopmentProtection DevelopmentProtection Development Deployed ProtectionDeployed ProtectionDeployed ProtectionDeployed Protection
Data CollectionData CollectionData CollectionData Collection
010101010101010010101010101001010101010010101010100101010101010100101010101010010101001010
10100
010101010101010010101010101001010101010010101010100101010101010100101010101010010101001010
10100
24x7 Security Team24x7 Security Team24x7 Security Team24x7 Security Team
UTM AppliancesUTM AppliancesUTM AppliancesUTM Appliances
NSA Series
SonicWALL GRID Network
SonicWALL’s Global Response Internet Defense (GRID) Network works 24x7 by gathering and sharing security intelligence across all product platforms
Product Specifications
SonicWALL UTM product range
No. of users 0 to 10 10 to 25 25 to 50
Model TZ 100/w TZ 200/w TZ 210/w
Interfaces 5 Ethernet 5 Ethernet2 Gigabit/E + 4
Ethernet
Throughput 90 Mbps 200 Mbps 200 Mbps
UTM Through 25 Mbps 35 Mbps 50 Mbps
VPN Site toSite
5 10 15
Client IPSEC (max)
1 (25) 2 (10) 2 (25)
Client SSL (max)
0 (5) 2 (10) 2 (10)
50 to 75 75 to 150 150 to 300 300 to 700
NSA 240 NSA 2400 NSA 3500 NSA 4500
3 Gigabit/E + 6 Ethernet
6 Gigabit/E
600 Mbps 775 Mbps 1,5 Gbps 2,75 Gbps
110 Mbps 150 Mbps 240 Mbps 600 Mbps
25 75 800 1 500
2 (25) 10 (250) 50 (1 000) 500 (3 000)
2 (15) 2 (25) 2 (30) 2 (30)
700 to 10001000 to
15001500 to 5000
NSA E5500 NSA E6500 NSA E7500
8 Gigabit/E4 Gigabit/E + 4 Gigabit Fibre
4 Gbps 4,5 Gbps 5,6 Gbps
850 Mbps 1,6 Mbps 1,7 Gpbs
4 000 6 000 10 000
2 000 (4 000) 2 000 (6 000) 2 000 (10 000)
2 (50) 2 (50) 2 (50)
SMB Mid-Market Enterprise
04/19/2333
SonicWALL NEW UTM Appliance
04/19/2334 CONFIDENTIAL All Rights Reserved
Featuring :
4 Gigabit/E + 4SFP Interfaces8 GB Stateful Inspection throughput2.2GB UTM throughput
SonicWALL NSA E8500 UTM Appliance
SonicWALL CONFIDENTIAL All Rights Reserved35
NSA Series
NSA 5000 NSA 4500 NSA 3500 NSA 2400 MX NSA 2400 NSA 240
SonicOS Version Enhanced 5.8 Enhanced 5.8 Enhanced 5.8 Enhanced 5.8 Enhanced 5.8 Enhanced 5.8
Interfaces 6GE 6GE 6GE 16 GE 6GE 6GE
Stateful Firewall Throughput
1.8 Gbps 2.75 Gbps 1.5 Gbps 775 Mbps 775 Mbps 600 Mbps
UTM Throughput 1.2 Gbps 600 Mbps 240 Mbps 150 Mbps 150 Mbps 110 Mbps
UTM GAV Throughput
500 Mbps 690 Mbps 350 Mbps 160 Mbps 160 Mbps 115 Mbps
UTM IPS Throughput
680 Mbps 1.4 Gbps 750 Mbps 275 Mbps 275 Mbps 195 Mbps
3DES / AES VPN Performance
350 Mbps 1.0 Gbps 625 Mbps 300 Mbps 300 Mbps 150 Mbps
RAM 1GB 512 MB 512 MB 512 MB 512 MB 1GB
SSL-VPN Future SonicOS Future SonicOS Future SonicOS Future SonicOS Future SonicOS Future SonicOS
HA A/P w/Statesync A/P w/Statesync A/P w/Statesync A/P w/Statesync A/P w/Statesync A/P w/Statesync
E-Series Solution Statistics
NSA E8500* NSA E7500* NSA E6500* NSA E5500*
Node Count Unrestricted Unrestricted Unrestricted Unrestricted
SonicOS Version SonicOS Enhanced 5.8 SonicOS Enhanced 5.8 SonicOS Enhanced 5.8 SonicOS Enhanced 5.8
Multi-Core 16 Core 16 Core 600Mhz 16 Core 550Mhz 8 Core 550Mhz
