Dell Sonicwall NSA系列产品资料

合集下载

SonicWALL_NSA240_NSA2400_NSA3500_NSA4500_NSA5000

SonicWALL_NSA240_NSA2400_NSA3500_NSA4500_NSA5000
12,000
64
VPN 3DES/AES 吞吐量* 点对点 VPN 隧道 捆绑式全局 VPN 远程访问 的客户端许可证(最多) 加密/认证 密钥交换
L2TP/IPSec 证书支持 失效对端检测(DPD)
DHCP over VPN IPSec NAT 穿越 冗余 VPN 网关 全局 VPN 客户端支持的平台
灵活和可自定义的部署选项——NSA 系列一览
每一种 SonicWALL NSA 网络安全设 备解决方案都采用了突破性多核硬件 设计以及受到专利保护的免重组深度 包检测 TM(RFDPI)技术,针对各种 内部和外部网络保护,提供新一代统 一威胁管理保护,而无需牺牲网络性 能。每一款 NSA 系列产品都融合了高 速入侵防御、文档和内容检测、强大 的应用防火墙控制以及众多先进的、 具有高度灵活性的网络和配置功能。 NSA 系列所采用的平台不仅易用性 强,而且价格合理,便于在各种类型 的企业、分支机构和分布式网络环境 中部署和管理。
联网服务质量(QoS)特性利用行业标准的 802.1p 及差异化服务编码点(DSCP)服务类 别(CoS)指示符提供强大灵活的带宽管理, 这对 VoIP、多媒体内容及关键业务应用起到 至关重要的作用。
*美国专利 7,310,815——一种对数据流进行分析和封锁的方法和装置。
动态安全架构及管理
SonicWALL 实时 统nicWALL 深度包检测架构
清除的威胁及 非业务流量
干净的流量
防火墙 网关防病毒软件
反间谍软 件 入侵防御 内容过滤 应用控制
干净的 VPN
新出现的混合威胁
输入 流量
病毒 间谍软件 漏洞利用
正常
网络 I/O 引擎
带宽管理
磁盘整理工具 信息流指令

SonicWall NSa 4650 5650 6650 快速入门指南说明书

SonicWall NSa 4650 5650 6650 快速入门指南说明书

说明 无链路。 以 1 Gbps、100 Mbps 或 10 Mbps 的速率链接。 流量已激活。
LAN 旁路 LED LED 颜色
关 稳定的绿光
稳定的黄光
说明
已禁用 LAN 旁路,端口彼此隔离。
LAN 旁路已设防,但未激活。直到断电/重启等事件发生 时,才会隔离端口,从而激活旁路。
LAN 旁路处于活动状态,端口连接在一起。如果电源发生 故障,LED 将显示为关闭,但旁路仍处于活动状态。
8 使用设置向导
此 SonicOS 设置向导将帮助您快速配置 SonicWall 设备,以保护互联网连接 安全。 使用设置向导的步骤如下: 1 使用 192.168.1.0/24 子网中的静态 IP 地址(如 192.168.1.20)配置管理计算机上的
本地连接 IPv4 属性,并将子网掩码设置为 255.255.255.0。 您的计算机能通过 MGMT 接口连接至 SonicOS。 2 在计算机的 Web 浏览器中,输入默认的 MGMT IP 地址: http://192.168.1.254 3 在初始屏幕中,单击第一个链接 To launch the SonicWall Setup Guide, click here(如 需启动 SonicWall 设置指南,请单击此处)可启动 SonicOS 设置向导。 4 这将打开 SonicOS 设置指南。单击 NEXT(下一步)。
注:在“有线模式”下运行时,防火墙的 MGMT 接口用于本地管理。如需启 用远程管理和动态安全服务以及应用程序智能更新,必须配置 WAN 接口 (与有线模式接口分离)用于互联网连接。
• Tap Mode (1-Port Tap)(分接模式(1 端口分接))- 防火墙使用单个接口连接并接 收来自相邻交换机 SPAN 端口的镜像数据包。与“有线模式”中的“检测模式”相似, 但只有单一端口且不在流量的物理路径中。如果 Tap 模式在设置向导中不可用, 您可以稍后在 SonicOS 管理界面中进行配置。

sonicwall ssl vpn 配置手册

sonicwall ssl vpn 配置手册

SSL VPN设置SonicWALL NSA产品具有SSL VPN拨号功能,可以用SSLVPN客户端(Nextender)和防火墙建立SSL VPN连接,通过SSL VPN隧道访问到公司或组织内部网络。

SSL VPN只在NSA设备的5.2.0以后的系统中可以使用,如果你的系统版本低,需要下载新的系统版本,安装后才可以使用。

SSL VPN在防火墙中也是使用license进行控制的,所以在使用SSL VPN配置之前,请检查一下系统是否带有SSL VPN的license。

WAN 接口的General界面,Management, User Login, 都在HTTPS方框打勾。

选择SSL VPN->Client Setting.在Interface下拉框中,使用X0(LAN口)作为SSL VPN服务口,同时在WAN安全区域允许SSL VPN接入,点WAN是红色的按钮变成绿色。

需要注意到是,Nextender的地址范围要和内网接口(本例是X0 LAN)的地址范围一致。

这个地址范围不要和其它机器冲突。

(你可以启用防火墙的另外一个没有使用的端口做SSL VPN 服务接口,那么你在Interface界面选择那个接口,IP 地址池范围就是那个接口网段的地址)NetExtender Client Settings是配置客户端的细致的设置。

Create Client Connection Profile:可以使NetExtender Client客户端软件自动保存成功连接的配置,下次连接,直接选择这个连接的参数,不用手工再次输入了。

点击SSL VPN->Client Routes菜单下,把需要访问的服务器网段地址或服务器地址添加进去。

Client Route界面把允许SSL VPN用户访问的主机地址和网段加入即可。

防火墙自动创建SSL VPN到各个安全区域的规则,本例是SSL VPN用户访问LAN Primary Subnet,就是LAN口的整个网段,自动生成的防火墙规则在Firewall->Access Rules, SSL VPN->LAN界面可以看到。

SonicWALL NSA 240、2400、3500、4500、5000系列产品介绍

SonicWALL NSA 240、2400、3500、4500、5000系列产品介绍

二.功能及优点:
SonicWALL NSA 系列新一代安全产品结合了更高层次的 UTM 技术, 集成了入侵防 御、 网关防病毒及反间谍软件以及应用防火墙可配置工具套件, 以防止数据泄漏 以及提供细粒度应用控制。 可扩展多核硬件及免重组深度包检测扫描并清除任意大小文件中的威胁, 对并发 连接没有限制而且网速不减。 SonicWALL NSA 系列采用 SonicOS 5.0 增强版操作系统。 在 SonicOS 5.0 增强版 中的全状态同步高可用性及负载均衡功能可充分利用网络带宽, 保证最大的网络 正常运行时间, 让您随时能访问关键业务资源并且确保 VPN 隧道及其它网络流量 在故障切换时不会中断。 先进的尖端科技和性能以及更低的总拥有成本通过同 时使用多核处理能力而实现, 极大地增加了吞吐量和并行检测能力, 同时降低了 功耗。 先进的路由服务及网络功能结合了先进的网络安全技术,包括802.1q VLAN、 WAN/WAN容 错功能、基于域和对象的管理、负载均衡、先进的NAT模式及更多技术,为您供 供灵活的细粒度配置及全面的安全防护能力。 标准VoIP功能为VoIP基础架构的每一个单元,从通信设备到适用于VoIP的 设 备 , 如SIP Proxies、H.323 Gatekeepers以及Call Server,提供最高级别的安全保 护。 安全的分布式无线LAN服务让设备能够起到安全无线交换机及控制器的作用,它 能够自动侦别并配置SonicPointsTM,SonicWALL无线访问点保障了分布式网络环 境中的远程访问安全。 联网服务质量(QoS)特性利用行业标准的802.1p及差异化服务编码点(DSCP) 服务类别(CoS)指示符提供强大灵活的带宽管理,这对VoIP、多媒体内容及关 键业务应用起到至关重要的作用
五.主要功能模块:

