Dell Sonicwall NSA系列产品资料

SSL VPN设置SonicWALL NSA产品具有SSL VPN拨号功能，可以用SSLVPN客户端（Nextender）和防火墙建立SSL VPN连接，通过SSL VPN隧道访问到公司或组织内部网络。

SSL VPN只在NSA设备的5.2.0以后的系统中可以使用，如果你的系统版本低，需要下载新的系统版本，安装后才可以使用。

SSL VPN在防火墙中也是使用license进行控制的，所以在使用SSL VPN配置之前，请检查一下系统是否带有SSL VPN的license。

WAN 接口的General界面，Management, User Login, 都在HTTPS方框打勾。

选择SSL VPN->Client Setting.在Interface下拉框中，使用X0（LAN口）作为SSL VPN服务口，同时在WAN安全区域允许SSL VPN接入，点WAN是红色的按钮变成绿色。

需要注意到是，Nextender的地址范围要和内网接口（本例是X0 LAN）的地址范围一致。

这个地址范围不要和其它机器冲突。

（你可以启用防火墙的另外一个没有使用的端口做SSL VPN 服务接口，那么你在Interface界面选择那个接口，IP 地址池范围就是那个接口网段的地址）NetExtender Client Settings是配置客户端的细致的设置。

Create Client Connection Profile:可以使NetExtender Client客户端软件自动保存成功连接的配置，下次连接，直接选择这个连接的参数，不用手工再次输入了。

点击SSL VPN->Client Routes菜单下，把需要访问的服务器网段地址或服务器地址添加进去。

Client Route界面把允许SSL VPN用户访问的主机地址和网段加入即可。

防火墙自动创建SSL VPN到各个安全区域的规则，本例是SSL VPN用户访问LAN Primary Subnet,就是LAN口的整个网段，自动生成的防火墙规则在Firewall->Access Rules, SSL VPN->LAN界面可以看到。

SonicWall SonicWave series wireless access points (APs) combinehigh-performance IEEE 802.11ac Wave 2 wireless technology with flexible deployment options. These APs can be managed via the cloud using SonicWall WiFi Cloud Manager (WCM) or through SonicWall’s industry-leading next-generation firewalls. The resultis a solution that could be untethered from the firewall to provide a superior experience for WiFi users that’s as secure as any wired connection.The SonicWave solution is based on: • SonicWall SonicWave series indoor andoutdoor APs which support the 802.11acWave 2 wireless standard• SonicWall WCM is an intuitive, cloud-managed WiFi network managementsystem suitable for networks of any size • SonicWall TZ, NS a, NS sp, NSA andSuperMassive firewalls, which use deeppacket inspection technology to detectand eliminate threats over wired andwireless networksEnhanced user experience SonicWave APs take advantage of the capabilities in 802.11ac Wave 2 and advanced RF capabilities to deliverhigh-speed wireless performance.MU-MIMO technology allows the APs to communicate to multiple client devicesat the same time, improving the overall network performance, efficiency and user experience. In combination, mesh technology supported on SonicWave APs enables ease of installation and fewer cables and less manpower todeploy, reducing installation costs.With multiple transmitting and receivingantennas, SonicWave APs are engineeredto optimize signal quality, range andreliability for wireless devices. SonicWaveAPs supports fast roaming, so that userscan roam from one location to anotherseamlessly. Feature-rich portfolioincludes air-time fairness, band steering,and signal analysis tools for monitoringand troubleshooting.Best-in-class wireless securitySonicWall firewalls scan all wirelesstraffic coming into and going outof the network using deep packetinspection technology and then removeharmful threats such as malware andintrusions, even over SSL/TLS encryptedconnections. Other security and controlcapabilities such as content filtering,application control and intelligence andCapture Advanced Threat Protection(ATP) provide added layers of protection.Capture ATP is our award-winning multi-engine sandboxing service that featuresSonicWall’s patent-pending Real-TimeDeep Memory Inspection (RTDMI)technology. The RTDMI engine of CaptureATP proactively detects and blocks massmarket, zero-day threats and unknownmalware by inspecting directly in memory.Because of the real-time architecture,SonicWall RTDMI technology is precise,minimizes false positives, and identifiesBenefits:• Enhanced user experience−802.11ac Wave 2−Auto channel selection−RF spectrum analysis−AirTime Fairness−Fast roaming• Best-in-class wireless security−Dedicated third scanning radio−Capture ATP and content filteringservice−Deep packet inspection technology−SSL/TLS decryption andinspection−Wireless intrusion detection andprevention• Intuitive cloud management−Alerts and rich analytics−Automatic firmware updates• Simplified firewall management−Auto-detection and provisioning−Wireless signal analysis tools−Single-pane-of-glass management• Zero-Touch Deployment powered bySonicWiFi app−Easy registration and onboarding−Auto-detection and auto-provisioning−App available on iOS and Android• Design with WiFi Planner−Advanced wireless site survey−Cloud-based tool• Ruggedized outdoor designSonicWave and SonicPoint Series Wireless Access PointsSecure, flexible, high-performance wireless solutionsSonicWave APs perform advancedsecurity services, including the Content Filtering Service (CFS) and Capture ATPsandbox service independently — even where firewalls are not deployed.Most SonicWave APs includes threeradios, where the third radio is dedicated to security and performs rogue APdetection, passive scanning and packet capturing. The SonicWave solution also integrates additional security-related features including wireless intrusion detection and prevention, virtual APsegmentation, wireless guest services, RF monitoring and wireless packet capture.Intuitive cloud managementSonicWall WCM provides an intuitive user interface to manage all SonicWave APs from a single pane of glass via SonicWall Capture Security Center (CSC). Easily monitor and manage networks with alerts and rich analytics updated in real-time. Always stay up-to-date with the current features and enhancements from the latest firmware. Updates are pushed automatically to APs, eliminating manual updates and chances of human error.Simplified firewall managementDeployment and setup of APs aregreatly simplified, reducing total cost of ownership. Optionally, SonicWave APs can be managed by SonicWall next-gen firewalls. Integrated into every SonicWallfirewall is a wireless controller that auto-detects and auto-provisions SonicWave APs across the network.Management and monitoring for wireless and security are handled centrallythrough the firewall or through SonicWall Global Management System, providing network administrators with a single pane of glass from which to manage all aspects of the network.Zero-Touch Deployment (ZTD) powered by SonicWiFi appEasily register and onboard SonicWave APs with the help of SonicWall SonicWiFi mobile app. The APs are automatically detected and provisioned with Zero-Touch Deployment. Available on iOS and Android, SonicWiFi mobile app lets network admins monitor and manage networks, or set up mesh.Design with WiFi PlannerSonicWall WiFi planner is a cloud-based, advanced wireless site survey tool that enables to optimally design and deploy a wireless network for enhanced wireless user experience.Ruggedized outdoor designSonicWave outdoor APs are built towithstand rough outdoor conditions with industrial-grade enclosure. These APs are IP67 rated, which ensures protection against dust and water immersion.LED indicatorsMounting tab lock pointMounting tab insert pointinsert point LAN/POE port12V AdaptorportReset button5GHz RadioSonicWave 224w – The Wall Mount APPortsLED indicatorsMounting tabinsert pointPass through punchLAN 4/PoE out12V adapterinsert pointMounting peg slotMounting peg slotMounting bracketlock pointGround5Ghz antenna connectorport2.4Ghz antenna connectorExternal high-gain antennasLED indicatorsPortsSonicWave 432i - The Indoor APInternal antennasLED indicatorsPortsWLANSonicWave 432o - The Outdoor APExternal 2.4 GHz and 5 GHzExternal 2.4 GHz and 5 GHzhigh-gain antennasOutLED indicators*When used with a SonicWall firewall**When used with SonicWall Secure Mobile Access Series applianceSonicPoint Series SpecificationsFor organizations with a substantial investment in 802.11ac clients, the SonicWall SonicPoint series features dual radios, high-speed 802.11ac performance, 3x3 SU-MIMO and all the security advantages that SonicWall Wireless Network Security solutions offer.SonicPoint Series PoE Injector SpecificationsOperating humidity Maximum 90%, Non-condensing Maximum 90%, non-condensing Storage temperature–4º to 158ºF (–20º to 70ºC)-4 to 158 °F, -20 to 70 °C Storage humidity Maximum 95%, Non-condensing Maximum 95%, non-condensingSonicWave Feature SummaryFeature DescriptionReassembly-Free Deep Packet Inspection technology SonicWall next-generation firewalls tightly integrate Reassembly-Free Deep Packet Inspection (RFDPI) technology to scan all inbound and outbound traffic on wired and wireless networks and eliminate intrusions, ransomware, spyware, viruses and other threats before they enter the network.Real-Time Deep Memory Inspection (RTDMI) This patent-pending cloud-based technology detects and blocks malware that does not exhibit any malicious behavior and hides its weaponry via encryption. By forcing malware to reveal its weaponry into memory, the RTDMI engine proactively detects and blocks mass-market, zero-day threats and unknown malware.SSL/TLS decryption and inspection The SonicWall firewall decrypts and inspects SSL/TLS traffic on the fly, without proxying, for malware, intrusions and data leakage, and applies application, URL and content control policies in order to protect against threats hidden in SSL/TLS-encrypted traffic.Dedicated third scanning radio Most SonicWave access points include a dedicated that performs continual scanning of the wirelessspectrum for rogue access points plus additional security functions that help with PCI compliance.Wireless intrusion detection and prevention Wireless intrusion detection and prevention scans the wireless network for unauthorized (rogue) access points and then the managing firewall automatically takes countermeasures, such as preventing any connections to the device.Wireless guest services Wireless guest services enables administrators to provide internet-only access for guest users. This access is separate from internal access and requires guest users to securely authenticate to a virtual access point before access is granted.Lightweight hotspot messaging Lightweight hotspot messaging extends the SonicWall wireless guest services model of differentiated internet access for guest users, enabling extensive customization of the authentication interface and the use of any kind of authentication scheme.Captive portal Captive portal forces a user’s device to view a page and provide authentication through a web browserbefore internet access is granted.Virtual access point segmentation Administrators can create up to eight SSIDs on the same access point, each with its own dedicated authentication and privacy settings. This provides logical segmentation of secure wireless network traffic and secure customer access.Low TCO Features such as simplified deployment, single pane of glass management for both wireless and security, and no need to purchase a separate wireless controller drastically reduce an organization’s cost to add wireless into a new or existing network infrastructure.MiFi extender MiFi Extender enables the attachment of a 3G/4G/LTE modem to the SonicWave access point for useas either the primary WAN or as a secondary failover WAN link for business continuity.Bluetooth Low Energy SonicWave access points include a Bluetooth Low Energy radio that enables the use of ISM (industrial, scientific and medical) applications for healthcare, fitness, retail beacons, security and home entertainment over a low energy link.USB port Access points with USB port supports 3G/4G failover. Plug in a dongle to the port and networkcontinues to function over cellular connection, in case of WiFi network outage.Green access points SonicWave access points reduce costs by supporting green access points, which enables both radios to enter sleep mode for power saving when no clients are actively connected. The access point will exit sleep mode once a client attempts to associate with it.For a complete list of SKUs please contact your local SonicWall resellerFor a complete list of SKUs please contact your local SonicWall resellerSonicWall Wireless PromoThe SonicWall wireless promo provides next-gen security solutions to protect against advanced threats across wired and wireless networks, making the transformation seamless for businesses and enterprises. Leverage powerful end-to-end security, visibility and control. Ultimately, benefit from superior performance and provide exceptional user experience.Wireless promo ordering informationDescriptionUS SKUINTL SKUSonicWall TZ500 TotalSecure Advanced, Secure Wireless (2 SonicPoint ACe Access Points with PoE) - 3 Year 02-SSC-101002-SSC-1059SonicWall TZ600 TotalSecure Advanced, Secure Wireless (2 SonicPoint ACe Access Points with PoE) - 3 Year 02-SSC-104602-SSC-1060SonicWall NSA 2600 TotalSecure Advanced, Secure Wireless (2 SonicPoint ACe Access Points with PoE) - 3 Year 02-SSC-104702-SSC-1061SonicWall NSA 3600 TotalSecure Advanced, Secure Wireless (2 SonicPoint ACe Access Points with PoE) - 3 Year 02-SSC-104802-SSC-1062SonicWall TZ300 TotalSecure Advanced, Secure Wireless (2 SonicPoint N2 Access Points with PoE) - 3 Year 02-SSC-107402-SSC-1077SonicWall TZ400 TotalSecure Advanced, Secure Wireless (2 SonicPoint N2 Access Points with PoE) - 3 Year 02-SSC-107502-SSC-1078SonicWall TZ500 TotalSecure Advanced, Secure Wireless (2 SonicPoint N2 Access Points with PoE) - 3 Year 02-SSC-107602-SSC-1079SonicWall NSA 2600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432e Access Ponts, No PoE) - 3 Year 02-SSC-105002-SSC-1063SonicWall NSA 3600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432e Access Ponts, No PoE) - 3 Year 02-SSC-105102-SSC-1064SonicWall NSA 4600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432e Access Ponts, No PoE) - 3 Year 02-SSC-105202-SSC-1065SonicWall NSA 2600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432i Access Ponts, No PoE) - 3 Year 02-SSC-105302-SSC-1066SonicWall NSA 3600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432i Access Ponts, No PoE) - 3 Year 02-SSC-105402-SSC-1067SonicWall NSA 4600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432i Access Ponts, No PoE) - 3 Year 02-SSC-105502-SSC-1068SonicWall NSA 2600TotalSecure Advanced, Secure Wireless (2 SonicWave 432o Access Ponts, No PoE) - 3 Year 02-SSC-105602-SSC-1069SonicWall NSA 3600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432o Access Ponts, No PoE) - 3 Year 02-SSC-105702-SSC-1070SonicWall NSA 4600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432o Access Ponts, No PoE) - 3 Year 02-SSC-105802-SSC-1071SonicWall TZ300 PoE TotalSecure Advanced, Secure Wireless (2 SonicPoint N2 Access Points) - 3 Year 02-SSC-136102-SSC-1369SonicWall TZ300 PoE TotalSecure Advanced, Secure Wireless (2 SonicPoint ACe Access Points) - 3 Year 02-SSC-136202-SSC-1370SonicWall TZ600 PoE TotalSecure Advanced, Secure Wireless (2 SonicPoint ACe Access Points) - 3 Year 02-SSC-136302-SSC-1371SonicWall TZ300 PoE TotalSecure Advanced, Secure Wireless (1 SonicWave 432i Access Point) - 3 Year 02-SSC-136402-SSC-1372SonicWall TZ600 PoE TotalSecure Advanced, Secure Wireless (2 SonicWave 432i Access Points) - 3 Year 02-SSC-136502-SSC-1373SonicWall TZ300 PoE TotalSecure Advanced, Secure Wireless (1 SonicWave 432e Access Point) - 3 Year 02-SSC-136602-SSC-1374SonicWall TZ600 PoE TotalSecure Advanced, Secure Wireless (2 SonicWave 432e Access Points) - 3 Year 02-SSC-136702-SSC-1375SonicWall TZ600 PoE TotalSecure Advanced, Secure Wireless (2 SonicWave 432o Access Points) - 3 Year02-SSC-136802-SSC-1376About SonicWallSonicWall has been fighting the cybercriminal industry for over 27 years defending small and medium businesses, enterprises and government agencies worldwide. Backed by research from SonicWall Capture Labs, our award- winning, real-time breach detection and prevention solutions secure more than a million networks, and their emails, applications and data, in over 215 countries and territories. These organizations run more effectively and fear less about security. For more information, visit or follow us on Twitter , LinkedIn , Facebook and Instagram.。