Interfaces
(4) 10/100/1000 Copper Gigabit Ports, (4) SFP Ports, 1 Gbe HA port
(4) 10/100/1000 Copper Gigabit Ports, (4) SFP Ports,
1 Gbe HA port
(8) 10/100/1000 Copper Gigabit Ports, 1Gbe
HA port
(8) 10/100/1000 Copper Gigabit Ports, 1Gbe HA
port
Stateful Firewall Throughput 8 Gbps 5.6 Gbps 5 Gbps 3.9 Gbps
UTM Throughput 2.2 Gbps 1.7 Gbps 1.59 Gbps 850 Mbps
UTM GAV Throughput 2.25 Gbps 1.84 Gbps 1.69 Gbps 1.0 Gbps
UTM IPS Throughput 3.7 Gbps 2.58 Gbps 2.3 Gbps 2.0 Gbps
3DES/ AES VPN Performance 4 Gbps 3 Gbps 2.7 Gbps 1.7 Gbps
Power Supplies Dual Hot Swappable Dual Hot Swappable Single Power Supply Single Power Supply
Cooling System (Fans) Dual Hot Swappable Dual Hot Swappable Dual Hot Swappable Dual Hot Swappable
Visual Information Display Yes Yes Yes Yes
Console Port Yes Yes Yes Yes
Modular Expandability Yes (Future Use) Yes (Future Use) Yes (Future Use) Yes (Future Use)
* These are preliminary numbers subject to change // UTM, GAV, IPS tests performed using industry standard Spirent WebAvalance HTTP performance test
SonicWALL CONFIDENTIAL All Rights Reserved
Next Generation Protection, Today
1. The NSA and E-Class Series Integrates Security To Cover The Widest Spectrum of Content-based, File-based & Application Layer Attacks
2. The NSA and E-Class Series Is Designed to Increase Application Visibility - Delivering Real-time & Latency Sensitive Applications/Traffic For Future Proofed Investment
3. The NSA and E-Class Series Is the Most Highly Performing & Scalable Solution In Class
The Industry’s First Multi-core UTM Appliance delivering application visibility & deep packet inspection without significantly impacting network throughput
Competition
SonicWALL CONFIDENTIAL All Rights Reserved
Better Protection & PerformanceSolutions Are Not Created Equal
Deeper Inspection & Greater PerformanceDeeper Inspection & Greater Performance
0
500
1000
1500
2000
2500
3000
3500
4000
4500
NSA3500
NSA4500
NSA5000
ASA5520
ASA5510
FG300Aw HD
FG200Aw HD
FG100A
SSG-350M
SSG-320M
SSG140M
UTM-1-450
Perf
orm
an
ce (
Mb
ps)
FW Performance VPN Performance IPS Performance GAV Performance
*Competitive data obtained from vendor datasheet.*Competitive data obtained from vendor datasheet.
Better Protection & PerformanceSolutions Are Not Created Equal
Deeper Inspection & Greater Performance
SonicWALLNSA E7500
Juniper ISG2000
FortinetFortiGate
3000
Cisco ASA5550
CheckpointUTM-1 2050
Nokia IP390
Perf
orm
an
ce
(Mb
ps)
Firew all Performance VPN Performance GAV Performance IPS Performance
General USP’s
Total-protection – (GAV/IPS/Anti-Spyware) + AppF
Connectivity Fail-Over (W/W – UMTS)
Certified & Standards based – EAL4+
Price/Quality!
Distributed environments (many locations)
10% extra discount for government / schools
Secure Wireless Connectivity
Filtering on internet use (Content Filtering)
Offer support and licenses included
WHAT TO FIND – WHERE?
3 main resources:
www.sonicwall.com
https://partnerlink.sonicwall.com/emea/
www.mysonicwall.com