SonicWALL WXA – WAN Acceleration
Dennis Bergström, CISSPSonicWALL NordicTechnical Account Manager/SE
SonicWALL, Inc. Dynamic Security for the Global Network
2
SonicWALL, Inc. Dynamic Security for the Global Network
3
SonicWALL’s Legacy
4
Not only Next-Generation Firewalls – although they rock of course
SuperMassive™ E10000 Series
E-Class NSA Series
NSA Series
TZ Series
E10100 E10200 E10400 E10800
NSA E8500 NSA E7500 NSA E6500 NSA E5500
NSA 4500 NSA 3500 NSA 2400MX NSA 2400 NSA 240
TZ 210 Series TZ 200 Series TZ 100 Series
5
NSA E8510
Data centers, ISPs
Medium to largeorganizations
Branch offices andmedium sized organizations
Small and remote offices
Network Security
WAN Acceleration
Secure Remote Access
Email Security
Backup and Recovery
Policy & Management
SonicWALL Product Line-up
App Intell &Control
Virtual Access
Web App Firewall
Connect Mobile
Spike Access
Virtual Assist
Advanced Reporting
Native Access Modules
Spike Access
SSL VPNClient
Clean Wireless – SonicPoint-N Series
SonicWALL WXA Series
Copyright 2011 SonicWALL Inc. All Right Reserved7
WXA 5000WXA 2000WXA 4000
WXA 500 Live CD
What Does WAN Acceleration Do?
Improve Performance of Business Applications
Optimize Response Times for Critical Applications
Reduce Bandwidth Consumption
Reduce associated Bandwidth Costs
… Make the network appear faster!
Copyright 2011 SonicWALL Inc. All Right Reserved8
Have you ever…
…Collaborated with someone on a huge PowerPoint document with
• 10-15 revisions and passed the document back and forth?
• Did the collaboration over a slow internet connection?
…Accessed a large document on a shared site multiple times and downloaded the whole file every time?
Redundant data sent back and forth results in waiting, wasting bandwidth and productivity loss.
SonicWALL CONFIDENTIAL All Rights Reserved9
There is a need for WAN Acceleration
Copyright 2011 SonicWALL Inc. All Right Reserved10
Two front assault – the SonicWALL way
SonicWALL CONFIDENTIAL All Rights Reserved11
WAN Acceleration Step 1 – Shape!
Bandwidth manage and control applications
SonicWALL Application Intelligence, Control and Visualization
1550+ Applications (3600+ signatures)
Identify Applications
• Prioritize important traffic
• Block or restrict unimportant traffic
SonicWALL CONFIDENTIAL All Rights Reserved12
Goal:“Good Traffic” at the gateway with Application Intelligence & Control
Shape! – Choose your traffic
Unimportant AppsUnimportant AppsImportant AppsImportant Apps
13
Shape! - Application Intelligence
Unacceptable Apps
Acceptable Apps
Critical Apps
Malware Blocked
Application Chaos
Identify
Identify
Ingress
Reassembly-FreeDeep Packet Inspection
Categorize
Categorize ControlControl
Egress
Cloud-BasedExtra-FirewallIntelligence
Users/Groups Policy
Shape! – Get immediate insight for decisions
15
Shape! – Get your users to love you….
16
WAN Acceleration Step 2 – Accelerate!
Extremely Effective on:
Email, PowerPoint, Excel spreadsheets, Word docs, PDF
SharePoint, Collaboration sites
Files between 20Kb-20MB+
Small Localized Changes
Benefits:
Eliminate redundant traffic
Increase responsiveness
Improve user experience
SonicWALL CONFIDENTIAL All Rights Reserved17
How does it really work?Protocol Optimization
Reduce the chattiness of certain protocols like (WFS)
Optimizes protocols like Windows File Sharing (WFS), FTP, email
Makes an intelligent decision about the nature of the traffic to eliminate latency
Decreases round-trips and chattiness of certain protocols
SonicWALL CONFIDENTIAL All Rights Reserved18
With: WAN Acceleration
Before: WAN Acceleration
How does it really work?WFS Acceleration
Decrease the amount of data to be sent across the WAN =
Improves response times and transfer speeds when transfer files between remote locations.
File caching/de-duplication
Metadata caching (File directory information)
Active Directory Integration (The WXA becomes part of the domain)
SonicWALL CONFIDENTIAL All Rights Reserved19
How does it really work?Understanding Byte-Caching
SonicWALL CONFIDENTIAL All Rights Reserved20
Work.pptx8MB
VPN(1 Mbps)
8 MB / 1 Mbps = 62.5 Sec* 8 MB / 1 Mbps = 62.5 Sec
Total: 125 Sec = 2 Min, 5 Sec
Without Byte Caching: 1 MB Change, Transfer Everything
Work.pptx8MB
Work.pptx8MB
Work.pptx8MB
(1 Mbps = 1024 Kbps; 1024 Kbps / ( 8 Bits/Byte) = 128 Kbytes/Sec.; 8 MB = 8192 Kbytes; 8192/128 = 62.5 Sec.)