SonicWall UTM一体化网络安全解决方案前言随着计算机技术的发展，互联网已经成为最大的公共数据网络，在全球范围内实现并促进了个人通信和商业通信。

互联网和企业网络上传输的数据流量每天都以指数级的速度迅速增长。

越来越多的通信都通过电子邮件进行；移动员工、远程办公人员和分支机构都利用互联网来从远程连接他们的企业网络。

但是这个庞大的网络及其相关的技术为不断增长的安全威胁提供了可乘之机，因而企业必须学会保护自己免受这些威胁的危害。

在捍卫网络安全的过程中，防火墙受到人们越来越多的青睐。

作为一种提供信息安全服务、实现网络和信息安全的基础设施，防火墙采用将内部网和公众网如Internet分开的方法，可以作为不同网络或网络安全域之间信息的出入口，根据企业的安全策略控制出入网络的信息流。

再加上防火墙本身具有较强的抗攻击能力，能有效地监控内部网和Internet之间的任何活动，从而为内部网络的安全提供了有力的保证。

1.1 XX公司网络现状分析：随着技术的发展，各种入侵和攻击从针对TCP/IP协议本身弱点的攻击转向针对特定系统和应用漏洞的攻击，如针对Windows系统和Oracle/SQL Server等数据库的攻击，这些攻击和入侵手段封装在TCP/IP协议的净荷部分。

传统的UTM设备如第一代的包过滤UTM，第二代的应用代理UTM到第三代的全状态检测UTM对此类攻击无能为力，因为它们只查TCP/IP协议包头部分而不检查数据包的内容。