SonicWall SonicWave系列无线无线访问点说明书

SonicWall SonicWave系列无线无线访问点说明书

SonicWall SonicWave series wireless access points (APs) combinehigh-performance IEEE 802.11ac Wave 2 wireless technology with flexible deployment options. These APs can be managed via the cloud using SonicWall WiFi Cloud Manager (WCM) or through SonicWall’s industry-leading next-generation firewalls. The resultis a solution that could be untethered from the firewall to provide a superior experience for WiFi users that’s as secure as any wired connection.The SonicWave solution is based on: • SonicWall SonicWave series indoor andoutdoor APs which support the 802.11acWave 2 wireless standard• SonicWall WCM is an intuitive, cloud-managed WiFi network managementsystem suitable for networks of any size • SonicWall TZ, NS a, NS sp, NSA andSuperMassive firewalls, which use deeppacket inspection technology to detectand eliminate threats over wired andwireless networksEnhanced user experience SonicWave APs take advantage of the capabilities in 802.11ac Wave 2 and advanced RF capabilities to deliverhigh-speed wireless performance.MU-MIMO technology allows the APs to communicate to multiple client devicesat the same time, improving the overall network performance, efficiency and user experience. In combination, mesh technology supported on SonicWave APs enables ease of installation and fewer cables and less manpower todeploy, reducing installation costs.With multiple transmitting and receivingantennas, SonicWave APs are engineeredto optimize signal quality, range andreliability for wireless devices. SonicWaveAPs supports fast roaming, so that userscan roam from one location to anotherseamlessly. Feature-rich portfolioincludes air-time fairness, band steering,and signal analysis tools for monitoringand troubleshooting.Best-in-class wireless securitySonicWall firewalls scan all wirelesstraffic coming into and going outof the network using deep packetinspection technology and then removeharmful threats such as malware andintrusions, even over SSL/TLS encryptedconnections. Other security and controlcapabilities such as content filtering,application control and intelligence andCapture Advanced Threat Protection(ATP) provide added layers of protection.Capture ATP is our award-winning multi-engine sandboxing service that featuresSonicWall’s patent-pending Real-TimeDeep Memory Inspection (RTDMI)technology. The RTDMI engine of CaptureATP proactively detects and blocks massmarket, zero-day threats and unknownmalware by inspecting directly in memory.Because of the real-time architecture,SonicWall RTDMI technology is precise,minimizes false positives, and identifiesBenefits:• Enhanced user experience−802.11ac Wave 2−Auto channel selection−RF spectrum analysis−AirTime Fairness−Fast roaming• Best-in-class wireless security−Dedicated third scanning radio−Capture ATP and content filteringservice−Deep packet inspection technology−SSL/TLS decryption andinspection−Wireless intrusion detection andprevention• Intuitive cloud management−Alerts and rich analytics−Automatic firmware updates• Simplified firewall management−Auto-detection and provisioning−Wireless signal analysis tools−Single-pane-of-glass management• Zero-Touch Deployment powered bySonicWiFi app−Easy registration and onboarding−Auto-detection and auto-provisioning−App available on iOS and Android• Design with WiFi Planner−Advanced wireless site survey−Cloud-based tool• Ruggedized outdoor designSonicWave and SonicPoint Series Wireless Access PointsSecure, flexible, high-performance wireless solutionsSonicWave APs perform advancedsecurity services, including the Content Filtering Service (CFS) and Capture ATPsandbox service independently — even where firewalls are not deployed.Most SonicWave APs includes threeradios, where the third radio is dedicated to security and performs rogue APdetection, passive scanning and packet capturing. The SonicWave solution also integrates additional security-related features including wireless intrusion detection and prevention, virtual APsegmentation, wireless guest services, RF monitoring and wireless packet capture.Intuitive cloud managementSonicWall WCM provides an intuitive user interface to manage all SonicWave APs from a single pane of glass via SonicWall Capture Security Center (CSC). Easily monitor and manage networks with alerts and rich analytics updated in real-time. Always stay up-to-date with the current features and enhancements from the latest firmware. Updates are pushed automatically to APs, eliminating manual updates and chances of human error.Simplified firewall managementDeployment and setup of APs aregreatly simplified, reducing total cost of ownership. Optionally, SonicWave APs can be managed by SonicWall next-gen firewalls. Integrated into every SonicWallfirewall is a wireless controller that auto-detects and auto-provisions SonicWave APs across the network.Management and monitoring for wireless and security are handled centrallythrough the firewall or through SonicWall Global Management System, providing network administrators with a single pane of glass from which to manage all aspects of the network.Zero-Touch Deployment (ZTD) powered by SonicWiFi appEasily register and onboard SonicWave APs with the help of SonicWall SonicWiFi mobile app. The APs are automatically detected and provisioned with Zero-Touch Deployment. Available on iOS and Android, SonicWiFi mobile app lets network admins monitor and manage networks, or set up mesh.Design with WiFi PlannerSonicWall WiFi planner is a cloud-based, advanced wireless site survey tool that enables to optimally design and deploy a wireless network for enhanced wireless user experience.Ruggedized outdoor designSonicWave outdoor APs are built towithstand rough outdoor conditions with industrial-grade enclosure. These APs are IP67 rated, which ensures protection against dust and water immersion.LED indicatorsMounting tab lock pointMounting tab insert pointinsert point LAN/POE port12V AdaptorportReset button5GHz RadioSonicWave 224w – The Wall Mount APPortsLED indicatorsMounting tabinsert pointPass through punchLAN 4/PoE out12V adapterinsert pointMounting peg slotMounting peg slotMounting bracketlock pointGround5Ghz antenna connectorport2.4Ghz antenna connectorExternal high-gain antennasLED indicatorsPortsSonicWave 432i - The Indoor APInternal antennasLED indicatorsPortsWLANSonicWave 432o - The Outdoor APExternal 2.4 GHz and 5 GHzExternal 2.4 GHz and 5 GHzhigh-gain antennasOutLED indicators*When used with a SonicWall firewall**When used with SonicWall Secure Mobile Access Series applianceSonicPoint Series SpecificationsFor organizations with a substantial investment in 802.11ac clients, the SonicWall SonicPoint series features dual radios, high-speed 802.11ac performance, 3x3 SU-MIMO and all the security advantages that SonicWall Wireless Network Security solutions offer.SonicPoint Series PoE Injector SpecificationsOperating humidity Maximum 90%, Non-condensing Maximum 90%, non-condensing Storage temperature–4º to 158ºF (–20º to 70ºC)-4 to 158 °F, -20 to 70 °C Storage humidity Maximum 95%, Non-condensing Maximum 95%, non-condensingSonicWave Feature SummaryFeature DescriptionReassembly-Free Deep Packet Inspection technology SonicWall next-generation firewalls tightly integrate Reassembly-Free Deep Packet Inspection (RFDPI) technology to scan all inbound and outbound traffic on wired and wireless networks and eliminate intrusions, ransomware, spyware, viruses and other threats before they enter the network.Real-Time Deep Memory Inspection (RTDMI) This patent-pending cloud-based technology detects and blocks malware that does not exhibit any malicious behavior and hides its weaponry via encryption. By forcing malware to reveal its weaponry into memory, the RTDMI engine proactively detects and blocks mass-market, zero-day threats and unknown malware.SSL/TLS decryption and inspection The SonicWall firewall decrypts and inspects SSL/TLS traffic on the fly, without proxying, for malware, intrusions and data leakage, and applies application, URL and content control policies in order to protect against threats hidden in SSL/TLS-encrypted traffic.Dedicated third scanning radio Most SonicWave access points include a dedicated that performs continual scanning of the wirelessspectrum for rogue access points plus additional security functions that help with PCI compliance.Wireless intrusion detection and prevention Wireless intrusion detection and prevention scans the wireless network for unauthorized (rogue) access points and then the managing firewall automatically takes countermeasures, such as preventing any connections to the device.Wireless guest services Wireless guest services enables administrators to provide internet-only access for guest users. This access is separate from internal access and requires guest users to securely authenticate to a virtual access point before access is granted.Lightweight hotspot messaging Lightweight hotspot messaging extends the SonicWall wireless guest services model of differentiated internet access for guest users, enabling extensive customization of the authentication interface and the use of any kind of authentication scheme.Captive portal Captive portal forces a user’s device to view a page and provide authentication through a web browserbefore internet access is granted.Virtual access point segmentation Administrators can create up to eight SSIDs on the same access point, each with its own dedicated authentication and privacy settings. This provides logical segmentation of secure wireless network traffic and secure customer access.Low TCO Features such as simplified deployment, single pane of glass management for both wireless and security, and no need to purchase a separate wireless controller drastically reduce an organization’s cost to add wireless into a new or existing network infrastructure.MiFi extender MiFi Extender enables the attachment of a 3G/4G/LTE modem to the SonicWave access point for useas either the primary WAN or as a secondary failover WAN link for business continuity.Bluetooth Low Energy SonicWave access points include a Bluetooth Low Energy radio that enables the use of ISM (industrial, scientific and medical) applications for healthcare, fitness, retail beacons, security and home entertainment over a low energy link.USB port Access points with USB port supports 3G/4G failover. Plug in a dongle to the port and networkcontinues to function over cellular connection, in case of WiFi network outage.Green access points SonicWave access points reduce costs by supporting green access points, which enables both radios to enter sleep mode for power saving when no clients are actively connected. The access point will exit sleep mode once a client attempts to associate with it.For a complete list of SKUs please contact your local SonicWall resellerFor a complete list of SKUs please contact your local SonicWall resellerSonicWall Wireless PromoThe SonicWall wireless promo provides next-gen security solutions to protect against advanced threats across wired and wireless networks, making the transformation seamless for businesses and enterprises. Leverage powerful end-to-end security, visibility and control. Ultimately, benefit from superior performance and provide exceptional user experience.Wireless promo ordering informationDescriptionUS SKUINTL SKUSonicWall TZ500 TotalSecure Advanced, Secure Wireless (2 SonicPoint ACe Access Points with PoE) - 3 Year 02-SSC-101002-SSC-1059SonicWall TZ600 TotalSecure Advanced, Secure Wireless (2 SonicPoint ACe Access Points with PoE) - 3 Year 02-SSC-104602-SSC-1060SonicWall NSA 2600 TotalSecure Advanced, Secure Wireless (2 SonicPoint ACe Access Points with PoE) - 3 Year 02-SSC-104702-SSC-1061SonicWall NSA 3600 TotalSecure Advanced, Secure Wireless (2 SonicPoint ACe Access Points with PoE) - 3 Year 02-SSC-104802-SSC-1062SonicWall TZ300 TotalSecure Advanced, Secure Wireless (2 SonicPoint N2 Access Points with PoE) - 3 Year 02-SSC-107402-SSC-1077SonicWall TZ400 TotalSecure Advanced, Secure Wireless (2 SonicPoint N2 Access Points with PoE) - 3 Year 02-SSC-107502-SSC-1078SonicWall TZ500 TotalSecure Advanced, Secure Wireless (2 SonicPoint N2 Access Points with PoE) - 3 Year 02-SSC-107602-SSC-1079SonicWall NSA 2600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432e Access Ponts, No PoE) - 3 Year 02-SSC-105002-SSC-1063SonicWall NSA 3600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432e Access Ponts, No PoE) - 3 Year 02-SSC-105102-SSC-1064SonicWall NSA 4600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432e Access Ponts, No PoE) - 3 Year 02-SSC-105202-SSC-1065SonicWall NSA 2600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432i Access Ponts, No PoE) - 3 Year 02-SSC-105302-SSC-1066SonicWall NSA 3600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432i Access Ponts, No PoE) - 3 Year 02-SSC-105402-SSC-1067SonicWall NSA 4600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432i Access Ponts, No PoE) - 3 Year 02-SSC-105502-SSC-1068SonicWall NSA 2600TotalSecure Advanced, Secure Wireless (2 SonicWave 432o Access Ponts, No PoE) - 3 Year 02-SSC-105602-SSC-1069SonicWall NSA 3600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432o Access Ponts, No PoE) - 3 Year 02-SSC-105702-SSC-1070SonicWall NSA 4600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432o Access Ponts, No PoE) - 3 Year 02-SSC-105802-SSC-1071SonicWall TZ300 PoE TotalSecure Advanced, Secure Wireless (2 SonicPoint N2 Access Points) - 3 Year 02-SSC-136102-SSC-1369SonicWall TZ300 PoE TotalSecure Advanced, Secure Wireless (2 SonicPoint ACe Access Points) - 3 Year 02-SSC-136202-SSC-1370SonicWall TZ600 PoE TotalSecure Advanced, Secure Wireless (2 SonicPoint ACe Access Points) - 3 Year 02-SSC-136302-SSC-1371SonicWall TZ300 PoE TotalSecure Advanced, Secure Wireless (1 SonicWave 432i Access Point) - 3 Year 02-SSC-136402-SSC-1372SonicWall TZ600 PoE TotalSecure Advanced, Secure Wireless (2 SonicWave 432i Access Points) - 3 Year 02-SSC-136502-SSC-1373SonicWall TZ300 PoE TotalSecure Advanced, Secure Wireless (1 SonicWave 432e Access Point) - 3 Year 02-SSC-136602-SSC-1374SonicWall TZ600 PoE TotalSecure Advanced, Secure Wireless (2 SonicWave 432e Access Points) - 3 Year 02-SSC-136702-SSC-1375SonicWall TZ600 PoE TotalSecure Advanced, Secure Wireless (2 SonicWave 432o Access Points) - 3 Year02-SSC-136802-SSC-1376About SonicWallSonicWall has been fighting the cybercriminal industry for over 27 years defending small and medium businesses, enterprises and government agencies worldwide. Backed by research from SonicWall Capture Labs, our award- winning, real-time breach detection and prevention solutions secure more than a million networks, and their emails, applications and data, in over 215 countries and territories. These organizations run more effectively and fear less about security. For more information, visit or follow us on Twitter , LinkedIn , Facebook and Instagram.。

SonicWall_UTM一体化网络安全简化版改NSA 2400 MX

SonicWall_UTM一体化网络安全简化版改NSA 2400 MX

SonicWall UTM一体化网络安全解决方案前言随着计算机技术的发展,互联网已经成为最大的公共数据网络,在全球范围内实现并促进了个人通信和商业通信。

互联网和企业网络上传输的数据流量每天都以指数级的速度迅速增长。

越来越多的通信都通过电子邮件进行;移动员工、远程办公人员和分支机构都利用互联网来从远程连接他们的企业网络。

但是这个庞大的网络及其相关的技术为不断增长的安全威胁提供了可乘之机,因而企业必须学会保护自己免受这些威胁的危害。

在捍卫网络安全的过程中,防火墙受到人们越来越多的青睐。

作为一种提供信息安全服务、实现网络和信息安全的基础设施,防火墙采用将内部网和公众网如Internet分开的方法,可以作为不同网络或网络安全域之间信息的出入口,根据企业的安全策略控制出入网络的信息流。

再加上防火墙本身具有较强的抗攻击能力,能有效地监控内部网和Internet之间的任何活动,从而为内部网络的安全提供了有力的保证。

1.1 XX公司网络现状分析:随着技术的发展,各种入侵和攻击从针对TCP/IP协议本身弱点的攻击转向针对特定系统和应用漏洞的攻击,如针对Windows系统和Oracle/SQL Server等数据库的攻击,这些攻击和入侵手段封装在TCP/IP协议的净荷部分。

传统的UTM设备如第一代的包过滤UTM,第二代的应用代理UTM到第三代的全状态检测UTM对此类攻击无能为力,因为它们只查TCP/IP协议包头部分而不检查数据包的内容。