How does it really work?Understanding Byte-Caching
SonicWALL CONFIDENTIAL All Rights Reserved21
Work.pptx8MB
VPN(1 Mbps)
8 MB / 1 Mbps = 62.5 Sec
Work.pptx8MB
1 MB / 1 Mbps = 8 Sec
Total: 70.5 Sec = 1 min, 10.5 Sec50.5 Second Saving = 40% Savings
WITH Byte Caching: 1 MB Change, Transfer only the Change
(1 Mbps = 1024 Kbps; 1024 Kbps / ( 8 Bits/Byte) = 128 Kbytes/Sec.; 8 MB = 8192 Kbytes; 8192/128 = 62.5 Sec.)
How does it really work?Byte Caching
1. The WXA appliance builds and maintains dictionaries based on most commonly passed traffic
2. Data is replaced with tokens that the remote WXA can use to recognize and reconstruct data
3. WXA Series CONVEYS data across the WAN link.
SonicWALL CONFIDENTIAL All Rights Reserved22
How does it really work?What cannot be accelerated…
SonicWALL CONFIDENTIAL All Rights Reserved23
De-duplication/Byte-Caching Acceleration relies on detecting repetition
1) Within a single file/stream 2) Within a networkB A A A G Z A Web Page A Web Page A Web Page B Web Page A
File 1 File 2 File 1
Repetition signals an opportunity to optimize and accelerate.
However, some traffic cannot be accelerated Traffic that does not repeat High-entropy traffic
(Hint: These two types of traffic are connected)
How does it really work? What cannot be accelerated…
High-Entropy Traffic Encrypted traffic
SSL, IPSec
Compressed traffic
GZIP, RAR, 7zip, bzip
Video, Audio
Already optimized traffic
RDP, Citrix
Non-Repeating Traffic Single file in one direction
sent once
Single web page access
(High-Entropy Traffic)
SonicWALL CONFIDENTIAL All Rights Reserved24
This is how we do it!Simple Two-Site Deployment
Result
Traffic between two sites optimized with minimal configuration
SonicWALL CONFIDENTIAL All Rights Reserved25
You already know this!....
WXA Management through host SNWL firewall interface.
Firewall Takes Care of
Auto provisioning of the WXA hardware or software solution (similar to SonicPoints)
WXA license management
Firmware and configuration managed of the WXA appliance
Health check probes of the WXA appliance
26
Consolidated management Application ControlDeep Packet InspectionWan Acceleration
…and its really simple to get started!
Firewall decides what traffic needs to be accelerated
Default is “everything” that we can accelerate
Benefit: Decreases the amount of data sent over to the WXA for processing
SonicWALL CONFIDENTIAL All Rights Reserved27
Show me the money!
Visualizes the benefits of using WAN Acceleration
SonicWALL CONFIDENTIAL All Rights Reserved28
SonicWALL WXA Series
Copyright 2011 SonicWALL Inc. All Right Reserved29
WXA 5000WXA 2000WXA 4000
WXA 500 Live CD
SonicWALL WXA Series Overview
WXA 500 WXA 2000 WXA 4000 WXA 5000
Min. SonicOS Version
5.8.1 5.8.1 5.8.1 5.8.1
Recommended Users1 20 120 240 360
Max WAN Accel Flows
100 600 1200 1,800
Byte Caching Yes Yes Yes Yes
TCP Acceleration
Yes Yes Yes Yes
Compression Yes Yes Yes Yes
WFS Acceleration
Yes2 Yes Yes Yes
Visualization TCP/WFS TCP/WFS TCP/WFS TCP/WFS
Copyright 2011 SonicWALL Inc. All Right Reserved30
Choose anyone of these – they all speak WXA!
SuperMassive™ E10000 Series
E-Class NSA Series
NSA Series
TZ Series
E10100 E10200 E10400 E10800
NSA E8500 NSA E7500 NSA E6500 NSA E5500
NSA 4500 NSA 3500 NSA 2400MX NSA 2400 NSA 240
TZ 210 Series TZ 200 Series TZ 100 Series
31
NSA E8510
Data centers, ISPs
Medium to largeorganizations
Branch offices andmedium sized organizations
Small and remote offices
Thank you…
Dennis Bergström, CISSPSonicWALL NordicTechnical Account Manager/SE