此外基于网络传播的病毒及间谍软件也给互联网用户造成巨大的损失。

同时层出不穷的即时消息和对等应用如MSN，QQ，BT等也带来很多安全威胁并降低员工的工作效率。

如今的安全威胁已经发展成一个混合型的安全威胁，传统的防火墙设备已经不能满足客户的安全需求。

1.2 XX公司网络简述：XX公司现有的网络属于紧缩核心层结构，通过核心交换机进行快速转发，与接入层交换机实现全网畅通，通过一台路由器与外网互连。

The Dell SonicWALL Secure Remote Access (SRA) Series provides mobile and remote workers using smartphones, tablets or laptops — whether managed or unmanaged BYOD — with fast, easy, policy-enforced access to mission-critical applications, data and resources, without compromising security.For mobile devices, the solution includes the intuitive Dell SonicWALL Mobile Connect app that provides iOS, Android, Kindle Fire, Windows, and Mac OS X devices secure access to allowed network resources, including shared folders, client-server applications, intranet sites and email.Users and IT administrators can download the Mobile Connect appvia the Apple App Store, Google Play and the Kindle store and Windows 8.1 smartphones, tablets and laptops ship pre-installed with the MobileConnect app. The solution also supports clientless, secure browser access, including support for industry standard HTML 5 browsers and thin-client VPN access for PCs and laptops, including Windows, Mac OS X and Linux computers.To protect from rogue access and malware, the SRA Series appliance connects only authorized users and trusted devices to permitted resources. When integrated with a Dell SonicWALL next-generation firewall as a Clean VPN, the combined solution delivers centralized access control, malware protection, application control and content filtering. The multi-layered protection of Clean VPN decryptsand decontaminates all authorized SSL VPN traffic before it enters the network environment.Why you need SRAThe proliferation of mobile devicesin the workplace has increasedthe demand for secure access to mission-critical applications, data and resources. Granting that access offers important productivity benefits to the organization, but introduces significant risks as well.For example, an unauthorized person might access company resources usinga lost or stolen device; an employee’s mobile device might act as a conduitto infect the network with malware; or corporate data might be intercepted over third-party wireless networks. Also, loss of business data stored on devices can occur if rogue personal apps or unauthorized users gain access to that data.Securing these devices is becoming increasingly difficult, as organizations may no longer influence device selection or control device management. Organizations must implement solutions that safeguard access to ensure only authorized users and devices that meet security policy are granted network access, and that company data in-flight and at rest on the device are secure. Unfortunately, this often involves complex multi-box solutions from multiple vendors and adds significantly to the total cost of ownership behind providing mobile access. Organizations are lookingfor easy-to-use, cost-effective and secure mobile access solutions that address the needs of their increasingly mobile workforces.Secure RemoteAccess SeriesEnable mobile and remote worker productivity whileprotecting from threatsBenefits:• Single access gateway to all networkresources, via mobile app, clientlessor web-delivered clients, works tolower IT overhead and TCO• Common user experience across alloperating systems facilitates ease ofuse from any endpoint• Mobile Connect app for iOS,Android, Windows 8.1 and Mac OS Xoffers mobile device ease of use• Context aware authenticationensures only authorized usersand trusted mobile devices aregranted access• One-click secure intranet file browseand on-device data protection• Adaptive addressing and routingdeploys appropriate access methodsand security levels• Setup wizard makes deployment easy• Efficient object-based policymanagement of all users, groups,resources and devices• Web Application Firewall enablesPCI complianceFeaturesSingle access gateway for mobile app, clientless or web-delivered clients — SRA lowers IT costs by enabling network managers to easily deploy and manage a single secure access gateway that extends remote access via SSL VPN for both internal and external users to all network resources — including web-based, client/server, host-based (suchas virtual desktop) and back-connect applications (such as VoIP). SRAs are either clientless with browser access to the customizable SRA Workplace portal or use mobile apps or lightweight web-delivered clients, reducing management overhead and support calls.Common user experience across all operating systems — SRA technology provides transparent access tonetwork resources from any network environment or device. An SRA provides a single gateway for smartphone, tablet, laptop and desktop access anda common user experience across all operating systems — including Windows, Mac OS X, iOS, Android, Kindle and Linux — from managed or unmanaged devices. Mobile Connect app — Mobile Connect app for iOS, Mac OS X, Android, Kindle and Windows 8.1 mobile devices provides users with easy, network-level access to corporate and academic resources over encrypted SSL VPN connections. Mobile Connect is easily downloadable from the Apple App Store, Google Play or Kindle store and embedded with Windows 8.1 devices.Context awareness — Access to the corporate network is granted only after the user has been authenticated and mobile device integrity has been verified.Protects data at rest on mobile devices — Authenticated users can securely browse and view allowed intranet file shares and files from within the Mobile Connect app. Administrators can establish and enforce mobile application management policy. Adaptive addressing and routing — Adaptive addressing and routing dynamically adapts to networks, eliminating conflicts common with other solutions.Setup wizard — All SRAs are easy toset up and deploy in just minutes. The set-up wizard provides an easy, intuitive “out-of-the-box” experience with rapid installation and deployment.Unified policy — SRA unified policy offers easy, object-based policy management of all users, groups, resources and devices whileenforcing granular control basedon both user authentication and endpoint interrogation.Dell SonicWALL SRA Series – anytime, anywhere accessSimple, secure mobile access to resourcesThe SRA Series can be used to provide Windows, Mac OS X, iOS, Linux, Android and Kindle users with access to a broad range of resources.Granular access to authorized users The SRA Series extends secure mobile and remote access beyond managed employees to unmanaged mobile and remote employees, partners and customers by employing policy-enforced fine-grained access controls.Employee on corporate laptop in hotelEmployee on home computer Employee onsmartphone/tablet Employee at kiosk Authorized partner Authorized customerContext-aware authenticationBest-in-class, context-aware authentication grants access only to trusted devices and authorized users. Mobile devices are interrogated for essential security information suchas jailbreak or root status, device ID, certificate status and OS versions prior to granting access. Laptops and PCsare also interrogated for the presenceor absence of security software, client certificates, and device ID. Devices that do not meet policy requirements are not allowed network access and the user is notified of non-compliance.Protection of data at rest onmobile devicesAuthenticated Mobile Connect userscan securely browse and view allowed intranet file shares and files from within the Mobile Connect app. Administrators can establish and enforce mobile application management policy for the Mobile Connect app to control whether files viewed can be opened in other apps (iOS 7 and newer), copied to the clipboard, printed or cached securely within the Mobile Connect app. For iOS 7 and newer, this allows administrators to isolate business data from personal data stored on the device and reduces the risk of data loss. In addition, if the user’s credentials are revoked, content stored in the Mobile Connect app is locked and can no longer be accessed or viewed.Clean VPNWhen deployed with a Dell SonicWALL next-generation firewall, Mobile Connect establishes a Clean VPN, an extra layer of protection that decrypts and scans all SSL VPN traffic for malware before it enters the network.Web Application Firewall andPCI complianceThe Dell SonicWALL Web Application Firewall Service offers businesses a complete, affordable, well integrated compliance solution for web-based applications that is easy to manage and deploy. It supports OWASP Top Tenand PCI DSS compliance, providing protection against injection and cross-site scripting attacks (XSS), credit card and Social Security number theft, cookie tampering and cross-site request forgery (CSRF). Dynamic signature updatesand custom rules protect againstknown and unknown vulnerabilities. Web Application Firewall can detect sophisticated web-based attacks and protect web applications (includingSSL VPN portals), deny access upon detecting web application malware,and redirect users to an explanatory error page. It provides an easy-to-deploy offering with advanced statistics and reporting options for meeting compliance mandates.Incoming traffic is seamlesslyforwarded by the Dell SonicWALL NSA or TZ Series firewall to the Dell SonicWALL SRA appliance, which decrypts and authenticates network traffic.Users are authenticated using theonboard database or through third-party authentication methods such as LDAP,Active Directory, Radius, Dell Defender and other two-factor authentication solutions.A personalized web portal provides access to only those resources that the user is authorized to view based on company policies.To create a Clean VPN environment, traffic is passed through to the NSA or TZ Series firewall (running gateway anti-virus, anti-spyware, intrusion prevention, and application intelligence and control), where it is fully inspected for viruses, worms, Trojans, spyware and other sophisticated threats.2134Simple to manageSRA Series solutions feature unified policy and an intuitive web-based management interface that offers context-sensitive help to enhanceusability. In addition, multiple products can be centrally managed using the Dell SonicWALL Global Management System (GMS 4.0+). Resource access via the products can be effortlessly monitored using the Dell SonicWALL Analyzer reporting tool.Specifications1The recommended number of users supported is based on factors such as access mechanisms, applications accessed and application traffic being sent. 2Available in conjunction with Secure Virtual Assist for SRA 4600 and SRA Virtual Appliances only.3Refer to the latest SRA release notes and admin guide for supported configurations.4Botnet filtering and Geolocation-based policies require an active support contract to be in place on the hardware or virtual appliance.© 2015 Dell, Inc. ALL RIGHTS RESERVED. Dell, Dell Software, the Dell Software logo and products—as identified in this document—are registered trademarks of Dell, Inc. in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their respective owners.Dell Software5 Polaris Way, Aliso Viejo, CA 92656 | If you are located outside North America, you can find local office information on our Web site.DataSheet-SonicWALL-SRASeries-US-VG-25825SRA 1600, 5 user ...................................01-SCC-6594SRA 1600 additional users (50 user maximum)Add 5 Concurrent users ..........................01-SSC-7138Add 10 Concurrent users ........................01-SSC-7139SRA 1600 supportDell SonicWALL Dynamic Support24x7 for up to 25 Users (1-year) ............01-SSC-7141Dell SonicWALL Dynamic Support8x5 for up to 25 Users (1-year) ..............01-SSC-7144Dell SonicWALL SRA for SMB SeriesSRA 4600, 25 user .................................01-SSC-6596SRA 4600 additional users (500 user maximum)Add 10 Concurrent Users ........................01-SSC-7118Add 25 Concurrent Users ........................01-SSC-7119Add 100 Concurrent Users......................01-SSC-7120SRA 4600 SupportDell SonicWALL Dynamic Support24x7 for up to 100 Users (1-year) ..........01-SSC-7123Dell SonicWALL Dynamic Support8x5 for up to 100 users (1-year).............01-SSC-7126Dell SonicWALL Dynamic Support24x7 for 101 to 500 users (1-year) .........01-SSC-7129Dell SonicWALL Dynamic Support8x5 for 101 to 500 users (1-year)...........01-SSC-7132Dell SonicWALL SRA Virtual Appliance,5 User .........................................................01-SSC-8469SRA virtual appliance additional users (50 user maximum)Add 5 concurrent users ..........................01-SSC-9182Add 10 concurrent users ........................01-SSC-9183Add 25 concurrent users ........................01-SSC-9184SRA Virtual Appliance supportDell SonicWALL Dynamic Support8x5 for up to 25 users (1-year) ..............01-SSC-9188Dell SonicWALL Dynamic Support24x7 for up to 25 users (1-year) .............01-SSC-9191Dell SonicWALL Dynamic Support8x5 for up to 50 users (1-year)..............01-SSC-9194Dell SonicWALL Dynamic Support24x7 for up to 50 users (1-year) .............01-SSC-9197For more information on Dell SonicWALL Secure Remote Access solutions, visit .For more information Dell SonicWALL5455 Great America Parkway Santa Clara, CA T +1 408.745.9600F +1 408.745.9300。