此外基于网络传播的病毒及间谍软件也给互联网用户造成巨大的损失。

同时层出不穷的即时消息和对等应用如MSN,QQ,BT等也带来很多安全威胁并降低员工的工作效率。

如今的安全威胁已经发展成一个混合型的安全威胁,传统的防火墙设备已经不能满足客户的安全需求。

1.2 XX公司网络简述:XX公司现有的网络属于紧缩核心层结构,通过核心交换机进行快速转发,与接入层交换机实现全网畅通,通过一台路由器与外网互连。

Dell SonicWALL SRA系列产品说明说明书

Dell SonicWALL SRA系列产品说明说明书

The Dell SonicWALL Secure Remote Access (SRA) Series provides mobile and remote workers using smartphones, tablets or laptops — whether managed or unmanaged BYOD — with fast, easy, policy-enforced access to mission-critical applications, data and resources, without compromising security.For mobile devices, the solution includes the intuitive Dell SonicWALL Mobile Connect app that provides iOS, Android, Kindle Fire, Windows, and Mac OS X devices secure access to allowed network resources, including shared folders, client-server applications, intranet sites and email.Users and IT administrators can download the Mobile Connect appvia the Apple App Store, Google Play and the Kindle store and Windows 8.1 smartphones, tablets and laptops ship pre-installed with the MobileConnect app. The solution also supports clientless, secure browser access, including support for industry standard HTML 5 browsers and thin-client VPN access for PCs and laptops, including Windows, Mac OS X and Linux computers.To protect from rogue access and malware, the SRA Series appliance connects only authorized users and trusted devices to permitted resources. When integrated with a Dell SonicWALL next-generation firewall as a Clean VPN, the combined solution delivers centralized access control, malware protection, application control and content filtering. The multi-layered protection of Clean VPN decryptsand decontaminates all authorized SSL VPN traffic before it enters the network environment.Why you need SRAThe proliferation of mobile devicesin the workplace has increasedthe demand for secure access to mission-critical applications, data and resources. Granting that access offers important productivity benefits to the organization, but introduces significant risks as well.For example, an unauthorized person might access company resources usinga lost or stolen device; an employee’s mobile device might act as a conduitto infect the network with malware; or corporate data might be intercepted over third-party wireless networks. Also, loss of business data stored on devices can occur if rogue personal apps or unauthorized users gain access to that data.Securing these devices is becoming increasingly difficult, as organizations may no longer influence device selection or control device management. Organizations must implement solutions that safeguard access to ensure only authorized users and devices that meet security policy are granted network access, and that company data in-flight and at rest on the device are secure. Unfortunately, this often involves complex multi-box solutions from multiple vendors and adds significantly to the total cost of ownership behind providing mobile access. Organizations are lookingfor easy-to-use, cost-effective and secure mobile access solutions that address the needs of their increasingly mobile workforces.Secure RemoteAccess SeriesEnable mobile and remote worker productivity whileprotecting from threatsBenefits:• Single access gateway to all networkresources, via mobile app, clientlessor web-delivered clients, works tolower IT overhead and TCO• Common user experience across alloperating systems facilitates ease ofuse from any endpoint• Mobile Connect app for iOS,Android, Windows 8.1 and Mac OS Xoffers mobile device ease of use• Context aware authenticationensures only authorized usersand trusted mobile devices aregranted access• One-click secure intranet file browseand on-device data protection• Adaptive addressing and routingdeploys appropriate access methodsand security levels• Setup wizard makes deployment easy• Efficient object-based policymanagement of all users, groups,resources and devices• Web Application Firewall enablesPCI complianceFeaturesSingle access gateway for mobile app, clientless or web-delivered clients — SRA lowers IT costs by enabling network managers to easily deploy and manage a single secure access gateway that extends remote access via SSL VPN for both internal and external users to all network resources — including web-based, client/server, host-based (suchas virtual desktop) and back-connect applications (such as VoIP). SRAs are either clientless with browser access to the customizable SRA Workplace portal or use mobile apps or lightweight web-delivered clients, reducing management overhead and support calls.Common user experience across all operating systems — SRA technology provides transparent access tonetwork resources from any network environment or device. An SRA provides a single gateway for smartphone, tablet, laptop and desktop access anda common user experience across all operating systems — including Windows, Mac OS X, iOS, Android, Kindle and Linux — from managed or unmanaged devices. Mobile Connect app — Mobile Connect app for iOS, Mac OS X, Android, Kindle and Windows 8.1 mobile devices provides users with easy, network-level access to corporate and academic resources over encrypted SSL VPN connections. Mobile Connect is easily downloadable from the Apple App Store, Google Play or Kindle store and embedded with Windows 8.1 devices.Context awareness — Access to the corporate network is granted only after the user has been authenticated and mobile device integrity has been verified.Protects data at rest on mobile devices — Authenticated users can securely browse and view allowed intranet file shares and files from within the Mobile Connect app. Administrators can establish and enforce mobile application management policy. Adaptive addressing and routing — Adaptive addressing and routing dynamically adapts to networks, eliminating conflicts common with other solutions.Setup wizard — All SRAs are easy toset up and deploy in just minutes. The set-up wizard provides an easy, intuitive “out-of-the-box” experience with rapid installation and deployment.Unified policy — SRA unified policy offers easy, object-based policy management of all users, groups, resources and devices whileenforcing granular control basedon both user authentication and endpoint interrogation.Dell SonicWALL SRA Series – anytime, anywhere accessSimple, secure mobile access to resourcesThe SRA Series can be used to provide Windows, Mac OS X, iOS, Linux, Android and Kindle users with access to a broad range of resources.Granular access to authorized users The SRA Series extends secure mobile and remote access beyond managed employees to unmanaged mobile and remote employees, partners and customers by employing policy-enforced fine-grained access controls.Employee on corporate laptop in hotelEmployee on home computer Employee onsmartphone/tablet Employee at kiosk Authorized partner Authorized customerContext-aware authenticationBest-in-class, context-aware authentication grants access only to trusted devices and authorized users. Mobile devices are interrogated for essential security information suchas jailbreak or root status, device ID, certificate status and OS versions prior to granting access. Laptops and PCsare also interrogated for the presenceor absence of security software, client certificates, and device ID. Devices that do not meet policy requirements are not allowed network access and the user is notified of non-compliance.Protection of data at rest onmobile devicesAuthenticated Mobile Connect userscan securely browse and view allowed intranet file shares and files from within the Mobile Connect app. Administrators can establish and enforce mobile application management policy for the Mobile Connect app to control whether files viewed can be opened in other apps (iOS 7 and newer), copied to the clipboard, printed or cached securely within the Mobile Connect app. For iOS 7 and newer, this allows administrators to isolate business data from personal data stored on the device and reduces the risk of data loss. In addition, if the user’s credentials are revoked, content stored in the Mobile Connect app is locked and can no longer be accessed or viewed.Clean VPNWhen deployed with a Dell SonicWALL next-generation firewall, Mobile Connect establishes a Clean VPN, an extra layer of protection that decrypts and scans all SSL VPN traffic for malware before it enters the network.Web Application Firewall andPCI complianceThe Dell SonicWALL Web Application Firewall Service offers businesses a complete, affordable, well integrated compliance solution for web-based applications that is easy to manage and deploy. It supports OWASP Top Tenand PCI DSS compliance, providing protection against injection and cross-site scripting attacks (XSS), credit card and Social Security number theft, cookie tampering and cross-site request forgery (CSRF). Dynamic signature updatesand custom rules protect againstknown and unknown vulnerabilities. Web Application Firewall can detect sophisticated web-based attacks and protect web applications (includingSSL VPN portals), deny access upon detecting web application malware,and redirect users to an explanatory error page. It provides an easy-to-deploy offering with advanced statistics and reporting options for meeting compliance mandates.Incoming traffic is seamlesslyforwarded by the Dell SonicWALL NSA or TZ Series firewall to the Dell SonicWALL SRA appliance, which decrypts and authenticates network traffic.Users are authenticated using theonboard database or through third-party authentication methods such as LDAP,Active Directory, Radius, Dell Defender and other two-factor authentication solutions.A personalized web portal provides access to only those resources that the user is authorized to view based on company policies.To create a Clean VPN environment, traffic is passed through to the NSA or TZ Series firewall (running gateway anti-virus, anti-spyware, intrusion prevention, and application intelligence and control), where it is fully inspected for viruses, worms, Trojans, spyware and other sophisticated threats.2134Simple to manageSRA Series solutions feature unified policy and an intuitive web-based management interface that offers context-sensitive help to enhanceusability. In addition, multiple products can be centrally managed using the Dell SonicWALL Global Management System (GMS 4.0+). Resource access via the products can be effortlessly monitored using the Dell SonicWALL Analyzer reporting tool.Specifications1The recommended number of users supported is based on factors such as access mechanisms, applications accessed and application traffic being sent. 2Available in conjunction with Secure Virtual Assist for SRA 4600 and SRA Virtual Appliances only.3Refer to the latest SRA release notes and admin guide for supported configurations.4Botnet filtering and Geolocation-based policies require an active support contract to be in place on the hardware or virtual appliance.© 2015 Dell, Inc. ALL RIGHTS RESERVED. Dell, Dell Software, the Dell Software logo and products—as identified in this document—are registered trademarks of Dell, Inc. in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their respective owners.Dell Software5 Polaris Way, Aliso Viejo, CA 92656 | If you are located outside North America, you can find local office information on our Web site.DataSheet-SonicWALL-SRASeries-US-VG-25825SRA 1600, 5 user ...................................01-SCC-6594SRA 1600 additional users (50 user maximum)Add 5 Concurrent users ..........................01-SSC-7138Add 10 Concurrent users ........................01-SSC-7139SRA 1600 supportDell SonicWALL Dynamic Support24x7 for up to 25 Users (1-year) ............01-SSC-7141Dell SonicWALL Dynamic Support8x5 for up to 25 Users (1-year) ..............01-SSC-7144Dell SonicWALL SRA for SMB SeriesSRA 4600, 25 user .................................01-SSC-6596SRA 4600 additional users (500 user maximum)Add 10 Concurrent Users ........................01-SSC-7118Add 25 Concurrent Users ........................01-SSC-7119Add 100 Concurrent Users......................01-SSC-7120SRA 4600 SupportDell SonicWALL Dynamic Support24x7 for up to 100 Users (1-year) ..........01-SSC-7123Dell SonicWALL Dynamic Support8x5 for up to 100 users (1-year).............01-SSC-7126Dell SonicWALL Dynamic Support24x7 for 101 to 500 users (1-year) .........01-SSC-7129Dell SonicWALL Dynamic Support8x5 for 101 to 500 users (1-year)...........01-SSC-7132Dell SonicWALL SRA Virtual Appliance,5 User .........................................................01-SSC-8469SRA virtual appliance additional users (50 user maximum)Add 5 concurrent users ..........................01-SSC-9182Add 10 concurrent users ........................01-SSC-9183Add 25 concurrent users ........................01-SSC-9184SRA Virtual Appliance supportDell SonicWALL Dynamic Support8x5 for up to 25 users (1-year) ..............01-SSC-9188Dell SonicWALL Dynamic Support24x7 for up to 25 users (1-year) .............01-SSC-9191Dell SonicWALL Dynamic Support8x5 for up to 50 users (1-year)..............01-SSC-9194Dell SonicWALL Dynamic Support24x7 for up to 50 users (1-year) .............01-SSC-9197For more information on Dell SonicWALL Secure Remote Access solutions, visit .For more information Dell SonicWALL5455 Great America Parkway Santa Clara, CA T +1 408.745.9600F +1 408.745.9300。

SonicWall全球管理系统(GMS)产品说明说明书

SonicWall全球管理系统(GMS)产品说明说明书

SONICWALL GLOBAL MANAGEMENT SYSTEM Comprehensive security management, monitoring, reporting and analyticsA winning security management strategy demands deep understanding of the security environment to promote better policy coordination and decisions. Not having an enterprise-wide view of the full security construct often leaves organizations at risk to preventable cyber-attacks and compliance violations. Using numerous tools running on different platforms and reporting data in different formats make security analytics and reporting operationally inefficient. This further impairs the organization’s ability to quickly recognize and respond to security risks. Organizations must establish a systematic approach to governing the network security environment to overcomethese challenges.SonicWall Global Management System (GMS) solves these challenges. GMS integrates management and monitoring, analytics, forensics andaudit reporting. This forms thefoundation of a security governance,compliance and risk managementstrategy. The feature-rich GMS platformgives distributed enterprises, serviceproviders and other organizations afluid, holistic approach to unifying alloperational aspects of their securityenvironment. With GMS, security teamscan easily manage SonicWall firewall,wireless access point, email security andsecure mobile access solutions, as wellas third-party network switch solutions.This is all done via a controlled andauditable work-stream process to keepnetworks sharp, safe and compliant.GMS includes centralized policymanagement and enforcement, real-time event monitoring, granular dataanalytics and reporting, audit trails,and more, under a unifiedmanagement platform.Benefits:• Establishes a unified securitygovernance, compliance and riskmanagement security program• Adopts a coherent and auditableapproach to security orchestration,forensics, analytics and reporting• Reduces risk and provide a fastresponse to security events• Provides an enterprise-wide view ofthe security ecosystem• Automates workflows and assuressecurity operation compliance• Reports on HIPAA, SOX, and PCI forinternal and external auditors• Deploys fast and easy with software,virtual appliance or cloud deploymentoptions — all at a low cost.GOVERNS CENTRALLY• Establish an easy path to comprehensive security management, analytic reporting and compliance to unify your network security defense program• Automate and correlate workflowsto form a fully coordinated security governance, compliance and risk management strategy COMPLIANCE• Helps make regulatory bodies andauditors happy with automatic PCI,HIPAA and SOX security reports• Customize any combination of securityauditable data to help you move towardsspecific compliance regulationsRISK MANAGEMENT• Helps make regulatory bodies andauditors happy with automatic PCI,HIPAA and SOX security reports• Customize any combination of securityauditable data to help you move towardsspecific compliance regulationsGMS provides a holistic approach to security governance, compliance and risk managementGMS satisfies the enterprise’s change management requirements through a workflow automation processes and procedures. The workflow feature assures the correctness and the compliance of policy changes by enforcing a rigorous process for configuring, comparing, validating,reviewing and approving policies prior to deployment. The approval groups are flexible, enabling adherence to company security policy while mitigating risk, reducing errors, improving efficiency, and ensuring high security effectiveness.With GMS’s workflow automation and auditing of policy changes, enterprises gain agility and confidence in deploying the right firewall policies, at the right time, and in conformance to compliance regulations.GMS Workflow Automation: Five steps to error-free policy management1. CONFIGURE AND COMPARE GMS configures policy change orders and color-codes diffs for clear comparisons2. VALIDATE GMS performs an integrityvalidation of the policy’s logic3. REVIEW & APPROVE GMS emailsreviewers and logs a (dis)approval audit trail of the policy4. DEPLOY GMS deploys the policy changes immediately or on a schedule5. AUDIT The change logs enable accurate policy auditing and precise compliancedataScalable distributed architectureAt the core of GMS is a distributed architecture that facilitates limitless system scalability. A single instance of GMS can add visibility and control over thousands of your network security devices under its management, regardless of location. At the user-experience level, the GMS universal dashboard utilizes cutting-edge user interface design and usability concepts that work together to provide consistent operator workflows across the security ecosystem.GMS is an on-premises solution, deployable as a software or a virtual appliance. Alternatively, SonicWall Cloud Global Management System (Cloud GMS) is cloud-delivered security management and reporting platform that accelerates and simplify security management operations while increasingservice agility – all at a low subscription cost.Port Expansion ScalabilityWall GMS Secure Compliance EnforcementVPNEnterprise ClientsMSSP’s managed firewalls MSSP’s co-managed firewallsCloud-based SonicWall Global Management System EnvironmentsContext-sensitive dashboards display a variety of informational widgets, such as geographical maps, syslog reports, bandwidth summaries, top websites accessed, or the data that is most relevant to specific users.Intuitive graphical reports simplify managed appliance monitoring. Easily identify traffic anomalies based on usage data for a specific timeline, initiator, responder or service. Export reports to a Microsoft Excel spreadsheet, portable document format (PDF) file or directly to a printer.Minimum system requirementsBelow are the minimum requirements for SonicWall GMS with respect to the operating systems, databases, drivers, hardware and SonicWall-supported appliances:Operating systemWindows Server 2016Windows Server 2012 Standard 64-bitWindows Server 2012 R2 Standard 64-bit (English and Japaneselanguage versions)Windows Server 2012 R2 DatacenterHardware requirementsUse the GMS Capacity Calculator to determine the hardware requirements for your deployment.Virtual appliance requirementsHypervisor: ESXi 6.5, 6.0 or 5.5Use the GMS Capacity Calculator to determine the hardware requirements for your deployment.VMware Hardware Compatibility Guide:/resources/compatibility/search.php Supported databasesExternal databases: Microsoft SQL Server 2012 and 2014Bundled with the GMS application: MySQLInternet browsersMicrosoft® Internet Explorer 11.0 or higher (do not use compatibility mode) Mozilla Firefox 37.0 or higherGoogle Chrome 42.0 or higherSafari (latest version)GMS gatewaySonicWall SuperMassive™ E10000 Series, SonicWall SuperMassive™ 9000 Series, E-Class Network Security Appliance (NSA), and NSA Series Supported SonicWall appliances managed by GMSSonicWall Network Security Appliances: SuperMassive E10000 and 9000 Series, E-Class NSA, NSA, and TZ Series appliances®SonicWall Secure Mobile Access (SMA) appliances: SMA Series andE-Class SRASonicWall Email Security appliancesAll TCP/IP and SNMP-enabled devices and applications for active monitoringAbout UsSonicWall has been fighting the cyber-criminal industry for over 25 years, defending small, medium size businesses and enterprises worldwide. Our combination of products and partners has enabled a real-time cyber defense solution tuned to the specific needs of the more than 500,000 global businesses in over 150 countries, so you can do more business with less fear.。

SonicWALL NSA 2400 防火墙产品

SonicWALL NSA 2400 防火墙产品

SonicW ALL NSA 2400 防火墙产品SonicWALL NSA 2400可为中型企业(约200用户或75分支的企业)的互联网应用提供完善的保护。

通过新一代的SonicOS操作系统,SonicWALL NSA 2400将为用户提供商务级别高性能的防火墙和VPN,通过新一代的高性能多核CPU处理器和硬件加密加速处理器,SonicWALL NSA 2400将为用户提供高性价比的防火墙和VPN功能。

SonicWALL NSA 2400用户能全面利用SonicWALL的安全增值服务保护网络,包括网络防病毒、内容过滤、高可用性、全球管理系统和整体客户端安全软件(Global Security Client)等。

和其它安全厂家不同,SonicWALL 不需要另外购买附加设备或软件包。

把所有的服务已内置(Build in)在SonicWALL 的安全设备,您什么时候需要这些功能,只需要购买授权(License)就可以使用。

SonicOS包括对象管理、ISP的线路备份和负载均衡、硬件备份和策略NAT的新功能。

很多公司利用以上功能较低管理负担和保障公司的网络不间断。

直到最近,这些功能只有出现在大型网络使用的昂贵的网络安全设备才有。

今天SonicWALL NSA 2400产品再加上SonicOS软件就有对象管理、ISP的线路备份和负载均衡、硬件备份和策略NAT的新功能。

SonicWALL NSA 2400容易安装和管理,提供的安装向导使安装更简单。

通过SonicWALL NSA 2400防火墙保障公司内部网络的安全,各分支机构通过Site to Site VPN、移动用户通过VPN 客户端、SSLVPN用户和总部连接,保障各分点数据通讯的安全。