SONICWALL GLOBAL MANAGEMENT SYSTEM Comprehensive security management, monitoring, reporting and analyticsA winning security management strategy demands deep understanding of the security environment to promote better policy coordination and decisions. Not having an enterprise-wide view of the full security construct often leaves organizations at risk to preventable cyber-attacks and compliance violations. Using numerous tools running on different platforms and reporting data in different formats make security analytics and reporting operationally inefficient. This further impairs the organization’s ability to quickly recognize and respond to security risks. Organizations must establish a systematic approach to governing the network security environment to overcomethese challenges.SonicWall Global Management System (GMS) solves these challenges. GMS integrates management and monitoring, analytics, forensics andaudit reporting. This forms thefoundation of a security governance,compliance and risk managementstrategy. The feature-rich GMS platformgives distributed enterprises, serviceproviders and other organizations afluid, holistic approach to unifying alloperational aspects of their securityenvironment. With GMS, security teamscan easily manage SonicWall firewall,wireless access point, email security andsecure mobile access solutions, as wellas third-party network switch solutions.This is all done via a controlled andauditable work-stream process to keepnetworks sharp, safe and compliant.GMS includes centralized policymanagement and enforcement, real-time event monitoring, granular dataanalytics and reporting, audit trails,and more, under a unifiedmanagement platform.Benefits:• Establishes a unified securitygovernance, compliance and riskmanagement security program• Adopts a coherent and auditableapproach to security orchestration,forensics, analytics and reporting• Reduces risk and provide a fastresponse to security events• Provides an enterprise-wide view ofthe security ecosystem• Automates workflows and assuressecurity operation compliance• Reports on HIPAA, SOX, and PCI forinternal and external auditors• Deploys fast and easy with software,virtual appliance or cloud deploymentoptions — all at a low cost.GOVERNS CENTRALLY• Establish an easy path to comprehensive security management, analytic reporting and compliance to unify your network security defense program• Automate and correlate workflowsto form a fully coordinated security governance, compliance and risk management strategy COMPLIANCE• Helps make regulatory bodies andauditors happy with automatic PCI,HIPAA and SOX security reports• Customize any combination of securityauditable data to help you move towardsspecific compliance regulationsRISK MANAGEMENT• Helps make regulatory bodies andauditors happy with automatic PCI,HIPAA and SOX security reports• Customize any combination of securityauditable data to help you move towardsspecific compliance regulationsGMS provides a holistic approach to security governance, compliance and risk managementGMS satisfies the enterprise’s change management requirements through a workflow automation processes and procedures. The workflow feature assures the correctness and the compliance of policy changes by enforcing a rigorous process for configuring, comparing, validating,reviewing and approving policies prior to deployment. The approval groups are flexible, enabling adherence to company security policy while mitigating risk, reducing errors, improving efficiency, and ensuring high security effectiveness.With GMS’s workflow automation and auditing of policy changes, enterprises gain agility and confidence in deploying the right firewall policies, at the right time, and in conformance to compliance regulations.GMS Workflow Automation: Five steps to error-free policy management1. CONFIGURE AND COMPARE GMS configures policy change orders and color-codes diffs for clear comparisons2. VALIDATE GMS performs an integrityvalidation of the policy’s logic3. REVIEW & APPROVE GMS emailsreviewers and logs a (dis)approval audit trail of the policy4. DEPLOY GMS deploys the policy changes immediately or on a schedule5. AUDIT The change logs enable accurate policy auditing and precise compliancedataScalable distributed architectureAt the core of GMS is a distributed architecture that facilitates limitless system scalability. A single instance of GMS can add visibility and control over thousands of your network security devices under its management, regardless of location. At the user-experience level, the GMS universal dashboard utilizes cutting-edge user interface design and usability concepts that work together to provide consistent operator workflows across the security ecosystem.GMS is an on-premises solution, deployable as a software or a virtual appliance. Alternatively, SonicWall Cloud Global Management System (Cloud GMS) is cloud-delivered security management and reporting platform that accelerates and simplify security management operations while increasingservice agility – all at a low subscription cost.Port Expansion ScalabilityWall GMS Secure Compliance EnforcementVPNEnterprise ClientsMSSP’s managed firewalls MSSP’s co-managed firewallsCloud-based SonicWall Global Management System EnvironmentsContext-sensitive dashboards display a variety of informational widgets, such as geographical maps, syslog reports, bandwidth summaries, top websites accessed, or the data that is most relevant to specific users.Intuitive graphical reports simplify managed appliance monitoring. Easily identify traffic anomalies based on usage data for a specific timeline, initiator, responder or service. Export reports to a Microsoft Excel spreadsheet, portable document format (PDF) file or directly to a printer.Minimum system requirementsBelow are the minimum requirements for SonicWall GMS with respect to the operating systems, databases, drivers, hardware and SonicWall-supported appliances:Operating systemWindows Server 2016Windows Server 2012 Standard 64-bitWindows Server 2012 R2 Standard 64-bit (English and Japaneselanguage versions)Windows Server 2012 R2 DatacenterHardware requirementsUse the GMS Capacity Calculator to determine the hardware requirements for your deployment.Virtual appliance requirementsHypervisor: ESXi 6.5, 6.0 or 5.5Use the GMS Capacity Calculator to determine the hardware requirements for your deployment.VMware Hardware Compatibility Guide:/resources/compatibility/search.php Supported databasesExternal databases: Microsoft SQL Server 2012 and 2014Bundled with the GMS application: MySQLInternet browsersMicrosoft® Internet Explorer 11.0 or higher (do not use compatibility mode) Mozilla Firefox 37.0 or higherGoogle Chrome 42.0 or higherSafari (latest version)GMS gatewaySonicWall SuperMassive™ E10000 Series, SonicWall SuperMassive™ 9000 Series, E-Class Network Security Appliance (NSA), and NSA Series Supported SonicWall appliances managed by GMSSonicWall Network Security Appliances: SuperMassive E10000 and 9000 Series, E-Class NSA, NSA, and TZ Series appliances®SonicWall Secure Mobile Access (SMA) appliances: SMA Series andE-Class SRASonicWall Email Security appliancesAll TCP/IP and SNMP-enabled devices and applications for active monitoringAbout UsSonicWall has been fighting the cyber-criminal industry for over 25 years, defending small, medium size businesses and enterprises worldwide. Our combination of products and partners has enabled a real-time cyber defense solution tuned to the specific needs of the more than 500,000 global businesses in over 150 countries, so you can do more business with less fear.。

SonicW ALL NSA 2400 防火墙产品SonicWALL NSA 2400可为中型企业（约200用户或75分支的企业）的互联网应用提供完善的保护。

通过新一代的SonicOS操作系统，SonicWALL NSA 2400将为用户提供商务级别高性能的防火墙和VPN，通过新一代的高性能多核CPU处理器和硬件加密加速处理器，SonicWALL NSA 2400将为用户提供高性价比的防火墙和VPN功能。

SonicWALL NSA 2400用户能全面利用SonicWALL的安全增值服务保护网络，包括网络防病毒、内容过滤、高可用性、全球管理系统和整体客户端安全软件（Global Security Client）等。

和其它安全厂家不同，SonicWALL 不需要另外购买附加设备或软件包。

把所有的服务已内置（Build in）在SonicWALL 的安全设备，您什么时候需要这些功能，只需要购买授权（License）就可以使用。

SonicOS包括对象管理、ISP的线路备份和负载均衡、硬件备份和策略NAT的新功能。

很多公司利用以上功能较低管理负担和保障公司的网络不间断。

直到最近，这些功能只有出现在大型网络使用的昂贵的网络安全设备才有。

今天SonicWALL NSA 2400产品再加上SonicOS软件就有对象管理、ISP的线路备份和负载均衡、硬件备份和策略NAT的新功能。

SonicWALL NSA 2400容易安装和管理，提供的安装向导使安装更简单。

通过SonicWALL NSA 2400防火墙保障公司内部网络的安全，各分支机构通过Site to Site VPN、移动用户通过VPN 客户端、SSLVPN用户和总部连接，保障各分点数据通讯的安全。

管理员可通过标准浏览器如:IE、Netscape等来管理，或通过SonicWALL 全球管理系统来管理，保障商务永不停顿。

SonicWALL NSA 2400产品特性SonicOS功能易于使用和管理新型GUI图形界面和高级管理向导：SonicWALL NSA 2400产品可以通过直观的Wed界面对产品进行管理和配置，使得对产品的配置变得极为轻松。

Organizations of all sizes depend on their networks to access internal and external mission-critical applications. As advances in networking continueto provide tremendous benefits, organizations are increasingly challenged by sophisticated and financially-motivated attacks designed to disrupt communication, degrade performance and compromise data. Malicious attacks penetrate outdated stateful packet inspection firewalls with advanced application layer exploits. Point products add layers of security, but are costly, difficult to manage, limited in controlling network misuse and ineffective against the latest multipronged attacks.By utilizing a unique multi-core design and patented Reassembly-Free Deep Packet Inspection® (RFDPI) technology*, the Dell™ SonicWALL™ Network Security Appliance (NSA) Series of Next-Generation Firewalls offers complete protection without compromising network performance. The low latency NSA Series overcomes the limitations of existing security solutions by scanning the entirety of each packet for current internal and external threats in real-time. The NSA Series offers intrusion prevention, malware protection, and application intelligence, control and visualization, while delivering breakthrough performance. With advanced routing, stateful high-availability and high-speed IPSec and SSL VPN technology, the NSA Series adds security, reliability, functionality and productivity to branch offices, central sites and distributed mid-enterprise networks, while minimizing cost and complexity.Comprised of the Dell SonicWALL NSA 220, NSA 220 Wireless-N, NSA 250M, NSA 250M Wireless-N, NSA 2400, NSA 3500 and NSA 4500, the NSA Series offers a scalable range of solutions designed to meet the network security needs of any organization.Network SecurityAppliance SeriesNext-Generation Firewall• Next-Generation Firewall• Scalable multi-core hardware andReassembly-Free Deep PacketInspection• Application intelligence, controland visualization• Stateful high availability and loadbalancing• High performance and loweredtco• Network productivity• Advanced routing services andnetworking• Standards-based Voice over IP(VoIP)• Dell Sonicwall clean Wireless• onboard Quality of Service (QoS)• Integrated modules support• Border Gateway Protocol (BGP)support• More concurrent SSL VPN sessionsFeatures and benefitsNext-Generation Firewall features integrate intrusion prevention, gateway anti-virus, anti-spyware and URL filtering with application intelligence and control, and SSL decryption to block threats from entering the network and provide granular application control without compromising performance.Scalable multi-core hardware and Reassembly-Free Deep Packet Inspection scans and eliminates threats of unlimited file sizes, with near-zero latency across thousands of connections at wire speed.Application intelligence, control and visualization provides granular control and real-time visualization of applications to guarantee bandwidth prioritization and ensure maximum network security and productivity. Stateful high availability and load balancing features maximize total network bandwidth and maintain seamless network uptime, delivering uninterrupted access to mission-critical resources, and ensuring that VPN tunnels and other network traffic will not be interrupted in the event of a failover. High performance and lowered tcoare achieved by using the processingpower of multiple cores in unison todramatically increase throughput andprovide simultaneous inspectioncapabilities, while lowering powerconsumption.Network productivity increases becauseIT can identify and throttle or blockunauthorized, unproductive andnon-work related applications and websites, such as Facebook® or YouTube®,and can optimize WAN traffic whenintegrated with Dell SonicWALL WANAcceleration Appliance (WXA) solutions.Advanced routing services andnetworking features incorporate 802.1qVLANs, multi-WAN failover, zone andobject-based management, loadbalancing, advanced NAT modes, andmore, providing granular configurationflexibility and comprehensive protectionat the administrator’s discretion.Standards-based Voice over IP (VoIP)capabilities provide the highest levels ofsecurity for every element of the VoIPinfrastructure, from communicationsequipment to VoIP-ready devices suchas SIP Proxies, H.323 Gatekeepers andCall Servers.Dell SonicWALL clean Wirelessoptionally integrated into dual-bandwireless models or via Dell SonicWALLSonicPoint wireless access pointsprovides powerful and secure 802.11a/b/g/n 3x3 MIMO wireless, and enablesscanning for rogue wireless accesspoints in compliance with PCI DSS.onboard Quality of Service (QoS)features use industry standard 802.1pand Differentiated Services Code Points(DSCP) Class of Service (CoS)designators to provide powerful andflexible bandwidth management that isvital for VoIP, multimedia content andbusiness-critical applications.Integrated modules support on NSA250M and NSA 250M Wireless-Nappliances reduce acquisition andmaintenance costs through equipmentconsolidation, and add deploymentflexibility.Border Gateway Protocol (BGP)support enables alternate networkaccess paths (ISPs) if one path fails.More concurrent SSL VPN sessions addscalability, while extending End PointControl to Microsoft® Windows® devicesensures anti-malware and firewalls areup-to-date.Best-in-class threat protection Dell SonicWALL deep packetinspection protects against network risks such as viruses, worms, Trojans, spyware, phishing attacks, emerging threats and Internet misuse. Application intelligence and control adds highly controls to prevent data leakage and manage bandwidth at the application level.The Dell SonicWALL Reassembly-Free Deep Packet Inspection (RFDPI) technology utilizes Dell SonicWALL’s multi-corearchitecture to scan packets in real-time without stalling traffic in memory.This functionality allows threats to be identified and eliminated over unlimited file sizes and unrestricted concurrent connections, without interruption.The Dell SonicWALL NSA Series provides dynamic network protection through continuous, automated security updates, protecting against emerging and evolving threats, without requiring any administrator intervention.Dynamic security architectureand managementMobile users32Application intelligence and control Dell SonicWALL Application Intelligence and Control provides granular control, data leakage prevention, and real-time visualization of applications to guarantee bandwidth prioritization and ensure maximum network security and productivity. An integrated feature of Dell SonicWALL Next-Generation Firewalls, it uses Dell SonicWALL RFDPItechnology to identify and control applications in use with easy-to-use pre-defined application categories (such as social media or gaming)—regardless of port or protocol. Dell SonicWALL Application Traffic Analytics provides real-time and indepth historical analysis of data transmitted through the firewall including application activities by user.1Dell SonicWALL clean VPNDell SonicWALL Clean VPN™ secures the integrity of VPN access for remote devices including those running iOS or Android by establishing trust for remote users and these endpoint devices and applying anti-malware security services, intrusion prevention and application intelligence and control to eliminate the transport of malicious threats• The SonicWALL NSA 2400 is ideal for branch office and small- to medium-sized corporate environments concerned about throughput capacity and performance • The SonicWALL NSA 220, NSA 220 Wireless-N, NSA 250M and NSA 250M Wireless-N are ideal for branch office sites in distributed enterprise, small- to medium-sizedbusinesses and retail environmentscentralized policy managementThe Network Security Appliance Series can be managed using the SonicWALL Global Management System, which provides flexible, powerful and intuitive tools to manage configurations, viewreal-time monitoring metrics andintegrate policy and compliancereporting and application traffic analytics,all from a central location.Server Anti-Virusand Anti-SpywareServers anti-threatprotectionVPNVPNClientRemoteAccessUpgradeServiceWeb siteand contentusage control Enforced ClientAnti-Virusand Anti-SpywareClient PCs anti-threat protectionFlexible, customizable deployment options –NSA Series at-a-glanceEvery SonicWALL Network Security Appliance solution delivers Next-Generation Firewall protection, utilizing a breakthrough multi-core hardware design and Reassembly-Free Deep Packet Inspection for internal and external network protection without compromising network performance. Each NSA Series product combineshigh-speed intrusion prevention, file and content inspection, and powerful application intelligence and controlwith an extensive array of advanced networking and flexible configuration features. The NSA Series offers an accessible, affordable platform that is easy to deploy and manage in a wide variety of corporate, branch office and distributed network environments.