管理员可通过标准浏览器如:IE、Netscape等来管理,或通过SonicWALL 全球管理系统来管理,保障商务永不停顿。

SonicWALL NSA 2400产品特性SonicOS功能易于使用和管理新型GUI图形界面和高级管理向导:SonicWALL NSA 2400产品可以通过直观的Wed界面对产品进行管理和配置,使得对产品的配置变得极为轻松。

Dell SonicWALL NSA系列下一代防火墙用户手册说明书

Dell SonicWALL NSA系列下一代防火墙用户手册说明书

Organizations of all sizes depend on their networks to access internal and external mission-critical applications. As advances in networking continueto provide tremendous benefits, organizations are increasingly challenged by sophisticated and financially-motivated attacks designed to disrupt communication, degrade performance and compromise data. Malicious attacks penetrate outdated stateful packet inspection firewalls with advanced application layer exploits. Point products add layers of security, but are costly, difficult to manage, limited in controlling network misuse and ineffective against the latest multipronged attacks.By utilizing a unique multi-core design and patented Reassembly-Free Deep Packet Inspection® (RFDPI) technology*, the Dell™ SonicWALL™ Network Security Appliance (NSA) Series of Next-Generation Firewalls offers complete protection without compromising network performance. The low latency NSA Series overcomes the limitations of existing security solutions by scanning the entirety of each packet for current internal and external threats in real-time. The NSA Series offers intrusion prevention, malware protection, and application intelligence, control and visualization, while delivering breakthrough performance. With advanced routing, stateful high-availability and high-speed IPSec and SSL VPN technology, the NSA Series adds security, reliability, functionality and productivity to branch offices, central sites and distributed mid-enterprise networks, while minimizing cost and complexity.Comprised of the Dell SonicWALL NSA 220, NSA 220 Wireless-N, NSA 250M, NSA 250M Wireless-N, NSA 2400, NSA 3500 and NSA 4500, the NSA Series offers a scalable range of solutions designed to meet the network security needs of any organization.Network SecurityAppliance SeriesNext-Generation Firewall• Next-Generation Firewall• Scalable multi-core hardware andReassembly-Free Deep PacketInspection• Application intelligence, controland visualization• Stateful high availability and loadbalancing• High performance and loweredtco• Network productivity• Advanced routing services andnetworking• Standards-based Voice over IP(VoIP)• Dell Sonicwall clean Wireless• onboard Quality of Service (QoS)• Integrated modules support• Border Gateway Protocol (BGP)support• More concurrent SSL VPN sessionsFeatures and benefitsNext-Generation Firewall features integrate intrusion prevention, gateway anti-virus, anti-spyware and URL filtering with application intelligence and control, and SSL decryption to block threats from entering the network and provide granular application control without compromising performance.Scalable multi-core hardware and Reassembly-Free Deep Packet Inspection scans and eliminates threats of unlimited file sizes, with near-zero latency across thousands of connections at wire speed.Application intelligence, control and visualization provides granular control and real-time visualization of applications to guarantee bandwidth prioritization and ensure maximum network security and productivity. Stateful high availability and load balancing features maximize total network bandwidth and maintain seamless network uptime, delivering uninterrupted access to mission-critical resources, and ensuring that VPN tunnels and other network traffic will not be interrupted in the event of a failover. High performance and lowered tcoare achieved by using the processingpower of multiple cores in unison todramatically increase throughput andprovide simultaneous inspectioncapabilities, while lowering powerconsumption.Network productivity increases becauseIT can identify and throttle or blockunauthorized, unproductive andnon-work related applications and websites, such as Facebook® or YouTube®,and can optimize WAN traffic whenintegrated with Dell SonicWALL WANAcceleration Appliance (WXA) solutions.Advanced routing services andnetworking features incorporate 802.1qVLANs, multi-WAN failover, zone andobject-based management, loadbalancing, advanced NAT modes, andmore, providing granular configurationflexibility and comprehensive protectionat the administrator’s discretion.Standards-based Voice over IP (VoIP)capabilities provide the highest levels ofsecurity for every element of the VoIPinfrastructure, from communicationsequipment to VoIP-ready devices suchas SIP Proxies, H.323 Gatekeepers andCall Servers.Dell SonicWALL clean Wirelessoptionally integrated into dual-bandwireless models or via Dell SonicWALLSonicPoint wireless access pointsprovides powerful and secure 802.11a/b/g/n 3x3 MIMO wireless, and enablesscanning for rogue wireless accesspoints in compliance with PCI DSS.onboard Quality of Service (QoS)features use industry standard 802.1pand Differentiated Services Code Points(DSCP) Class of Service (CoS)designators to provide powerful andflexible bandwidth management that isvital for VoIP, multimedia content andbusiness-critical applications.Integrated modules support on NSA250M and NSA 250M Wireless-Nappliances reduce acquisition andmaintenance costs through equipmentconsolidation, and add deploymentflexibility.Border Gateway Protocol (BGP)support enables alternate networkaccess paths (ISPs) if one path fails.More concurrent SSL VPN sessions addscalability, while extending End PointControl to Microsoft® Windows® devicesensures anti-malware and firewalls areup-to-date.Best-in-class threat protection Dell SonicWALL deep packetinspection protects against network risks such as viruses, worms, Trojans, spyware, phishing attacks, emerging threats and Internet misuse. Application intelligence and control adds highly controls to prevent data leakage and manage bandwidth at the application level.The Dell SonicWALL Reassembly-Free Deep Packet Inspection (RFDPI) technology utilizes Dell SonicWALL’s multi-corearchitecture to scan packets in real-time without stalling traffic in memory.This functionality allows threats to be identified and eliminated over unlimited file sizes and unrestricted concurrent connections, without interruption.The Dell SonicWALL NSA Series provides dynamic network protection through continuous, automated security updates, protecting against emerging and evolving threats, without requiring any administrator intervention.Dynamic security architectureand managementMobile users32Application intelligence and control Dell SonicWALL Application Intelligence and Control provides granular control, data leakage prevention, and real-time visualization of applications to guarantee bandwidth prioritization and ensure maximum network security and productivity. An integrated feature of Dell SonicWALL Next-Generation Firewalls, it uses Dell SonicWALL RFDPItechnology to identify and control applications in use with easy-to-use pre-defined application categories (such as social media or gaming)—regardless of port or protocol. Dell SonicWALL Application Traffic Analytics provides real-time and indepth historical analysis of data transmitted through the firewall including application activities by user.1Dell SonicWALL clean VPNDell SonicWALL Clean VPN™ secures the integrity of VPN access for remote devices including those running iOS or Android by establishing trust for remote users and these endpoint devices and applying anti-malware security services, intrusion prevention and application intelligence and control to eliminate the transport of malicious threats• The SonicWALL NSA 2400 is ideal for branch office and small- to medium-sized corporate environments concerned about throughput capacity and performance • The SonicWALL NSA 220, NSA 220 Wireless-N, NSA 250M and NSA 250M Wireless-N are ideal for branch office sites in distributed enterprise, small- to medium-sizedbusinesses and retail environmentscentralized policy managementThe Network Security Appliance Series can be managed using the SonicWALL Global Management System, which provides flexible, powerful and intuitive tools to manage configurations, viewreal-time monitoring metrics andintegrate policy and compliancereporting and application traffic analytics,all from a central location.Server Anti-Virusand Anti-SpywareServers anti-threatprotectionVPNVPNClientRemoteAccessUpgradeServiceWeb siteand contentusage control Enforced ClientAnti-Virusand Anti-SpywareClient PCs anti-threat protectionFlexible, customizable deployment options –NSA Series at-a-glanceEvery SonicWALL Network Security Appliance solution delivers Next-Generation Firewall protection, utilizing a breakthrough multi-core hardware design and Reassembly-Free Deep Packet Inspection for internal and external network protection without compromising network performance. Each NSA Series product combineshigh-speed intrusion prevention, file and content inspection, and powerful application intelligence and controlwith an extensive array of advanced networking and flexible configuration features. The NSA Series offers an accessible, affordable platform that is easy to deploy and manage in a wide variety of corporate, branch office and distributed network environments.• The SonicWALL NSA 4500 is ideal for large distributed and corporate central-site environments requiring high throughput capacity and performance • The SonicWALL NSA 3500 is idealfor distributed, branch office and corporate environments needing significant throughput capacity and performanceSecurity services andupgradesGateway Anti-Virus,Anti-Spyware, IntrusionPrevention and ApplicationIntelligence and controlService delivers intelligent,real-time network security protectionagainst sophisticated application layerand content-based attacks includingviruses, spyware, worms, Trojans andsoftware vulnerabilities such as bufferoverflows. Application intelligence andcontrol delivers a suite of configurabletools designed to prevent data leakagewhile providing granular application-level controls along with tools enablingvisualization of network traffic.Enforced client Anti-Virusand Anti-spyware (McAfee)working in conjunction withDell SonicWALL firewalls,guarantees that allendpoints have the latest versions ofanti-virus and anti-spyware softwareinstalled and active.content Filtering Serviceenforces protection andproductivity policies byemploying an innovativerating architecture, utilizingadynamic database to block up to 56categories of objectionable webcontent.Analyzer is a flexible, easyto use web-basedapplication traffic analyticsand reporting tool thatprovides powerful real-time andhistorical insight into the health,performance and security of the network.Virtual Assist is a remotesupport tool that enablesa technician to assumecontrol of a PC or laptopfor the purpose of providingremote technical assistance. Withpermission, the technician can gaininstant access to a computer using aweb browser, making it easy to diagnoseand fix a problem remotely without theneed for a pre-installed “fat” client.Dynamic Support Servicesare available 8x5 or 24x7depending on customerneeds. Features includeworld-class technicalsupport, crucial firmware updates andupgrades, access to extensive electronictools and timely hardware replacementto help organizations get the greatestreturn on their Dell SonicWALLinvestment.Global VPN clientUpgrades utilize a softwareclient that is installed onWindows-based computersand increase workforce productivity byproviding secure access to email, files,intranets, and applications for remoteusers.provide clientlessLinux-based systems. With integratedSSL VPN technology, Dell SonicWALLfirewall appliances enable seamless andsecure remote access to email, files,intranets, and applications from a varietyof client platforms via NetExtender, alightweight client that is pushed onto theuser’s machine.SonicWALL Mobile connect™,a single unified client app forApple® iOS and Google®Android™, provides smartphone andtablet users superior network-levelaccess to corporate and academicresources over encrypted SSL VPNconnections.comprehensive Anti-SpamService (CASS) offerssmall- to medium-sizedbusinesses comprehensiveprotection from spam andviruses, with instant deployment overexisting Dell SonicWALL firewalls. CASSspeeds deployment, eases administrationand reduces overhead by consolidatingsolutions, providing one-click anti-spamservices, with advanced configuration injust ten minutes.Deep Packet Inspection for of SSL-Encrypted traffic (DPI-SSL) transparentlydecrypts and scans both inbound andoutbound HTTPS traffic for threats usingDell SonicWALL RFDPI. The traffic is thenre-encrypted and sent to its originaldestination if no threats or vulnerabilitiesare discovered.Denial of Service attack prevention 22 classes of DoS, DDoS and scanning attacksKey exchange K ey Exchange IKE, IKEv2, Manual Key, PKI (X.509), L2TP over IPSec Route-based VPN Yes (OSPF, RIP)Certificate support Verisign, Thawte, Cybertrust, RSA Keon, Entrust, and Microsoft CA for Dell SonicWALL-to-Dell SonicWALL VPN, SCEP Dead peer detection Yes DHCP over VPN Yes IPSec NAT TraversalYes Redundant VPN gatewayYesGlobal VPN client platforms supported Microsoft Windows 2000, Windows XP, Microsoft Vista 32/64-bit, Windows 7 32/64-bitSSL VPN platforms supportedMicrosoft Windows 2000 / XP / Vista 32/64-bit / Windows 7, Mac 10.4+, Linux FC 3+ / Ubuntu 7+ / OpenSUSEMobile Connect platforms supported iOS 4.2 and higher, Android 4.0 and higherSecurity servicesDeep Packet Inspection Service Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention and Application Intelligence and Control Content Filtering Service (CFS) HTTP URL,HTTPS IP, keyword and content scanning ActiveX, Java Applet, and cookie blocking bandwidth management on filtering categories, allow/forbid lists Gateway-enforced Client Anti-Virus and Anti-Spyware McAfee Comprehensive Anti-Spam Service Supported Application Intelligence Application bandwidth management and control, prioritize or block application and Control by signatures, control file transfers, scan for key words or phrasesDPI SSL Provides the ability to decrypt HTTPS traffic transparently, scan this traffic for threats using Dell SonicWALL’s Deep Packet Inspection technology (GAV/AS/IPS/ Application Intelligence/CFS), then re-encrypt the traffic and send it to its destination if no threats or vulnerabilities are found. This feature works for both clients and workingIP Address assignment Static, (DHCP, PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP relay NAT modes1:1, 1:many, many:1, many:many, flexible NAT (overlapping IPs), PAT, transparent modeVLAN interfaces (802.1q) 25352550200Routing OSPF, RIPv1/v2, static routes, policy-based routing, MulticastQoS Bandwidth priority, maximum bandwidth, guaranteed bandwidth, DSCP marking, 802.1pIPv6Yes AuthenticationXAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix Internal database/single sign-on users 100/100 Users150/150 Users250/250 Users300/500 Users1,000/1,000 UsersVoIPFull H.323v1-5, SIP, gatekeeper support, outbound bandwidth management, VoIP over WLAN, deep inspection security, full interoperability with most VoIP gateway and communications devicesSystemZone security Yes SchedulesOne time, recurring Object-based/group-based management Yes DDNSYesManagement and monitoring Web GUI (HTTP, HTTPS), Command Line (SSH, Console), SNMP v3: Global management with Dell SonicWALL GMSLogging and reporting Analyzer, Local Log, Syslog, Solera Networks, NetFlow v5/v9, IPFIX with extensions, real-time visualizationHigh availabilityOptional Active/Passive with State SyncLoad balancing Yes, (Outgoing with percent-based, round robin and spill-over); (Incoming with round robin,random distribution, sticky IP, block remap and symmetrical remap)StandardsTCP/IP, UDP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3Wireless standards802.11 a/b/g/n, WPA2, WPA, TKIP, 802.1x, EAP-PEAP, EAP-TTLS WAN acceleration supportYesFlash memory32 MB compact Flash 512 MB compact Flash3G wireless/modem * With 3G/4G USB adapter or modem — With 3G/4G USB adapter or modemPower supply 36W external Single 180W ATX power supplyFansNo fan/1 internal fan 2 internal fans 2 fansPower input10-240V, 50-60Hz Max power consumption 11W/15W 12W/16W 42W 64W 66W Total heat dissipation 37BTU/50BTU 41BTU/55BTU 144BTU 219BTU 225BTUCertificationsVPNC, ICSA Firewall 4.1 EAL4+, FIPS 140-2 Level 2, VPNC, ICSA Firewall 4.1, IPv6 Phase 1, IPv6 Phase 2Certifications pending EAL4+, FIPS 140-2 Level 2, IPv6 Phase 1, IPv6 Phase 2 —Form factor 1U rack-mountable/ 1U rack-mountable/ 1U rack-mountable/ and dimensions 7.125 x 1.5 x 10.5 in/ 17 x 10.25 x 1.75 in/ 17 x 13.25 x 1.75 in/18.10 x 3.81 x 26.67 cm 43.18 x 26 x 4.44 cm 43.18 x 33.65 x 4.44 cmWeight 1.95 lbs/0.88 kg/ 3.05 lbs/1.38 kg/ 8.05 lbs/ 3.65 kg 11.30 lbs/ 5.14 kg2.15 lbs/0.97 kg3.15 lbs/1.43 kg WEEE weight V 3.05 lbs/1.38 kg/4.4 lbs/2.0kg/ 8.05 lbs/ 3.65 kg 11.30 lbs/5.14 kg3.45 lbs/1.56 kg4.65 lbs/2.11 kgMajor regulatoryF CC Class A, CES Class A, CE, C-Tick, VCCI, Compliance MIC, UL, cUL, TUV/GS, CB, NOM, RoHS, WEEE Environment 40-105° F, 0-40° C 40-105° F, 5-40° CMTBF 28 years/15 years 23 years/14 years 14.3 years 14.1 years 14.1 yearsHumidity5-95% non-condensing 10-90% non-condensingcertificationsSpecificationsTesting methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services. Full DPI Performance/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs. Actual maximum connection counts are lower when Next-Generation Firewall services are enabled. VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544. Supported on the NSA 3500 and higher. Not available on NSA 2400. *USB 3G card and modem are not included. See http://www.Dell /us/products/cardsupport.html for supported USB devices. The Comprehensive Anti-Spam Service supports an unrestricted number of users but is recommended for 250 users or less. With Dell SonicWALL WXA Series Appliance.Network Security Appliance 3500 01-SSC-7016NSA 3500 TotalSecure* (1-year) 01-SC-7033Network Security Appliance 450001-SSC-7012NSA 4500 TotalSecure* (1-year) 01-SC-7032Network Security Appliance 2400 01-SSC-7020NSA 2400 TotalSecure* (1-year) 01-SC-7035Network Security Appliance 250M 01-SSC-9755Network Security Appliance 250M Wireless-N 01-SSC-9757 (US/Canada)Network Security Appliance 250M TotalSecure* 01-SSC-9747Network Security Appliance 250M Wireless-N TotalSecure*01-SSC-9748 (US/Canada)Network Security Appliance 220 01-SSC-9750Network Security Appliance 220 Wireless-N 01-SSC-9752 (US/Canada)Network Security Appliance 220 TotalSecure* 01-SSC-9744Network Security Appliance 220 Wireless-N TotalSecure*01-SSC-9745 (US/Canada)For more information on Dell SonicWALL network security solutions, please visit .*Includes one-year of Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, andApplication Intelligence and Control Service, Content Filtering Service and Dynamic Support 24x7.Security Monitoring Services from Dell SecureWorks are available for thisappliance Series. For more information, visit /secureworks。