• The SonicWALL NSA 4500 is ideal for large distributed and corporate central-site environments requiring high throughput capacity and performance • The SonicWALL NSA 3500 is idealfor distributed, branch office and corporate environments needing significant throughput capacity and performanceSecurity services andupgradesGateway Anti-Virus,Anti-Spyware, IntrusionPrevention and ApplicationIntelligence and controlService delivers intelligent,real-time network security protectionagainst sophisticated application layerand content-based attacks includingviruses, spyware, worms, Trojans andsoftware vulnerabilities such as bufferoverflows. Application intelligence andcontrol delivers a suite of configurabletools designed to prevent data leakagewhile providing granular application-level controls along with tools enablingvisualization of network traffic.Enforced client Anti-Virusand Anti-spyware (McAfee)working in conjunction withDell SonicWALL firewalls,guarantees that allendpoints have the latest versions ofanti-virus and anti-spyware softwareinstalled and active.content Filtering Serviceenforces protection andproductivity policies byemploying an innovativerating architecture, utilizingadynamic database to block up to 56categories of objectionable webcontent.Analyzer is a flexible, easyto use web-basedapplication traffic analyticsand reporting tool thatprovides powerful real-time andhistorical insight into the health,performance and security of the network.Virtual Assist is a remotesupport tool that enablesa technician to assumecontrol of a PC or laptopfor the purpose of providingremote technical assistance. Withpermission, the technician can gaininstant access to a computer using aweb browser, making it easy to diagnoseand fix a problem remotely without theneed for a pre-installed “fat” client.Dynamic Support Servicesare available 8x5 or 24x7depending on customerneeds. Features includeworld-class technicalsupport, crucial firmware updates andupgrades, access to extensive electronictools and timely hardware replacementto help organizations get the greatestreturn on their Dell SonicWALLinvestment.Global VPN clientUpgrades utilize a softwareclient that is installed onWindows-based computersand increase workforce productivity byproviding secure access to email, files,intranets, and applications for remoteusers.provide clientlessLinux-based systems. With integratedSSL VPN technology, Dell SonicWALLfirewall appliances enable seamless andsecure remote access to email, files,intranets, and applications from a varietyof client platforms via NetExtender, alightweight client that is pushed onto theuser’s machine.SonicWALL Mobile connect™,a single unified client app forApple® iOS and Google®Android™, provides smartphone andtablet users superior network-levelaccess to corporate and academicresources over encrypted SSL VPNconnections.comprehensive Anti-SpamService (CASS) offerssmall- to medium-sizedbusinesses comprehensiveprotection from spam andviruses, with instant deployment overexisting Dell SonicWALL firewalls. CASSspeeds deployment, eases administrationand reduces overhead by consolidatingsolutions, providing one-click anti-spamservices, with advanced configuration injust ten minutes.Deep Packet Inspection for of SSL-Encrypted traffic (DPI-SSL) transparentlydecrypts and scans both inbound andoutbound HTTPS traffic for threats usingDell SonicWALL RFDPI. The traffic is thenre-encrypted and sent to its originaldestination if no threats or vulnerabilitiesare discovered.Denial of Service attack prevention 22 classes of DoS, DDoS and scanning attacksKey exchange K ey Exchange IKE, IKEv2, Manual Key, PKI (X.509), L2TP over IPSec Route-based VPN Yes (OSPF, RIP)Certificate support Verisign, Thawte, Cybertrust, RSA Keon, Entrust, and Microsoft CA for Dell SonicWALL-to-Dell SonicWALL VPN, SCEP Dead peer detection Yes DHCP over VPN Yes IPSec NAT TraversalYes Redundant VPN gatewayYesGlobal VPN client platforms supported Microsoft Windows 2000, Windows XP, Microsoft Vista 32/64-bit, Windows 7 32/64-bitSSL VPN platforms supportedMicrosoft Windows 2000 / XP / Vista 32/64-bit / Windows 7, Mac 10.4+, Linux FC 3+ / Ubuntu 7+ / OpenSUSEMobile Connect platforms supported iOS 4.2 and higher, Android 4.0 and higherSecurity servicesDeep Packet Inspection Service Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention and Application Intelligence and Control Content Filtering Service (CFS) HTTP URL,HTTPS IP, keyword and content scanning ActiveX, Java Applet, and cookie blocking bandwidth management on filtering categories, allow/forbid lists Gateway-enforced Client Anti-Virus and Anti-Spyware McAfee Comprehensive Anti-Spam Service Supported Application Intelligence Application bandwidth management and control, prioritize or block application and Control by signatures, control file transfers, scan for key words or phrasesDPI SSL Provides the ability to decrypt HTTPS traffic transparently, scan this traffic for threats using Dell SonicWALL’s Deep Packet Inspection technology (GAV/AS/IPS/ Application Intelligence/CFS), then re-encrypt the traffic and send it to its destination if no threats or vulnerabilities are found. This feature works for both clients and workingIP Address assignment Static, (DHCP, PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP relay NAT modes1:1, 1:many, many:1, many:many, flexible NAT (overlapping IPs), PAT, transparent modeVLAN interfaces (802.1q) 25352550200Routing OSPF, RIPv1/v2, static routes, policy-based routing, MulticastQoS Bandwidth priority, maximum bandwidth, guaranteed bandwidth, DSCP marking, 802.1pIPv6Yes AuthenticationXAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix Internal database/single sign-on users 100/100 Users150/150 Users250/250 Users300/500 Users1,000/1,000 UsersVoIPFull H.323v1-5, SIP, gatekeeper support, outbound bandwidth management, VoIP over WLAN, deep inspection security, full interoperability with most VoIP gateway and communications devicesSystemZone security Yes SchedulesOne time, recurring Object-based/group-based management Yes DDNSYesManagement and monitoring Web GUI (HTTP, HTTPS), Command Line (SSH, Console), SNMP v3: Global management with Dell SonicWALL GMSLogging and reporting Analyzer, Local Log, Syslog, Solera Networks, NetFlow v5/v9, IPFIX with extensions, real-time visualizationHigh availabilityOptional Active/Passive with State SyncLoad balancing Yes, (Outgoing with percent-based, round robin and spill-over); (Incoming with round robin,random distribution, sticky IP, block remap and symmetrical remap)StandardsTCP/IP, UDP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3Wireless standards802.11 a/b/g/n, WPA2, WPA, TKIP, 802.1x, EAP-PEAP, EAP-TTLS WAN acceleration supportYesFlash memory32 MB compact Flash 512 MB compact Flash3G wireless/modem * With 3G/4G USB adapter or modem — With 3G/4G USB adapter or modemPower supply 36W external Single 180W ATX power supplyFansNo fan/1 internal fan 2 internal fans 2 fansPower input10-240V, 50-60Hz Max power consumption 11W/15W 12W/16W 42W 64W 66W Total heat dissipation 37BTU/50BTU 41BTU/55BTU 144BTU 219BTU 225BTUCertificationsVPNC, ICSA Firewall 4.1 EAL4+, FIPS 140-2 Level 2, VPNC, ICSA Firewall 4.1, IPv6 Phase 1, IPv6 Phase 2Certifications pending EAL4+, FIPS 140-2 Level 2, IPv6 Phase 1, IPv6 Phase 2 —Form factor 1U rack-mountable/ 1U rack-mountable/ 1U rack-mountable/ and dimensions 7.125 x 1.5 x 10.5 in/ 17 x 10.25 x 1.75 in/ 17 x 13.25 x 1.75 in/18.10 x 3.81 x 26.67 cm 43.18 x 26 x 4.44 cm 43.18 x 33.65 x 4.44 cmWeight 1.95 lbs/0.88 kg/ 3.05 lbs/1.38 kg/ 8.05 lbs/ 3.65 kg 11.30 lbs/ 5.14 kg2.15 lbs/0.97 kg3.15 lbs/1.43 kg WEEE weight V 3.05 lbs/1.38 kg/4.4 lbs/2.0kg/ 8.05 lbs/ 3.65 kg 11.30 lbs/5.14 kg3.45 lbs/1.56 kg4.65 lbs/2.11 kgMajor regulatoryF CC Class A, CES Class A, CE, C-Tick, VCCI, Compliance MIC, UL, cUL, TUV/GS, CB, NOM, RoHS, WEEE Environment 40-105° F, 0-40° C 40-105° F, 5-40° CMTBF 28 years/15 years 23 years/14 years 14.3 years 14.1 years 14.1 yearsHumidity5-95% non-condensing 10-90% non-condensingcertificationsSpecificationsTesting methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services. Full DPI Performance/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs. Actual maximum connection counts are lower when Next-Generation Firewall services are enabled. VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544. Supported on the NSA 3500 and higher. Not available on NSA 2400. *USB 3G card and modem are not included. See http://www.Dell /us/products/cardsupport.html for supported USB devices. The Comprehensive Anti-Spam Service supports an unrestricted number of users but is recommended for 250 users or less. With Dell SonicWALL WXA Series Appliance.Network Security Appliance 3500 01-SSC-7016NSA 3500 TotalSecure* (1-year) 01-SC-7033Network Security Appliance 450001-SSC-7012NSA 4500 TotalSecure* (1-year) 01-SC-7032Network Security Appliance 2400 01-SSC-7020NSA 2400 TotalSecure* (1-year) 01-SC-7035Network Security Appliance 250M 01-SSC-9755Network Security Appliance 250M Wireless-N 01-SSC-9757 (US/Canada)Network Security Appliance 250M TotalSecure* 01-SSC-9747Network Security Appliance 250M Wireless-N TotalSecure*01-SSC-9748 (US/Canada)Network Security Appliance 220 01-SSC-9750Network Security Appliance 220 Wireless-N 01-SSC-9752 (US/Canada)Network Security Appliance 220 TotalSecure* 01-SSC-9744Network Security Appliance 220 Wireless-N TotalSecure*01-SSC-9745 (US/Canada)For more information on Dell SonicWALL network security solutions, please visit .*Includes one-year of Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, andApplication Intelligence and Control Service, Content Filtering Service and Dynamic Support 24x7.Security Monitoring Services from Dell SecureWorks are available for thisappliance Series. For more information, visit /secureworks。

The SonicWall Network Security appliance (NS a) series provides organizations that range in scale from mid-sized networks to distributed enterprises and data centers with advanced threat prevention in a high-performance security platform. Utilizing innovative deep learning technologies in the SonicWall Capture Cloud Platform, the NS a series delivers the automated real-time breach detection and prevention organizations need. Cutting-edge threat prevention with superior performanceToday’s network threats are highly evasive and increasingly difficult to identify using traditional methods of detection. Staying ahead of sophisticated attacks requires a more modern approach that heavily leverages security intelligence in the cloud. Without that cloud intelligence, gateway security solutions can’t keep pace with today’s complex threats. NS a series next-generation firewalls (NGFWs) integrate two advanced security technologies to deliver cutting-edge threat prevention that keeps your network one step ahead. Enhancing SonicWall’s multi-engine Capture Advanced Threat Protection (ATP) service is our patent-pendingReal-Time Deep Memory Inspection (RTDMI™) technology. The RTDMI engine proactively detects and blocks mass market, zero-day threats and unknown malware by inspecting directly in memory. Because of the real-time architecture, SonicWall RTDMI technology is precise, minimizes false positives, and identifies and mitigates sophisticated attacks where the malware’s weaponry is exposed for less than 100 nanoseconds. In combination, SonicWall’s patented* single-pass Reassembly-Free Deep Packet Inspection (RFDPI) engine examines every byte of every packet, inspecting both inbound and outbound traffic on the firewall. By leveraging the SonicWall Capture Cloud Platform in addition toon-box capabilities including intrusion prevention, anti-malware and web/URL filtering, the NS a series blocks even the most insidious threats at the gateway. Further, SonicWall firewalls provide complete protection by performingfull decryption and inspection of TLS/ SSL and SSH encrypted connections regardless of port or protocol. The firewall looks deep inside every packet (the header and data) searching for protocol non-compliance, threats, zero-days, intrusions, and even defined criteria. The deep packet inspection engine detects and prevents hidden attacks that leverage cryptography, blocks encrypted malware downloads, ceases the spread of infections, and thwarts commandand control (C&C) communicationsand data exfiltration. Inclusion and exclusion rules allow total control to customize which traffic is subjected to decryption and inspection based on specific organizational compliance and/or legal requirements.When organizations activate deep packet inspection functions such as IPS, anti-virus, anti-spyware, TLS/SSL decryption/ inspection and others on their firewalls, network performance often slows down,SonicWall Network Securityappliance (NS a) seriesIndustry-validated security effectiveness and performance for mid-sizednetworks, distributed enterprises and data centersBenefits:Superior threat preventionand performance• Patent-pending real-time deepmemory inspection technology• Patented reassembly-free deeppacket inspection technology• On-box and cloud-based threatprevention• TLS/SSL decryption and inspection• Industry-validated securityeffectiveness• Multi-core hardware architecture• Dedicated Capture Labs threatresearch teamNetwork control and flexibility• Powerful SonicOS operating system• Application intelligence and control• Network segmentation with VLANs• High-speed wireless securityEasy deployment, setup and ongoingmanagement• Tightly integrated solution• Centralized management• Scalability through multiplehardware platformssometimes dramatically. NS a series firewalls, however, feature a multi-core hardware architecture that utilizes specialized security microprocessors. Combined with our RTDMI and RFDPI engines, this unique design eliminates the performance degradation networks experience with other firewalls. Network control and flexibilityAt the core of the NS a series is SonicOS, SonicWall’s feature-rich operating system. SonicOS provides organizations withthe network control and flexibility they require through application intelligence and control, real-time visualization,an intrusion prevention system (IPS) featuring sophisticated anti-evasion technology, high-speed virtual private networking (VPN) and other robust security features.Using application intelligence and control, network administrators can identifyand categorize productive applications from those that are unproductive or potentially dangerous, and control that traffic through powerful application-level policies on both a per-user and a per-group basis (along with schedules and exception lists). Business-critical applications can be prioritized and allocated more bandwidth while non-essential applications are bandwidth-limited. Real-time monitoring andvisualization provides a graphicalrepresentation of applications, users andbandwidth usage for granular insight intotraffic across the network.For organizations requiring advancedflexibility in their network design,SonicOS offers the tools to segmentthe network through the use of virtualLANs (VLANs). This enables networkadministrators to create a virtual LANinterface that allows for networkseparation into one or more logicalgroups. Administrators create rules thatdetermine the level of communicationwith devices on other VLANs.Built into every NS a series firewall is awireless access controller that enablesorganizations to extend the networkperimeter securely through the use ofwireless technology. Together, SonicWallfirewalls and SonicWave 802.11ac Wave2 wireless access points create a wirelessnetwork security solution that combinesindustry-leading next-generation firewalltechnology with high-speed wireless forenterprise-class network security andperformance across the wireless network.Easy deployment, setup andongoing managementLike all SonicWall firewalls, the NS aseries tightly integrates key security,connectivity and flexibility technologiesinto a single, comprehensive solution.This includes SonicWave wirelessaccess points and the SonicWall WANAcceleration (WXA) series, both ofwhich are automatically detected andprovisioned by the managing NS a firewall.Consolidating multiple capabilitieseliminates the need to purchase andinstall point products that don’t alwayswork well together. This reduces theeffort it takes to deploy the solution intothe network and configure it, saving bothtime and money.Cloud-based centralized management,reporting, licensing and analytics arehandled through the SonicWall CaptureSecurity Center. Administrators areprovided with an intuitive dashboard formanaging all aspects of the network inreal time, including critical security alerts.Together, the simplified deployment andsetup along with the ease of managementenable organizations to lower their totalcost of ownership and realize a highreturn on investment.SFP ports ports1 x 2.5GbESonicWallSonicWall NS a 5650Capture Cloud PlatformSonicWall's Capture Cloud Platform delivers cloud-based threat prevention and network management plus reporting and analytics for organizations of any size. The platform consolidates threat intelligence gathered from multiple sources including our award-winningmulti-engine network sandboxing service, Capture Advanced Threat Protection, as well as more than 1 million SonicWall sensors located around the globe.If data coming into the network is found to contain previously-unseen malicious code, SonicWall’s dedicated, in-house Capture Labs threat research team develops signatures that are stored in the Capture Cloud Platform database and deployed to customer firewalls for up-to-date protection. New updates take effect immediately without reboots or interruptions. The signatures resident on the appliance protect against wide classesof attacks, covering tens of thousands of individual threats with a single signature. In addition to the countermeasures on the appliance, NS a firewalls also have continuous access to the Capture Cloud Platform database which extends the onboard signature intelligence with tens of millions of signatures.In addition to providing threat prevention, the Capture Cloud Platform offers single pane of glass management and administrators can easily create both real-time and historical reports on network activity.Advanced threat protectionAt the center of SonicWall automated, real-time breach prevention is SonicWall Capture Advanced Threat Protection service, a cloud-based multi-engine sandbox that extends firewall threat protection to detect and prevent zero-day threats. Suspicious files are sent to the cloud where they are analyzed using deep learning algorithms with the option to hold them at the gateway until a verdict is determined. Themulti-engine sandbox platform, which includes Real-Time Deep Memory Inspection, virtualized sandboxing, full system emulation and hypervisor level analysis technology, executes suspicious code and analyzes behavior. When a file is identified as malicious, it is blocked and a hash is immediately created within Capture ATP. Soon after, a signature is sent to firewalls to prevent follow-on attacks.The service analyzes a broad range of operating systems and file types, including executable programs, DLL, PDFs, MS Office documents, archives, JAR and APK.For complete endpoint protection, the SonicWall Capture Client combines next-generation anti-virus technology with SonicWall's cloud-basedmulti-engine sandbox.Reassembly-Free Deep Packet Inspection engineThe SonicWall Reassembly-Free Deep Packet Inspection (RFDPI) is a single-pass, low latency inspection system that performs stream-based, bi-directional traffic analysis at high speed without proxying or buffering to effectivelyuncover intrusion attempts and malware downloads while identifying application traffic regardless of port and protocol. This proprietary engine relies onstreaming traffic payload inspection to detect threats at Layers 3-7, and takesnetwork streams through extensive andrepeated normalization and decryption in order to neutralize advanced evasion techniques that seek to confusedetection engines and sneak malicious code into the network.Once a packet undergoes the necessary pre-processing, including TLS/SSLdecryption, it is analyzed against a single, proprietary memory representation of three signature databases: intrusion attacks, malware and applications. The connection state is then advanced to represent the position of the streamrelative to these databases until it encounters a state of attack, or other “match” event, at which point a pre-set action is taken.In most cases, the connection is terminated and proper logging andnotification events are created. However, the engine can also be configured for inspection only or, in case of application detection, to provide Layer 7 bandwidth management services for the remainder of the application stream as soon as the application is identified.Packet Packet assembly-based processSonicWall stream-based architectureCompetitive proxy-based architecture When proxy buffer becomes full or content too large,files bypass scanning.Reassembly-free Deep Packet Inspection (RFDPI)Reassembly-free packet scanning eliminates proxy and content size limitations.Inspection timeLessMoreInspection capacityMinMaxGlobal management and reportingFor highly regulated organizations wanting to achieve a fully coordinated security governance, compliance and risk management strategy, SonicWall provides administrators a unified, secure andextensible platform to manage SonicWall firewalls, wireless access points and Dell N-Series and X-Series switches through a correlated and auditable workstream process. Enterprises can easilyconsolidate the management of security appliances, reduce administrative andtroubleshooting complexities, and govern all operational aspects of the security infrastructure, including centralized policy management and enforcement; real-time event monitoring; useractivities; application identifications; flow analytics and forensics; compliance and audit reporting; and more. In addition, enterprises meet the firewall’s change management requirements throughworkflow automation which provides the agility and confidence to deploy the right firewall policies at the right time and inconformance with compliance regulations. Available on premises as SonicWall Global Management System and in the cloud as Capture Security Center, SonicWall management and reporting solutions provide a coherent way to manage network security by business processes and service levels, dramatically simplifying lifecycle management of your overall security environments compared to managing on a device-by-device basis.The NS a 2650 delivers high-speed threat preventionover thousands of encrypted and even more unencrypted connections to mid-sized organizations and distributed enterprises.The SonicWall NS a 3650 is ideal for branch office and small- to medium-sized corporate environments concerned aboutthroughput capacity and performance.Dual fansDual fans8 x 2.5GbE4 x 2.5GbE SFP ports12 x 1GbE 12 x 1GbEports1GbEmanagement1GbE managementOptional redundant powerOptional redundant powerPowermoduleStorage moduleUSB portsDual USB portsportsSFP+ ports 4 x 2.5GbEportsTriple fansTriple fansDual power suppliesDual power suppliesExpansion bayExpansion bay2 x 10GbE 2 x 10GbE SFP+ ports2 x 10GbE4 x 2.5GbE ports4 x 2.5GbE ports16 x 1GbE ports16 x 1GbE portsConsoleStorage modulemoduleDual USB portsUSB ports1GbE The SonicWall NS a 4650 secures growing medium-sizedorganizations and branch office locations with enterprise-class features and uncompromising performance.The SonicWall NS a 5650 is ideal for distributed, branch office and corporate environments needing significant throughput and high port density.4 x 2.5GbE SFP ports 4 x 2.5GbE SFP portsTriple fansTriple fansDual power suppliesDual power suppliesExpansion bayExpansion bay2 x 10GbE 10 x 10GbE2 x 10GbE6 x 10GbESFP+ portsports8 x 2.5GbE SFP ports8 x 1GbE portsportsStorage modulemoduleDual USB portsDual 1GbE LCD managementNS a 6650The SonicWall NS a 6650 is ideal for large distributed andcorporate central site sites requiring high throughput capacity and performance.NS a 9250/9450/9650The SonicWall NS a 9250/9450/9650 provide distributed enterprises and data centers with scalable, deep security at multi-gigabit speeds.SFP portsFeaturesBreach prevention subscription servicesFirewall• Stateful packet inspection• Reassembly-Free Deep Packet Inspection • DDoS attack protection (UDP/ICMP/SYNflood)• IPv4/IPv6• Biometric authentication forremote access• DNS proxy• REST APIsTLS/SSL/SSH decryption and inspection1• Deep packet inspection for TLS/SSL/SSH • Inclusion/exclusion of objects, groups orhostnames• TLS/SSL control• Granular DPI SSL controls per zoneor ruleCapture advanced threat protection1• Real-Time Deep Memory Inspection • Cloud-based multi-engine analysis• Virtualized sandboxing• Hypervisor level analysis• Full system emulation• Broad file type examination• Automated and manual submission• Real-time threat intelligence updates • Block until verdict• Capture ClientIntrusion prevention1• Signature-based scanning• Automatic signature updates• Bi-directional inspection• Granular IPS rule capability• GeoIP enforcement• Botnet filtering with dynamic list• Regular expression matchingAnti-malware1• Stream-based malware scanning• Gateway anti-virus• Gateway anti-spyware• Bi-directional inspection• No file size limitation• Cloud malware database Application identification1• Application control• Application bandwidth management• Custom application signature creation• Data leakage prevention• Application reporting overNetFlow/IPFIX• Comprehensive application signaturedatabaseTraffic visualization and analytics• User activity• Application/bandwidth/threat usage• Cloud-based analyticsWeb content filtering1• URL filtering• Proxy avoidance• Keyword blocking• HTTP header insertion• Bandwidth manage CFS rating categories• Unified policy model with app control• Content Filtering ClientVPN• Auto-provision VPN• IPSec VPN for site-to-site connectivity• SSL VPN and IPSec client remote access• Redundant VPN gateway• Mobile Connect for iOS, Mac OSX, Windows, Chrome, Android andKindle Fire• Route-based VPN (OSPF, RIP, BGP)Networking• PortShield• Jumbo frames• Enhanced logging• VLAN trunking• RSTP (Rapid Spanning Tree Protocol)• Port mirroring• Layer-2 QoS• Port security• Dynamic routing (RIP/OSPF/BGP)• SonicWall wireless controller• Policy-based routing (ToS/metric andECMP)• NAT• DNS/DNS proxy• DHCP server• Bandwidth management• Link aggregation (static and dynamic)• Port redundancy• A/P high availability with state sync• A/A clustering• Inbound/outbound load balancing• L2 bridge, wire/virtual wire mode,tap mode• 3G/4G WAN failover• Asymmetric routing• Common Access Card (CAC) supportWireless• WIDS/WIPS• RF spectrum analysis• Rogue AP prevention• Fast roaming (802.11k/r/v)• Mesh networking (802.11s)• Floor plan view/Topology view• Band steering• Beamforming• AirTime fairness• MiFi extender• Guest cyclic quota• LHM guest portalVoIP• Granular QoS control• Bandwidth management• SIP and H.323 transformations peraccess rule• H.323 gatekeeper and SIP proxy supportManagement and monitoring• Capture Security Center, GMS, Web UI,CLI, REST APIs, SNMPv2/v3• Logging• Netflow/IPFix exporting• Cloud-based configuration backup• BlueCoat Security Analytics Platform• SonicWall access point management• Dell N-Series and X-Series switchmanagement including cascaded switches1Requires added subscriptionThreat Prevention/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs. Threat Prevention throughput measured with Gateway AV, Anti-Spyware, IPS and Application Control enabled.VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544. All specifications, features and availability are subject to change.For every 125,000 DPI connections reduced, the number of available DPI SSL connections increases by 3,000 except for NSa 9250 and above.Active/Active Clustering and Active/Active DPI with State Sync require purchase of Expanded License.Performance optimized mode can provide significant increases in performance without major impact to threat prevention efficacy.*Future use. All specifications, features and availability are subject to change.NS a series ordering information© 2018 SonicWall Inc. ALL RIGHTS RESERVED. SonicWall is atrademark or registered trademark of SonicWall Inc. and/or its affiliates SonicWall, Inc.1033 McCarthy Boulevard | Milpitas, CA 95035 About UsSonicWall has been fighting the cyber-criminal industry for over 26 years, defending small, medium size businesses and enterprises worldwide. Our combination of products and partners has enabled a real-time cyber defense solution tuned to the specificneeds of the more than 500,000 businesses in over 150 countries, so you can do more business with less fear.Regulatory model numbers:NS a 2650 - 1RK38-0C8NS a 3650 - 1RK38-0C7NS a 4650 - 1RK39-0C9NS a 5650 - 1RK39-0CA NS a 6650 - 1RK39-0CB NS a 9250 - 1RK39-0CC NS a 9450 - 1RK39-0CD NS a9650 - 1RK39-0CE*Please consult with your local SonicWall reseller for a complete list of supported SFP and SFP+ modulesNS a series ordering information con't。