SONICWALL 防火墙第四代全系列机型完整技术规格

SONICWALL 防火墙第四代全系列机型完整技术规格
ASIC
64M
128M
256M
128M
8M
64M
64 MB
16M
7 10/100 Auto-sensing Ethernet;
(1) Auto-MDIX WAN;
(1)
Optional Zone Port;
(1) 5-
Port Auto-MDIX LAN Switch;(1)
RJ45 Console Port
管理
浏览器界面管理 命令行界面管理 远程管理 远程中央管理 SNMP管理 串口管理 更新方式
Verisign TZ170 /10 Node- 0; TZ170 /25 Node- 1; TZ170 /Un Node-1;
是 是 是 128
是 是 VPN管理 SonicWALL GMS 是 是 浏览器
可选 是 可选 EXE,VBS,常规
Java,ActiveX,Proxy, Cookies,Digital Certs
可选 是
可选 EXE,VBS,常规
Java,ActiveX,Proxy, Cookies,Digital Certs
可选

可选
EXE,VBS,常规 Java,ActiveX,
Proxy, Cookies, Digital Certs
Syslog,Email, Pager
ViewPoint Optional or 3rd Party
可选 是
可选 EXE,VBS,常规
Java,ActiveX, Proxy,Cookies,
Digital Certs
双机热备 是 是 是
866MHz Intel Pentium III with CS - 2 Security ASIC

SonicWall Network Security NSa系列产品介绍说明书

SonicWall Network Security NSa系列产品介绍说明书

The SonicWall Network Security appliance (NS a) series provides organizations that range in scale from mid-sized networks to distributed enterprises and data centers with advanced threat prevention in a high-performance security platform. Utilizing innovative deep learning technologies in the SonicWall Capture Cloud Platform, the NS a series delivers the automated real-time breach detection and prevention organizations need. Cutting-edge threat prevention with superior performanceToday’s network threats are highly evasive and increasingly difficult to identify using traditional methods of detection. Staying ahead of sophisticated attacks requires a more modern approach that heavily leverages security intelligence in the cloud. Without that cloud intelligence, gateway security solutions can’t keep pace with today’s complex threats. NS a series next-generation firewalls (NGFWs) integrate two advanced security technologies to deliver cutting-edge threat prevention that keeps your network one step ahead. Enhancing SonicWall’s multi-engine Capture Advanced Threat Protection (ATP) service is our patent-pendingReal-Time Deep Memory Inspection (RTDMI™) technology. The RTDMI engine proactively detects and blocks mass market, zero-day threats and unknown malware by inspecting directly in memory. Because of the real-time architecture, SonicWall RTDMI technology is precise, minimizes false positives, and identifies and mitigates sophisticated attacks where the malware’s weaponry is exposed for less than 100 nanoseconds. In combination, SonicWall’s patented* single-pass Reassembly-Free Deep Packet Inspection (RFDPI) engine examines every byte of every packet, inspecting both inbound and outbound traffic on the firewall. By leveraging the SonicWall Capture Cloud Platform in addition toon-box capabilities including intrusion prevention, anti-malware and web/URL filtering, the NS a series blocks even the most insidious threats at the gateway. Further, SonicWall firewalls provide complete protection by performingfull decryption and inspection of TLS/ SSL and SSH encrypted connections regardless of port or protocol. The firewall looks deep inside every packet (the header and data) searching for protocol non-compliance, threats, zero-days, intrusions, and even defined criteria. The deep packet inspection engine detects and prevents hidden attacks that leverage cryptography, blocks encrypted malware downloads, ceases the spread of infections, and thwarts commandand control (C&C) communicationsand data exfiltration. Inclusion and exclusion rules allow total control to customize which traffic is subjected to decryption and inspection based on specific organizational compliance and/or legal requirements.When organizations activate deep packet inspection functions such as IPS, anti-virus, anti-spyware, TLS/SSL decryption/ inspection and others on their firewalls, network performance often slows down,SonicWall Network Securityappliance (NS a) seriesIndustry-validated security effectiveness and performance for mid-sizednetworks, distributed enterprises and data centersBenefits:Superior threat preventionand performance• Patent-pending real-time deepmemory inspection technology• Patented reassembly-free deeppacket inspection technology• On-box and cloud-based threatprevention• TLS/SSL decryption and inspection• Industry-validated securityeffectiveness• Multi-core hardware architecture• Dedicated Capture Labs threatresearch teamNetwork control and flexibility• Powerful SonicOS operating system• Application intelligence and control• Network segmentation with VLANs• High-speed wireless securityEasy deployment, setup and ongoingmanagement• Tightly integrated solution• Centralized management• Scalability through multiplehardware platformssometimes dramatically. NS a series firewalls, however, feature a multi-core hardware architecture that utilizes specialized security microprocessors. Combined with our RTDMI and RFDPI engines, this unique design eliminates the performance degradation networks experience with other firewalls. Network control and flexibilityAt the core of the NS a series is SonicOS, SonicWall’s feature-rich operating system. SonicOS provides organizations withthe network control and flexibility they require through application intelligence and control, real-time visualization,an intrusion prevention system (IPS) featuring sophisticated anti-evasion technology, high-speed virtual private networking (VPN) and other robust security features.Using application intelligence and control, network administrators can identifyand categorize productive applications from those that are unproductive or potentially dangerous, and control that traffic through powerful application-level policies on both a per-user and a per-group basis (along with schedules and exception lists). Business-critical applications can be prioritized and allocated more bandwidth while non-essential applications are bandwidth-limited. Real-time monitoring andvisualization provides a graphicalrepresentation of applications, users andbandwidth usage for granular insight intotraffic across the network.For organizations requiring advancedflexibility in their network design,SonicOS offers the tools to segmentthe network through the use of virtualLANs (VLANs). This enables networkadministrators to create a virtual LANinterface that allows for networkseparation into one or more logicalgroups. Administrators create rules thatdetermine the level of communicationwith devices on other VLANs.Built into every NS a series firewall is awireless access controller that enablesorganizations to extend the networkperimeter securely through the use ofwireless technology. Together, SonicWallfirewalls and SonicWave 802.11ac Wave2 wireless access points create a wirelessnetwork security solution that combinesindustry-leading next-generation firewalltechnology with high-speed wireless forenterprise-class network security andperformance across the wireless network.Easy deployment, setup andongoing managementLike all SonicWall firewalls, the NS aseries tightly integrates key security,connectivity and flexibility technologiesinto a single, comprehensive solution.This includes SonicWave wirelessaccess points and the SonicWall WANAcceleration (WXA) series, both ofwhich are automatically detected andprovisioned by the managing NS a firewall.Consolidating multiple capabilitieseliminates the need to purchase andinstall point products that don’t alwayswork well together. This reduces theeffort it takes to deploy the solution intothe network and configure it, saving bothtime and money.Cloud-based centralized management,reporting, licensing and analytics arehandled through the SonicWall CaptureSecurity Center. Administrators areprovided with an intuitive dashboard formanaging all aspects of the network inreal time, including critical security alerts.Together, the simplified deployment andsetup along with the ease of managementenable organizations to lower their totalcost of ownership and realize a highreturn on investment.SFP ports ports1 x 2.5GbESonicWallSonicWall NS a 5650Capture Cloud PlatformSonicWall's Capture Cloud Platform delivers cloud-based threat prevention and network management plus reporting and analytics for organizations of any size. The platform consolidates threat intelligence gathered from multiple sources including our award-winningmulti-engine network sandboxing service, Capture Advanced Threat Protection, as well as more than 1 million SonicWall sensors located around the globe.If data coming into the network is found to contain previously-unseen malicious code, SonicWall’s dedicated, in-house Capture Labs threat research team develops signatures that are stored in the Capture Cloud Platform database and deployed to customer firewalls for up-to-date protection. New updates take effect immediately without reboots or interruptions. The signatures resident on the appliance protect against wide classesof attacks, covering tens of thousands of individual threats with a single signature. In addition to the countermeasures on the appliance, NS a firewalls also have continuous access to the Capture Cloud Platform database which extends the onboard signature intelligence with tens of millions of signatures.In addition to providing threat prevention, the Capture Cloud Platform offers single pane of glass management and administrators can easily create both real-time and historical reports on network activity.Advanced threat protectionAt the center of SonicWall automated, real-time breach prevention is SonicWall Capture Advanced Threat Protection service, a cloud-based multi-engine sandbox that extends firewall threat protection to detect and prevent zero-day threats. Suspicious files are sent to the cloud where they are analyzed using deep learning algorithms with the option to hold them at the gateway until a verdict is determined. Themulti-engine sandbox platform, which includes Real-Time Deep Memory Inspection, virtualized sandboxing, full system emulation and hypervisor level analysis technology, executes suspicious code and analyzes behavior. When a file is identified as malicious, it is blocked and a hash is immediately created within Capture ATP. Soon after, a signature is sent to firewalls to prevent follow-on attacks.The service analyzes a broad range of operating systems and file types, including executable programs, DLL, PDFs, MS Office documents, archives, JAR and APK.For complete endpoint protection, the SonicWall Capture Client combines next-generation anti-virus technology with SonicWall's cloud-basedmulti-engine sandbox.Reassembly-Free Deep Packet Inspection engineThe SonicWall Reassembly-Free Deep Packet Inspection (RFDPI) is a single-pass, low latency inspection system that performs stream-based, bi-directional traffic analysis at high speed without proxying or buffering to effectivelyuncover intrusion attempts and malware downloads while identifying application traffic regardless of port and protocol. This proprietary engine relies onstreaming traffic payload inspection to detect threats at Layers 3-7, and takesnetwork streams through extensive andrepeated normalization and decryption in order to neutralize advanced evasion techniques that seek to confusedetection engines and sneak malicious code into the network.Once a packet undergoes the necessary pre-processing, including TLS/SSLdecryption, it is analyzed against a single, proprietary memory representation of three signature databases: intrusion attacks, malware and applications. The connection state is then advanced to represent the position of the streamrelative to these databases until it encounters a state of attack, or other “match” event, at which point a pre-set action is taken.In most cases, the connection is terminated and proper logging andnotification events are created. However, the engine can also be configured for inspection only or, in case of application detection, to provide Layer 7 bandwidth management services for the remainder of the application stream as soon as the application is identified.Packet Packet assembly-based processSonicWall stream-based architectureCompetitive proxy-based architecture When proxy buffer becomes full or content too large,files bypass scanning.Reassembly-free Deep Packet Inspection (RFDPI)Reassembly-free packet scanning eliminates proxy and content size limitations.Inspection timeLessMoreInspection capacityMinMaxGlobal management and reportingFor highly regulated organizations wanting to achieve a fully coordinated security governance, compliance and risk management strategy, SonicWall provides administrators a unified, secure andextensible platform to manage SonicWall firewalls, wireless access points and Dell N-Series and X-Series switches through a correlated and auditable workstream process. Enterprises can easilyconsolidate the management of security appliances, reduce administrative andtroubleshooting complexities, and govern all operational aspects of the security infrastructure, including centralized policy management and enforcement; real-time event monitoring; useractivities; application identifications; flow analytics and forensics; compliance and audit reporting; and more. In addition, enterprises meet the firewall’s change management requirements throughworkflow automation which provides the agility and confidence to deploy the right firewall policies at the right time and inconformance with compliance regulations. Available on premises as SonicWall Global Management System and in the cloud as Capture Security Center, SonicWall management and reporting solutions provide a coherent way to manage network security by business processes and service levels, dramatically simplifying lifecycle management of your overall security environments compared to managing on a device-by-device basis.The NS a 2650 delivers high-speed threat preventionover thousands of encrypted and even more unencrypted connections to mid-sized organizations and distributed enterprises.The SonicWall NS a 3650 is ideal for branch office and small- to medium-sized corporate environments concerned aboutthroughput capacity and performance.Dual fansDual fans8 x 2.5GbE4 x 2.5GbE SFP ports12 x 1GbE 12 x 1GbEports1GbEmanagement1GbE managementOptional redundant powerOptional redundant powerPowermoduleStorage moduleUSB portsDual USB portsportsSFP+ ports 4 x 2.5GbEportsTriple fansTriple fansDual power suppliesDual power suppliesExpansion bayExpansion bay2 x 10GbE 2 x 10GbE SFP+ ports2 x 10GbE4 x 2.5GbE ports4 x 2.5GbE ports16 x 1GbE ports16 x 1GbE portsConsoleStorage modulemoduleDual USB portsUSB ports1GbE The SonicWall NS a 4650 secures growing medium-sizedorganizations and branch office locations with enterprise-class features and uncompromising performance.The SonicWall NS a 5650 is ideal for distributed, branch office and corporate environments needing significant throughput and high port density.4 x 2.5GbE SFP ports 4 x 2.5GbE SFP portsTriple fansTriple fansDual power suppliesDual power suppliesExpansion bayExpansion bay2 x 10GbE 10 x 10GbE2 x 10GbE6 x 10GbESFP+ portsports8 x 2.5GbE SFP ports8 x 1GbE portsportsStorage modulemoduleDual USB portsDual 1GbE LCD managementNS a 6650The SonicWall NS a 6650 is ideal for large distributed andcorporate central site sites requiring high throughput capacity and performance.NS a 9250/9450/9650The SonicWall NS a 9250/9450/9650 provide distributed enterprises and data centers with scalable, deep security at multi-gigabit speeds.SFP portsFeaturesBreach prevention subscription servicesFirewall• Stateful packet inspection• Reassembly-Free Deep Packet Inspection • DDoS attack protection (UDP/ICMP/SYNflood)• IPv4/IPv6• Biometric authentication forremote access• DNS proxy• REST APIsTLS/SSL/SSH decryption and inspection1• Deep packet inspection for TLS/SSL/SSH • Inclusion/exclusion of objects, groups orhostnames• TLS/SSL control• Granular DPI SSL controls per zoneor ruleCapture advanced threat protection1• Real-Time Deep Memory Inspection • Cloud-based multi-engine analysis• Virtualized sandboxing• Hypervisor level analysis• Full system emulation• Broad file type examination• Automated and manual submission• Real-time threat intelligence updates • Block until verdict• Capture ClientIntrusion prevention1• Signature-based scanning• Automatic signature updates• Bi-directional inspection• Granular IPS rule capability• GeoIP enforcement• Botnet filtering with dynamic list• Regular expression matchingAnti-malware1• Stream-based malware scanning• Gateway anti-virus• Gateway anti-spyware• Bi-directional inspection• No file size limitation• Cloud malware database Application identification1• Application control• Application bandwidth management• Custom application signature creation• Data leakage prevention• Application reporting overNetFlow/IPFIX• Comprehensive application signaturedatabaseTraffic visualization and analytics• User activity• Application/bandwidth/threat usage• Cloud-based analyticsWeb content filtering1• URL filtering• Proxy avoidance• Keyword blocking• HTTP header insertion• Bandwidth manage CFS rating categories• Unified policy model with app control• Content Filtering ClientVPN• Auto-provision VPN• IPSec VPN for site-to-site connectivity• SSL VPN and IPSec client remote access• Redundant VPN gateway• Mobile Connect for iOS, Mac OSX, Windows, Chrome, Android andKindle Fire• Route-based VPN (OSPF, RIP, BGP)Networking• PortShield• Jumbo frames• Enhanced logging• VLAN trunking• RSTP (Rapid Spanning Tree Protocol)• Port mirroring• Layer-2 QoS• Port security• Dynamic routing (RIP/OSPF/BGP)• SonicWall wireless controller• Policy-based routing (ToS/metric andECMP)• NAT• DNS/DNS proxy• DHCP server• Bandwidth management• Link aggregation (static and dynamic)• Port redundancy• A/P high availability with state sync• A/A clustering• Inbound/outbound load balancing• L2 bridge, wire/virtual wire mode,tap mode• 3G/4G WAN failover• Asymmetric routing• Common Access Card (CAC) supportWireless• WIDS/WIPS• RF spectrum analysis• Rogue AP prevention• Fast roaming (802.11k/r/v)• Mesh networking (802.11s)• Floor plan view/Topology view• Band steering• Beamforming• AirTime fairness• MiFi extender• Guest cyclic quota• LHM guest portalVoIP• Granular QoS control• Bandwidth management• SIP and H.323 transformations peraccess rule• H.323 gatekeeper and SIP proxy supportManagement and monitoring• Capture Security Center, GMS, Web UI,CLI, REST APIs, SNMPv2/v3• Logging• Netflow/IPFix exporting• Cloud-based configuration backup• BlueCoat Security Analytics Platform• SonicWall access point management• Dell N-Series and X-Series switchmanagement including cascaded switches1Requires added subscriptionThreat Prevention/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs. Threat Prevention throughput measured with Gateway AV, Anti-Spyware, IPS and Application Control enabled.VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544. All specifications, features and availability are subject to change.For every 125,000 DPI connections reduced, the number of available DPI SSL connections increases by 3,000 except for NSa 9250 and above.Active/Active Clustering and Active/Active DPI with State Sync require purchase of Expanded License.Performance optimized mode can provide significant increases in performance without major impact to threat prevention efficacy.*Future use. All specifications, features and availability are subject to change.NS a series ordering information© 2018 SonicWall Inc. ALL RIGHTS RESERVED. SonicWall is atrademark or registered trademark of SonicWall Inc. and/or its affiliates SonicWall, Inc.1033 McCarthy Boulevard | Milpitas, CA 95035 About UsSonicWall has been fighting the cyber-criminal industry for over 26 years, defending small, medium size businesses and enterprises worldwide. Our combination of products and partners has enabled a real-time cyber defense solution tuned to the specificneeds of the more than 500,000 businesses in over 150 countries, so you can do more business with less fear.Regulatory model numbers:NS a 2650 - 1RK38-0C8NS a 3650 - 1RK38-0C7NS a 4650 - 1RK39-0C9NS a 5650 - 1RK39-0CA NS a 6650 - 1RK39-0CB NS a 9250 - 1RK39-0CC NS a 9450 - 1RK39-0CD NS a9650 - 1RK39-0CE*Please consult with your local SonicWall reseller for a complete list of supported SFP and SFP+ modulesNS a series ordering information con't。

Dell SonicWALL 网络安全解决方案

Dell SonicWALL 网络安全解决方案
文件共享 自定义应用
更多……
个人电脑
25
IT 配发的电脑
SonicWALL
Confidential
高性能:第三方评测
• NSS实验室评估结果 –
–经第三方验证的、综合防御 能力最强的“推荐评级”下 一代防火墙
• Gartner公司“2012年度UTM 魔力象限”
–Dell SonicWALL荣登“2012 年度领导者象限”
NSA 系列 适合分支机构和中等规模的机构
NSA 4500 NSA 3500 NSA 2400 NSA 250M/220
TZ 系列 适合小型和远程分支机构 TZ 215 系列 TZ 205 系列 TZ 105 系列
29
Confidential
SonicWALL
Dell SonicWALL 防火墙产品系列

2. 免重组深度包检测引擎:
14
无需在设备内存中为待扫描的数据开辟专用的缓冲区进行文件重组,设备 对通过的文件大小没有任何限制, 设备可以并行扫描任意多个文件(等同防火墙最大连接数) 不存在重组技术中缓冲区慢,造成后续数据不能扫描的漏扫问题 实时扫描,用户在下载的过程中,感觉不到访问速度的变化。 描和匹配后台签名库之后,决定数据是丢弃还是通过
4
Confidential
SonicWALL
Why SonicWALL-Gartner UTM
2010 Magic Quadrant for UTM FWs 2012 Magic Quadrant for UTM FWs
5
Confidential
SonicWALL
Gartner企业级防火墙魔力象限
SonicWALL

DellSonicWALL网络安全解决方案讲课文档

DellSonicWALL网络安全解决方案讲课文档

传统防火墙
只检测“行李标签”
第十三页,共44页。
Dell SonicWALL全面的保护 意味着深度的检测
引擎分类----重组 vs 免重组
1. 基于重组技术引擎: ➢ 等待扫描的数据包要在设备内存中的一个专用的缓冲区里进行重组,扫不
同设备内存大小不同,扫描专用的Buffer大小不同,对扫描的单个文件的 大小和同时扫描的文件数目都有限制 ➢ 一旦专用的缓冲区满了,后续的数据不能进行扫描,可以设置通过或丢弃。 通过,造成安全威胁顺利通过,而丢弃会造成断网
多种终端全面支持
智能手机和平板电脑
信息亭/公共设备
公司资源
个人电脑
第二十五页,共44页。
IT 配发的电脑
▪ 电子邮件
▪ 内部网站
▪ 数据库应用
▪ 文件共享
▪ 自定义应用
▪ 更多……
高性能:第三方评测
• NSS实验室评估结果 –
– 经第三方验证的、综合防御能 力最强的“推荐评级”下一代 防火墙
• Gartner公司“2012年度UTM 魔力象限”
Internal Users
Internal Users
Remote Access
出差员工
使用无线移动上 网的员工
第十四页,共44页。
应用识别和控制
识别
多数应用混沌出现在端口80
用户/用户组
分类
策略
? ?
?? ? ??
基于云的、附加的 防火墙智能
免重组
深度包检测
被阻断的恶意软件
控制
关键应用:优先分配带宽
允许的应用:可管理的带宽
禁止的应用:屏蔽 实现策略的 可视化和管理
当流量进入网络,防火墙首先识别不同的应用。

SONICWALL网络安全产品

SONICWALL网络安全产品

SONICWALL 网络安全产品一、产品概述SonicWALL系列防火墙是在NASDAQ上市的SONICWALL公司的著名网络安全产品,全球销量超过11万7千台(公司经审计的财务报告中,截止2000年12月31日的统计数据),是目前全球销量最大和硬件防火墙产品和市场占有率最高的硬件VPN产品(美国INFONETICS 2000年7月25日数据)。

SonicWALL采用软硬件一体化设计,在高性能硬件平台上,利用先进的防火墙技术和SonicWALL 专有的安全高效的实时操作系统,再加上世界领先的加密算法、身份认证技术以及网络防病毒技术,是一个强大的,集应用级防火墙、入侵报警、内容过滤、VPN、网络防病毒等多种安全策略为一体的,稳定可靠的高性能网络安全系统。

其完善的产品系列和卓越的性能价格比为不同规模、不同行业、不同上网方式的用户提供安全、快速、灵活、超值的网络安全解决方案。

SONICWALL产品通过世界权威的ICSA认证和国内权威的公安部信息安全产品检测,并率先符合最新执行的国家信息安全产品标准——GB/T 18019-1999,中国公安部信息安全产品销售许可证号:XKC33098二、产品功能和技术1.防火墙:✧采用先进的第三代“全状态检测”防火墙技术✧软件终生免费升级✧支持DDN、xDSL、Cable Modem、ISDN等多种上网方式✧双向NAT网络地址转换,端口映射✧DHCP和MAC地址捆绑✧支持三个DNS服务器✧支持各种应用服务协议:HTTP、FTP、SMTP、Telnet等✧MD5身份认证✧攻击检测与报警:能够自动识别攻击,并通过E-MAIL或Call机报警✧详细的系统日志和访问日志管理,支持WEB TRENDS2.网页内容过滤:✧IP地址过滤✧关键字段过滤✧URL过滤✧分不同用户和时间段过滤✧过滤Active X、Cookies、Java等危险文件✧支持第三方(美国CyberNOT)的不良网站清单过滤✧访问审计日志3.VPN✧标准的IPSec VPN✧加密算法:DES、3DES、ACR4✧密钥管理:IKE、Manual Keys✧身份认证:MD-5、RADIUS、RSA SecurID✧支持“数字证书”等高级身份认证方式✧支持最大的并发用户数:不同型号支持从5个到1000个✧支持Gateway to Gateway和Client to Gateway模式✧兼容其他VPN产品,如Check Point Firewall-1、CISCO PIX、Axent Raptor、Nortel Contivity4.网络防病毒✧采用McAfee的先进病毒扫描引擎,实现整个网络的安全✧第一家通过ICSA认证的ASP模式防病毒产品✧强制执行的防病毒安全策略✧强制、自动和实时的升级到最新病毒码,给用户最大的安全保证✧彻底清查邮件和邮件附件中的病毒✧防范“特洛伊木马”病毒的攻击✧全球首次真正实现防病毒工作的零维护5.高可靠性SonicWALL PRO和PRO VX提供的高可靠性功能,支持防火墙的双机热备份,最大程度保证网络连接的可靠性。

Sonicwall功能介绍

Sonicwall功能介绍
SonicWALL UTM 功能介绍
一、Gateway Anti-Virus(网关防病毒) : 随着 Internet 的飞速发展,我们的工作和日常生活越来越以来于网络。随着网络的发展,病毒的传播 也具备了越来越依赖于网络传播的特点。据国际计算机安全委员会(ICSA)统计,企业用户感染的病毒 中, 有超过 20%的病毒与从 Internet 上下载文件有关。 此外还有 87%的病毒是通过电子邮件附件进入企业 网络的。Internet 大大加快了病毒在世界范围内的传播速度并使很多公司陷于瘫痪。因此,在企业的网关 设置防病毒系统,防止通过 Internet 传播的病毒进入企业网内部并对企业网络造成危害就成了刻不容缓的 工作了。如下图:
病毒的来源
100% 90%
E-mail
80% 70% 60% 50% 40% 30% 20% 10% 0% 1996 Email Other Vector 1997 1998 1999 2000 2001 2002 Don't Know 2003
电子邮件 E-mail and File Downloads Pose Greatest Threat
为了解决以上这些情况,SonicWALL 公司全系列安全设备开发了可伸缩的高速的网关防病毒和入侵防 护方案. SonicWALL 的网关防病毒和入侵防护对病毒 , 蠕虫 ,木马和应用漏洞采取智能的实时的安全防 护.采用灵活的高性能的深度包检测架构, SonicWALL 的网关防病毒和入侵防护服务无论在网络核心还 是在网络边缘都能对各种各样的动态威胁有效阻断,诸如病毒,蠕虫,木马,软件漏洞如缓冲区溢出,同时还 能防范对等应用和及时消息应用,后门程序以及其他恶意代码. 这项独特的解决方案采用高性能的深度包检测引擎直接在安全网关上匹配全面的签名库,对网页下载, 邮件传输及压缩文件的潜在威胁进行安全防护. 因为威胁层出不穷不可预测,签名库必须不断更新以尽最 大可能对不断出现的威胁采取最有效的防护 .新的签名来自 SonicWALL 的 SonicAlert 工作组和第三方资 源. SonicWALL 的网关防病毒和入侵防护不仅防护来自外部的威胁,还对来自内部的威胁采取防护措施. 主要功能和优点. • 实时的网关病毒扫描. SonicWALL 的网关防病毒和入侵防护通过时时地扫描非压缩及压缩文件,对 文件病毒和恶意代码采取防范,隔离病毒,蠕虫,木马及其它 Internet 威胁. • 强大的入侵防护. SonicWALL 的网关防病毒和入侵防护通过扫描数据包的内容对诸多基于网络的 应用层威胁采取防护措施,诸如防范蠕虫,木马和应用漏洞(如缓冲区溢出), 同时还能防范对等应用 和及时消息应用,后门程序以及其他恶意代码. • 集成深度包检测引擎. SonicWALL 的网关防病毒和入侵防护采用高性能的深度包检测引擎,利用并 行搜索算法,检测到应用层,提供传统的全状态检测防火墙所不能达到的功能,对应用层,Web,邮件攻 击采取防护措施.并行搜索算法极大降低了由此带来的对防火墙性能的影响. • 无比的伸缩性和高性能. SonicWALL 的网关防病毒和入侵防护是业界第一个采用逐个包扫描引擎 的解决方案,它的独特之处在于它对传输的文件大小和同时下载的文件的数目没有限制,实现无比 的灵活性和高性能. • 安全域之间数据扫描. SonicWALL 的网关防病毒和入侵防护提供另外一层的安全防护,即不仅在各 个内部安全域与 Internet 之间安全扫描,在各个内部安全域之间也进行安全扫描. • 全面的签名库. SonicWALL 的网关防病毒和入侵防护采用一个非常全面的签名库,包含成千上万个 签名(IPS:2000+,GAV:25000+),来检测并防护病毒,蠕虫,应用漏洞以及及时消息和对等应用的使用. • 应用控制. SonicWALL 的网关防病毒和入侵防护可以监视并管理及时消息和对等应用文件共享程 序的使用,关闭潜在的后门,确保网络的安全.节省网络带宽的同时提高工作效率. • 简化部署和管理. SonicWALL 的网关防病毒和入侵防护允许管理员在各个安全域之间创建全局安 全策略,按组管理不同优先级别的攻击,Fireware(应用层防火墙) : � � � � � � � � � � � � � � � � 类似于 P2P 之类的应用正在占用大量的可用带宽 及时信息应用(Instant message) 通过邮件发送公司机密文档 声音和视频流下载正在蔓延 阻止文件扩展名变得越来越重要 针对合同工以及临时雇员的数据控制 提供应用层的访问控制和带宽管理 管制 web 流量、邮件、邮件附件以及文件传输 允许针对文件和文档中的关键字和内容进行扫描审查 灵活的配置允许自定义 IDS/IPS 签名 可支持针对 BT 应用的带宽管理 限制用户访问一些 interne 广播或者视频流(如 网站) 通过水印方式限制外出的机密数据 限制邮件的接收发送(针对合同工和临时工) 带宽管理或者文件上传下载管理 其他的更多的…..

SonicWall SuperMassive Series 产品说明说明书

SonicWall SuperMassive Series 产品说明说明书

The SonicWall SuperMassive Series is SonicWall’s next-generation firewall (NGFW) platform designed for large networks to deliver scalability, reliability and deep security at multi-gigabit speeds with near zero latency.Built to meet the needs of enterprise, government, education, retail, healthcare and service provider, the SuperMassive Series is ideal for securing distributed enterprise networks, data centers and service providers.The combination of SonicWall’s SonicOS operating system, patented* Reassembly-Free Deep Packet Inspection® (RFDPI) technology and massively multi-core, highly scalable hardware architecture, the SuperMassive 9000 Series deliver industry-leading application control, intrusion prevention, malware protection and TLS/SSL decryption and inspection at multi-gigabit speeds. The SuperMassive Series is thoughtfully designed with power, space and cooling (PSC) in mind, providing the leading Gbps/watt NGFW in the industry for high performance packet and data processing, application control and threat prevention.The SonicWall RFDPI engine scans every byte of every packet across all ports, delivering full content inspection of the entire stream while providing high performance and low latency. This technology is superior to proxy designs that reassemble content using sockets bolted to anti-malware programs, which are plagued with inefficiencies and the overhead of socket memory thrashing, which leads to high latency, low performance and file size limitations. The RFDPI engine delivers full content inspection to eliminate various forms of malware before they enter the network and provides protection against evolving threats — without file size, performance or latency limitations.The RFDPI engine also performs full decryption and inspection of TLS/SSL and SSH encrypted traffic as well asnon-proxyable applications, enabling complete protection regardless of transport or protocol. It looks deep inside every packets (the header and data part) searching for protocol non-compliance, threats, zero-days, intrusions, and even defined criteria to detect and prevent attacks hidden inside encrypted traffic, cease the spread of infections, and thwart command and control (C&C) communications and data exfiltration. Inclusion and exclusion rules allow total control to customize which traffic is subject to decryption and inspection based on specific organizational compliance and/or legal requirements. Application traffic analytics enablethe identification of productive and unproductive application traffic in real time, and traffic can then be controlled through powerful application-level policies. Application control can be exercised on both a per-user and per-group basis, along with schedules and exception lists. All application, intrusion prevention and malware signatures are constantly updated by the SonicWall Capture Labs threats research team. Additionally, SonicOS, an advanced purpose-built operating system, provides integrated tools that allowfor custom application identification and control.SonicWall SuperMassive SeriesUncompromising, high-performance, next-generation firewall protection foryour enterprise network.Benefits:• Get complete breach preventionincluding high performanceintrusion prevention, lowlatency malware protection andcloud-based sandboxing• Gain full granular applicationidentification, controland visualization• Find and block hidden threats withdecryption and inspection of TLS/SSL and SSH encrypted traffic,without performance problems• Scale security performance for10/40 Gbps data centers• Adapt to service-level increasesand ensure network servicesand resources are availableand protected*U.S. Patents 7,310,815; 7,600,257; 7,738,380; 7,835,361SuperMassive 9000 SeriesSeries lineupThe SonicWall SuperMassive 9000 Series features 4 x 10-GbE SFP+, up to 12 x 1-GbE SFP , 8 x 1-GbE copper and 1 GbEmanagement interfaces, with an expansion port for an additional 2 x 10- GbE SFP+ interfaces (future release). The 9000 Series features hot-swappable fan modules and power supplies.SuperMassive 9000 Seriesdisplay port interface4 x 10-GbE SFP+ ports 8 x 1-GbE SFP ports 8 x 1-GbEportsDual USB ports LCD Dual hot-Expansion bay Two hot-swappable,Dual hot-Expansion bayTwo hot-swappable,SD card for future usedisplayport interface SFP+ ports12 x 1-GbE 2 x 80Gb 8 x 1-GbE ports LCDcontrolsReassembly-Free Deep Packet Inspection engineRFDPI is a single-pass, low latency inspection system that performs stream-based, bi-directional traffic analysis at high speed without proxying or buffering to effectively uncover intrusion attempts, malware and identify application traffic regardless of port and protocol. This proprietary engine relies on streaming traffic payload inspection in order to detect threats at Layers3-7. The RFDPI engine takes network streams through extensive and repeated normalization and decryption in orderto neutralize advanced obfuscation andevasion techniques that seek to confusedetection engines and sneak maliciouscode into the network.Once a packet undergoes the necessarypre-processing, including TLS/SSLdecryption, it is analyzed against a singleproprietary memory representationof multiple signature databases:intrusion attacks, malware, botnet andapplications. The connection stateis then advanced to represent theposition of the stream relative to thesedatabases until it encounters a state ofattack, or other “match” event, at whichpoint a preset action is taken. In mostcases, the connection is terminatedand proper logging and notificationevents are created. However, the enginecan also be configured for inspectiononly or, in the case of applicationdetection, to provide Layer 7 bandwidthmanagement services for the remainderof the application stream as soon as theapplication is identified.PacketPacket assembly-based processSonicWall stream-based architecture Competitive proxy-based architectureWhen proxybecomes full orcontent too large,files bypassscanning.Reassembly-free Deep Packet Inspection (RFDPI)Reassembly-free packetscanning eliminates proxyand content size limitations.Inspection timeLess MoreInspection timeLess MoreInspection capacityMin MaxExtensible architecture for extremescalability and performanceThe RFDPI engine is purposely designedwith a keen focus on providing securityscanning at a high level of performance,to match both the inherently paralleland ever growing nature of networktraffic. When combined with multi-coreprocessor systems, this parallelism-centric software architecture scales upperfectly to address the demands ofdeep packet inspection (DPI) at hightraffic loads. The SuperMassive platformrelies on processors that, unlike x86,are optimized for packet, crypto andnetwork processing while retainingflexibility and programmability in thefield — a weak point for ASICs systems.This flexibility is essential when new codeand behavior updates are necessaryto protect against new attacks thatrequire updated and more sophisticateddetection techniques. Another aspectof the platform design is the uniqueability to establish new connectionson any core in the system, providingultimate scalability and the ability todeal with traffic spikes. This approachdelivers extremely high new sessionestablishment rates (new conn/sec) whiledeep packet inspection is enabled — akey metric that is often a bottleneck fordata center deployments.Advanced threat protection SonicWall Capture Advanced Threat Protection Service1 is a cloud-based multi-engine sandbox that extends firewall threat protection to detect and prevent zero-day threats. Suspicious files are sent to the cloud for analysis with the option to hold them at the gateway until a verdict is determined. Themulti-engine sandbox platform, which includes virtualized sandboxing, full system emulation and hypervisor level analysis technology, executes suspicious code and analyzes behavior. When afile is identified as malicious, a hash is immediately created within Capture and later a signature is sent to firewalls to prevent follow-on attacks.The service analyzes a broad rangeof operating systems and file types, including executable programs, DLL, PDFs, MS Office documents, archives, JAR and APK.Capture provides an at-a-glance threat analysis dashboard and reports, which detail the analysis results for files sent to the service, including source, destination and a summary plus details of malwareaction once detonated.Capture LabsThe dedicated, in-house SonicWall Capture Labs threats researchteam researches and develops countermeasures to deploy to customer firewalls for up-to-date protection. The team gathers data on potential threat data from several sources including our award-winning network sandboxing service, Capture Advanced Threat Protection, as well as more than 1 million SonicWall sensors located around the globe that monitor traffic for emerging threats. It is analyzed via machine learning using SonicWall's Deep Learning Algorithms to extract the DNA from the code to see if it is related to any known forms of malicious code. SonicWall NGFW customers with the latest security capabilities are provided continuously updated threat protection around the clock. New updates take effect immediately without rebootsor interruptions. The signatures onthe appliances protect against wideclasses of attacks, covering up to tensof thousands of individual threats with asingle signature.In addition to the countermeasures onthe appliance, SuperMassive firewallsalso have access to the SonicWallCloudAV1, which extends the onboardsignature intelligence with tens ofmillions of signatures, and growingby millions annually. This CloudAVdatabase is accessed by the firewall viaa proprietary, lightweight protocol toaugment the inspection done on theappliance. With Capture AdvancedThreat Protection1, a cloud-based multi-engine sandbox, organizations canexamine suspicious files and code in anisolated environment to stop advancedthreats such as zero-day attacks.Protection CollectionClassificationCountermeasureL A B S1 Requires added subscriptionApplication intelligence and control Application intelligence informs administrators of application traffic traversing their network so they can schedule application controls based on business priority, throttle unproductive applications and block potentially dangerous applications. Real-time visualization identifies traffic anomalies as they happen, enabling immediate countermeasures against potential inbound or outbound attacks or performance bottlenecks.SonicWall Application Traffic Analytics1 provide granular insight into application traffic, bandwidth utilization and security threats, as well as powerful troubleshooting and forensicscapabilities. Additionally, secure single sign-on (SSO) capabilities ease the user experience, increase productivity and reduce support calls. Management of application intelligence and controlis simplified by the intuitive web-based interface.Global management and reportingFor highly regulated organizations wanting to achieve a fully coordinated security governance, complianceand risk management strategy,the optional SonicWall Global Management System1 (GMS®) provides administrators a unified, secure and extensible platform to manage SonicWall firewalls, wireless access points and switches through a correlated and auditable workstream process. GMS enables enterprises to easily consolidate the managementof security appliances, reduce administrative and troubleshooting complexities, and govern all operational aspects of the security infrastructure, including centralized policy management and enforcement; real-time event monitoring; user activities; application identifications; flow analytics and forensics; compliance and audit reporting; and more. GMS also meets the firewall change management requirementsof enterprises through a workflowautomation feature. With GMS workflowautomation, all enterprises will gainagility and confidence in deploying theright firewall policies, at the right timeand in conformance to complianceregulations. GMS provides a coherentway to manage network security bybusiness processes and service levels,dramatically simplifying lifecyclemanagement of your overall securityenvironments as compared to managingon a device-by-device basis.• Centralizedmanagement• Error-free policymanagement• Strong access control• Comprehensiveaudit trails• PCI, HIPAA, SOXreport templates• Lower operating costsPort Expansion ScalabilitySonicWall GMS Secure Compliance EnforcementBenefits1 Requires added subscription1 Requires added subscriptionFirewall• Stateful packet inspection• Reassembly-Free DeepPacket Inspection• DDoS attack protection(UDP/ICMP/SYN flood)• IPv4/IPv6 support• Biometric authentication forremote access• DNS proxy• Threat APISSL/SSH decryption and inspection2• Deep packet inspection for TLS/SSL/SSH • Inclusion/exclusion of objects, groupsor hostnames• SSL ControlCapture advanced threat protection2• Cloud-based multi-engine analysis• Virtualized sandboxing• Hypervisor level analysis• Full system emulation• Broad file type examination• Automated and manual submission • Real-time threat intelligence updates • Auto-block capabilityIntrusion prevention2• Signature-based scanning• Automatic signature updates• Bi-directional inspection engine• Granular IPS rule set• GeoIP enforcement• Botnet filtering with dynamic list• Regular expression matchingAnti-malware2• Stream-based malware scanning• Gateway anti-virus• Gateway anti-spyware• Bi-directional inspection• No file size limitation• Cloud malware database Application identification2• Application control• Application traffic visualization• Application component blocking• Application bandwidth management• Custom application signature creation• Data leakage prevention• Application reporting overNetFlow/IPFIX• User activity tracking (SSO)• Comprehensive applicationsignature databaseWeb content filtering2• URL filtering• Anti-proxy technology• Keyword blocking• Bandwidth management forCFS categories• Unified policy model with app control• Content Filtering ClientVPN• Auto-provision VPN• IPSec VPN for site-to-site connectivity• SSL VPN and IPSEC client remote access• Redundant VPN gateway• Mobile Connect for iOS, Mac OSX, Windows, Chrome, Android andKindle Fire• Route-based VPN (OSPF, RIP, BGP)Networking• Dynamic LAG using LACP• PortShield• Jumbo frames• Path MTU discovery• Enhanced logging• VLAN trunking• Port mirroring• Layer-2 QoS• Port security• Dynamic routing (RIP/OSPF/BGP)• SonicWall wireless controller1• Policy-based routing(ToS/metric and ECMP)• NAT• DHCP server• Bandwidth management• Link aggregation (static and dynamic)• Port redundancy• A/P high availability with state sync• A/A clustering• Inbound/outbound load balancing• L2 bridge, wire/virtual wire mode, tapmode, NAT mode• 3G/4G WAN failover (not onSuperMassive 9800)• Asymmetric routing• Common Access Card (CAC) supportWireless• MU-MIMO• Wireless planning tool• Band steering• Beamforming• AirTime fairness• MiFi extender• Guest cyclic quotaVoIP• Granular QoS control• Bandwidth management• DPI for VoIP traffic• H.323 gatekeeper and SIP proxy supportManagement and monitoring• Web GUI• Command-line interface (CLI)• SNMPv2/v3• Centralized management and reportingwith SonicWall Global ManagementSystem (GMS)2• Logging• Netflow/IPFix exporting• Cloud-based configuration backup• BlueCoat security analytics platform• Application and bandwidth visualizer• IPv4 and IPv6 Management• LCD management screen• Dell X-Series switch management11 Not supported on SonicOS 6.2.7.72 Requires added subscriptionSuperMassive 9000 Series system specificationsTesting Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services. Full DPI/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs. VPN throughput measured using UDP traffic at 1280 byte packet. Applies to SuperMassive 9200, 9400 and 9600. SuperMassive 9800 UC APL certification is pending. Supported on SonicOS 6.1 and 6.2. For every 125,000 DPI connections reduced, the number of available DPI SSL connections increases by 750. *Future use. All specifications, features and availability are subject to change.SuperMassive 9000 Series ordering information*Please consult with a SonicWall SE for a complete list of supported SFP and SFP+ modules.© 2017 SonicWall Inc. ALL RIGHTS RESERVED. SonicWall is atrademark or registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A. and/or other countries. All other trademarksand registered trademarks are property of their respective owners.SonicWall, Inc.5455 Great America Parkway | Santa Clara, CA 95054 Refer to our website for additional information. About UsSonicWall has been fighting the cyber-criminal industry for over 25 years, defending small, medium size businesses and enterprises worldwide. Our combination of products and partners has enabled a real-time cyber defense solution tuned to the specific needs of the more than 500,000 global businesses in over 150 countries, so you can do more business with less fear.Datasheet-SuperMassive-US-VG-MKTG476。

  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。

仅指防火墙
01-SSC-3850 01-SSC-3840
TotalSecure(1 年)
01-SSC-3853 01-SSC-3843
综合网关安全套件(1 年) 01-SSC-4429 01-SSC-4405
网关反恶意软件/IPS(1 年) 01-SSC-4435 01-SSC-4411
银级全天候 7x24 小时技术 01-SSC-4302 01-SSC-4290
描述
NSA 250M 和 250M W
仅指 NSA 250M 防火墙
01-SSC-9755
仅指 NSA 250M Wireless-N 防火墙
01-SSC-9757
NSA 250M TotalSecure(1 年)
01-SSC-9747
NSA 250M Wireless-N TotalSecure(1 年)01-SSC-9749
NSA 2600 1.9 Gbps 700 Mbps 400 Mbps 300 Mbps 600 Mbps 125,000 15,000
SKU 01-SSC-3860 01-SSC-3863 01-SSC-4453 01-SSC-4459 01-SSC-4314
防火墙 防火墙吞吐量 IPS 吞吐量 反恶意软件吞吐量 全 DPI 吞吐量 IMIX 吞吐量 最大 DPI 连接 每秒新建连接
NSA 220 TotalSecure(1 年)
01-SSC-9744
NSA 220 Wireless-N TotalSecure(1 年)01-SSC-9746
综合网关安全套件(1 年)
01-SSC-4648
网关反恶意软件/IPS(1 年)
01-SSC-4612
全天候 7x24 小时动态支持(1 年)
防火墙 防火墙吞吐量 IPS 吞吐量 反恶意软件吞吐量 全 DPI 吞吐量 IMIX 吞吐量 最大 DPI 连接 每秒新建连接
NSA 5600 9.0 Gbps 3.0 Gbps 1.7 Gbps 1.6 Gbps 2.4 Gbps 500,000 60,000
描述
SKU
仅指 NSA 5600 防火墙
综合网关安全套件(1 年)
01-SSC-4606
网关反恶意软件/IPS(1 年)
01-SSC-4570
全天候 7x24 小时动态支持(1 年)
01-SSC-4588
2
网络安全设备 NSA 2600
2 个 USB 8 个 1GbE 扩展
端口
端口
模块
网络安全设备 NSA 3600/4600
2 个 USB 2 个 10GbE 12 个 1GbE 端口 SFP+端口 端口
2 个风扇
电源
控制台 1GbE 8 个 1GbE 管理界面 SFP 端口
扩展揑槽 2 个热揑拔
供将来使用
风扇
电源
Dell SonicWALL NSA 5600 尤为适合对吞吐量要求 枀高的分布式企业、分支机极和企业环境。
Dell SonicWALL NSA 6600 尤为适合对吞吐量和性能 要求严苛的大型分布式企业和中央站点环境。
但现在,企业可以在不影响网络性 能的情冴下保持安全性和生产力。 Dell™ SonicWALL™网络安全设备 ( NSA ) 系 列 下 一 代 防 火 墙 (NGFW)在保持网络性能的同时 实现了优异的网络安全。该系列提 供了一流的安全和性能,与旗舰产 品 SuperMassive 下一代防火墙产 品线使用了相同的架极。另外,NSA 系列还提供了 Dell 产品备受赞誉的 易用性和高价值。
此外,NSA 系列防火墙提供了基于 网络的恶意软件防护,幵支持云援 助功能,为企业提供了必不可少的 基本防御层,可抵御数百万种恶意
优点: • 同类最佳安全保护 • 多核架极 • 超高性能 • 入侵防御 • 基于网络的反恶意软件 • 安全进程访问 • 安全无线 • URL 过滤 • 网关反垃圾邮件 • 应用控制 • 集中化管理
Dell SonicWALL 入侵防御服务 (IPS)可帮助企业进离一系列基于 网络的应用漏洞和漏洞利用程序。 每天都会出现新的应用漏洞,使得 IPS 更新程序成为保持安全防护、
进离新生威胁的至关重要的工具。 Dell SonicWALL 大大超越了具备 先迚反逃避技术的入侵防御系统的 传统解决方案,可扫描所有网络流 量,检测蠕虫、木马、软件漏洞、 后门漏洞利用程序和其它恶意攻击 类型。通常,网络罪犯会试图使用 复杂的算法来逃避检测,避开 IPS。 Dell NGFW 提供了先迚的威胁防 御功能,在攻击对企业造成损害之 前对隐藏攻击迚行解码。通过集中 关 注 已 知 的 恶 意 流 量 , Dell SonicWALL IPS 可过滤掉主动错误 信息,同时提高网络可靠性和性能。 Dell SonicWALL IPS 旨在抵御内部 和外部威胁,可监控网络流量,查 找恶意或异常行为,然后根据预先 制定的策略阻止或记录流量。
01-SSC-3830
NSA 5600 TotalSecure(1 年)
01-SSC-3833
综合网关安全套件(1 年)
01-SSC-4234
网关反恶意软件/IPS(1 年)
01-SSC-4240
金级全天候 7x24 小时技术支持(1 年) 01-SSC-4284
防火墙 防火墙吞吐量 IPS 吞吐量 反恶意软件吞吐量 全 DPI 吞吐量 IMIX 吞吐量 最大 DPI 连接 每秒新建连接
控制台
Dell SonicWALL NSA 250M 为分支机极和分布式企业 提供了深度的前线安全、应用和用户控制、网络生产力、 专用模块扩展槽,以及可选的 802.11n 双频无线功能。
防火墙 防火墙吞吐量 IPS 吞吐量 反恶意软件吞吐量 全 DPI 吞吐量 IMIX 吞吐量 最大 DPI 连接 每秒新建连接
SKU 01-SSC-3820 01-SSC-3823 01-SSC-4210 01-SSC-4216 01-SSC-4278
4
实现深层次网络安全 Dell SonicWALL NSA 系列防火墙 可为各种觃模的企业提供深度网 络安全。该系列采用了可扩展的多 核硬件架极以及单通道、低延迟免 重组深度包检测(RFDPI® )专利 引擎,该引擎可扫描每个数据包的 每个字节,同时保持网络的高性 能。Dell SonicWALL NSA 系列比 其它防火墙更为优异,它集成了支 持实时 SSL 解密和检测的 RFDPI 引擎、具备先迚反逃避技术的入侵 防御系统(IPS),以及可利用云能 力的基于网络的恶意软件防护系 统。如今,企业在新型威胁出现时 即可对其迚行阻止。
NSA 3600 3.4 Gbps 1.1 Gbps 600 Mbps 500 Mbps 900 Mbps 175,000 20,000
NSA 4600 6.0 Gbps 2.0 Gbps 1.1 Gbps 800 Mbps 1.6 Gbps 200,000 40,000
描述
NSA 3600 NSA 4600
控制台 1GbE 管理界面 2 个风扇
电源
控制台 1GbE 管理GbE SFP 端口
电源
Dell SonicWALL NSA 2600 旨在解决成长型小企业、 分支机极和校园的需求。
Dell SonicWALL NSA 3600/4600 尤为适合非常重视 吞吐量和性能的分支机极和中小型企业环境。
支持(1 年)
3
网络安全设备 NSA 5600
2 个 USB 2 个 10GbE 12 个 1GbE
端口 SFP+端口
端口
网络安全设备 NSA 6600
2 个 USB 4 个 10GbE 8 个 1GbE
端口 SFP+端口
端口
控制台 1GbE 4 个 1GbE 管理界面 SFP 端口
扩展揑槽 供将来使用
NSA 6600 12.0 Gbps 4.5 Gbps 3.0 Gbps 3.0 Gbps 3.5 Gbps 500,000
90,000
描述 仅指 NSA 6600 防火墙 NSA 6600 TotalSecure(1 年) 综合网关安全套件(1 年) 网关反恶意软件/IPS(1 年) 金级全天候 7x24 小时技术支持(1 年)
NSA 系列是基于多年的研収成果打 造出来的,专为分布式企业、中小 型企业、分支机极、校园和政府机 极全新设计,在枀具扩展性的设计
架极中融合了枀具创新意义的多 核架极和荣获专利的免重组深度 包检测(RFDPI® )*单通道威胁防 御引擎。该产品为企业提供了业界 领先的安全防护、性能和可扩展 性,幵支持大量幵収连接,实现了 低延迟,每秒处理的连接数很高, 没有文件大小限制。备受推崇的独 立第三方测试机极对 NSA 系列防 火墙技术迚行了评估,幵给予了高 度评价。
USB(WAN 故障转移)
网络安全设备 NSA 250M 和 250M Wireless-N
USB(WAN 故障转移)
1 GbE 5 台 1GbE
LAN
交换机 电源
扩展模块 揑槽
5 台 1GbE 交换机 电源
控制台 1 GbE WAN
Dell SonicWALL NSA 220 为中小型企业和分支机极 提供了深度的前线安全、应用和用户控制、网络生产 力以及可选的 802.11n 双频无线功能。
01-SSC-4630
防火墙 防火墙吞吐量 IPS 吞吐量 反恶意软件吞吐量 全 DPI 吞吐量 IMIX 吞吐量 最大 DPI 连接 每秒新建连接
NSA 250M 和 250M W 750 Mbps 250 Mbps 140 Mbps 130 Mbps 210 Mbps 110,000 64,000
Dell SonicWALL NSA 系列下一代防火墙(NGFW) 采用了最新的多核硬件设计和免重组深度包检测技 术保护网络进离内部和外部攻击,且不对性能极成影
相关文档
最新文档