SONICWALL 网络安全产品一、产品概述SonicWALL系列防火墙是在NASDAQ上市的SONICWALL公司的著名网络安全产品，全球销量超过11万7千台（公司经审计的财务报告中，截止2000年12月31日的统计数据），是目前全球销量最大和硬件防火墙产品和市场占有率最高的硬件VPN产品(美国INFONETICS 2000年7月25日数据)。

SonicWALL采用软硬件一体化设计，在高性能硬件平台上，利用先进的防火墙技术和SonicWALL 专有的安全高效的实时操作系统，再加上世界领先的加密算法、身份认证技术以及网络防病毒技术，是一个强大的，集应用级防火墙、入侵报警、内容过滤、VPN、网络防病毒等多种安全策略为一体的，稳定可靠的高性能网络安全系统。

其完善的产品系列和卓越的性能价格比为不同规模、不同行业、不同上网方式的用户提供安全、快速、灵活、超值的网络安全解决方案。

SONICWALL产品通过世界权威的ICSA认证和国内权威的公安部信息安全产品检测，并率先符合最新执行的国家信息安全产品标准——GB/T 18019-1999，中国公安部信息安全产品销售许可证号：XKC33098二、产品功能和技术1．防火墙：✧采用先进的第三代“全状态检测”防火墙技术✧软件终生免费升级✧支持DDN、xDSL、Cable Modem、ISDN等多种上网方式✧双向NAT网络地址转换，端口映射✧DHCP和MAC地址捆绑✧支持三个DNS服务器✧支持各种应用服务协议：HTTP、FTP、SMTP、Telnet等✧MD5身份认证✧攻击检测与报警：能够自动识别攻击，并通过E-MAIL或Call机报警✧详细的系统日志和访问日志管理，支持WEB TRENDS2．网页内容过滤：✧IP地址过滤✧关键字段过滤✧URL过滤✧分不同用户和时间段过滤✧过滤Active X、Cookies、Java等危险文件✧支持第三方（美国CyberNOT）的不良网站清单过滤✧访问审计日志3．VPN✧标准的IPSec VPN✧加密算法：DES、3DES、ACR4✧密钥管理：IKE、Manual Keys✧身份认证：MD-5、RADIUS、RSA SecurID✧支持“数字证书”等高级身份认证方式✧支持最大的并发用户数：不同型号支持从5个到1000个✧支持Gateway to Gateway和Client to Gateway模式✧兼容其他VPN产品，如Check Point Firewall-1、CISCO PIX、Axent Raptor、Nortel Contivity4．网络防病毒✧采用McAfee的先进病毒扫描引擎，实现整个网络的安全✧第一家通过ICSA认证的ASP模式防病毒产品✧强制执行的防病毒安全策略✧强制、自动和实时的升级到最新病毒码，给用户最大的安全保证✧彻底清查邮件和邮件附件中的病毒✧防范“特洛伊木马”病毒的攻击✧全球首次真正实现防病毒工作的零维护5．高可靠性SonicWALL PRO和PRO VX提供的高可靠性功能，支持防火墙的双机热备份，最大程度保证网络连接的可靠性。

The SonicWall SuperMassive Series is SonicWall’s next-generation firewall (NGFW) platform designed for large networks to deliver scalability, reliability and deep security at multi-gigabit speeds with near zero latency.Built to meet the needs of enterprise, government, education, retail, healthcare and service provider, the SuperMassive Series is ideal for securing distributed enterprise networks, data centers and service providers.The combination of SonicWall’s SonicOS operating system, patented* Reassembly-Free Deep Packet Inspection® (RFDPI) technology and massively multi-core, highly scalable hardware architecture, the SuperMassive 9000 Series deliver industry-leading application control, intrusion prevention, malware protection and TLS/SSL decryption and inspection at multi-gigabit speeds. The SuperMassive Series is thoughtfully designed with power, space and cooling (PSC) in mind, providing the leading Gbps/watt NGFW in the industry for high performance packet and data processing, application control and threat prevention.The SonicWall RFDPI engine scans every byte of every packet across all ports, delivering full content inspection of the entire stream while providing high performance and low latency. This technology is superior to proxy designs that reassemble content using sockets bolted to anti-malware programs, which are plagued with inefficiencies and the overhead of socket memory thrashing, which leads to high latency, low performance and file size limitations. The RFDPI engine delivers full content inspection to eliminate various forms of malware before they enter the network and provides protection against evolving threats — without file size, performance or latency limitations.The RFDPI engine also performs full decryption and inspection of TLS/SSL and SSH encrypted traffic as well asnon-proxyable applications, enabling complete protection regardless of transport or protocol. It looks deep inside every packets (the header and data part) searching for protocol non-compliance, threats, zero-days, intrusions, and even defined criteria to detect and prevent attacks hidden inside encrypted traffic, cease the spread of infections, and thwart command and control (C&C) communications and data exfiltration. Inclusion and exclusion rules allow total control to customize which traffic is subject to decryption and inspection based on specific organizational compliance and/or legal requirements. Application traffic analytics enablethe identification of productive and unproductive application traffic in real time, and traffic can then be controlled through powerful application-level policies. Application control can be exercised on both a per-user and per-group basis, along with schedules and exception lists. All application, intrusion prevention and malware signatures are constantly updated by the SonicWall Capture Labs threats research team. Additionally, SonicOS, an advanced purpose-built operating system, provides integrated tools that allowfor custom application identification and control.SonicWall SuperMassive SeriesUncompromising, high-performance, next-generation firewall protection foryour enterprise network.Benefits:• Get complete breach preventionincluding high performanceintrusion prevention, lowlatency malware protection andcloud-based sandboxing• Gain full granular applicationidentification, controland visualization• Find and block hidden threats withdecryption and inspection of TLS/SSL and SSH encrypted traffic,without performance problems• Scale security performance for10/40 Gbps data centers• Adapt to service-level increasesand ensure network servicesand resources are availableand protected*U.S. Patents 7,310,815; 7,600,257; 7,738,380; 7,835,361SuperMassive 9000 SeriesSeries lineupThe SonicWall SuperMassive 9000 Series features 4 x 10-GbE SFP+, up to 12 x 1-GbE SFP , 8 x 1-GbE copper and 1 GbEmanagement interfaces, with an expansion port for an additional 2 x 10- GbE SFP+ interfaces (future release). The 9000 Series features hot-swappable fan modules and power supplies.SuperMassive 9000 Seriesdisplay port interface4 x 10-GbE SFP+ ports 8 x 1-GbE SFP ports 8 x 1-GbEportsDual USB ports LCD Dual hot-Expansion bay Two hot-swappable,Dual hot-Expansion bayTwo hot-swappable,SD card for future usedisplayport interface SFP+ ports12 x 1-GbE 2 x 80Gb 8 x 1-GbE ports LCDcontrolsReassembly-Free Deep Packet Inspection engineRFDPI is a single-pass, low latency inspection system that performs stream-based, bi-directional traffic analysis at high speed without proxying or buffering to effectively uncover intrusion attempts, malware and identify application traffic regardless of port and protocol. This proprietary engine relies on streaming traffic payload inspection in order to detect threats at Layers3-7. The RFDPI engine takes network streams through extensive and repeated normalization and decryption in orderto neutralize advanced obfuscation andevasion techniques that seek to confusedetection engines and sneak maliciouscode into the network.Once a packet undergoes the necessarypre-processing, including TLS/SSLdecryption, it is analyzed against a singleproprietary memory representationof multiple signature databases:intrusion attacks, malware, botnet andapplications. The connection stateis then advanced to represent theposition of the stream relative to thesedatabases until it encounters a state ofattack, or other “match” event, at whichpoint a preset action is taken. In mostcases, the connection is terminatedand proper logging and notificationevents are created. However, the enginecan also be configured for inspectiononly or, in the case of applicationdetection, to provide Layer 7 bandwidthmanagement services for the remainderof the application stream as soon as theapplication is identified.PacketPacket assembly-based processSonicWall stream-based architecture Competitive proxy-based architectureWhen proxybecomes full orcontent too large,files bypassscanning.Reassembly-free Deep Packet Inspection (RFDPI)Reassembly-free packetscanning eliminates proxyand content size limitations.Inspection timeLess MoreInspection timeLess MoreInspection capacityMin MaxExtensible architecture for extremescalability and performanceThe RFDPI engine is purposely designedwith a keen focus on providing securityscanning at a high level of performance,to match both the inherently paralleland ever growing nature of networktraffic. When combined with multi-coreprocessor systems, this parallelism-centric software architecture scales upperfectly to address the demands ofdeep packet inspection (DPI) at hightraffic loads. The SuperMassive platformrelies on processors that, unlike x86,are optimized for packet, crypto andnetwork processing while retainingflexibility and programmability in thefield — a weak point for ASICs systems.This flexibility is essential when new codeand behavior updates are necessaryto protect against new attacks thatrequire updated and more sophisticateddetection techniques. Another aspectof the platform design is the uniqueability to establish new connectionson any core in the system, providingultimate scalability and the ability todeal with traffic spikes. This approachdelivers extremely high new sessionestablishment rates (new conn/sec) whiledeep packet inspection is enabled — akey metric that is often a bottleneck fordata center deployments.Advanced threat protection SonicWall Capture Advanced Threat Protection Service1 is a cloud-based multi-engine sandbox that extends firewall threat protection to detect and prevent zero-day threats. Suspicious files are sent to the cloud for analysis with the option to hold them at the gateway until a verdict is determined. Themulti-engine sandbox platform, which includes virtualized sandboxing, full system emulation and hypervisor level analysis technology, executes suspicious code and analyzes behavior. When afile is identified as malicious, a hash is immediately created within Capture and later a signature is sent to firewalls to prevent follow-on attacks.The service analyzes a broad rangeof operating systems and file types, including executable programs, DLL, PDFs, MS Office documents, archives, JAR and APK.Capture provides an at-a-glance threat analysis dashboard and reports, which detail the analysis results for files sent to the service, including source, destination and a summary plus details of malwareaction once detonated.Capture LabsThe dedicated, in-house SonicWall Capture Labs threats researchteam researches and develops countermeasures to deploy to customer firewalls for up-to-date protection. The team gathers data on potential threat data from several sources including our award-winning network sandboxing service, Capture Advanced Threat Protection, as well as more than 1 million SonicWall sensors located around the globe that monitor traffic for emerging threats. It is analyzed via machine learning using SonicWall's Deep Learning Algorithms to extract the DNA from the code to see if it is related to any known forms of malicious code. SonicWall NGFW customers with the latest security capabilities are provided continuously updated threat protection around the clock. New updates take effect immediately without rebootsor interruptions. The signatures onthe appliances protect against wideclasses of attacks, covering up to tensof thousands of individual threats with asingle signature.In addition to the countermeasures onthe appliance, SuperMassive firewallsalso have access to the SonicWallCloudAV1, which extends the onboardsignature intelligence with tens ofmillions of signatures, and growingby millions annually. This CloudAVdatabase is accessed by the firewall viaa proprietary, lightweight protocol toaugment the inspection done on theappliance. With Capture AdvancedThreat Protection1, a cloud-based multi-engine sandbox, organizations canexamine suspicious files and code in anisolated environment to stop advancedthreats such as zero-day attacks.Protection CollectionClassificationCountermeasureL A B S1 Requires added subscriptionApplication intelligence and control Application intelligence informs administrators of application traffic traversing their network so they can schedule application controls based on business priority, throttle unproductive applications and block potentially dangerous applications. Real-time visualization identifies traffic anomalies as they happen, enabling immediate countermeasures against potential inbound or outbound attacks or performance bottlenecks.SonicWall Application Traffic Analytics1 provide granular insight into application traffic, bandwidth utilization and security threats, as well as powerful troubleshooting and forensicscapabilities. Additionally, secure single sign-on (SSO) capabilities ease the user experience, increase productivity and reduce support calls. Management of application intelligence and controlis simplified by the intuitive web-based interface.Global management and reportingFor highly regulated organizations wanting to achieve a fully coordinated security governance, complianceand risk management strategy,the optional SonicWall Global Management System1 (GMS®) provides administrators a unified, secure and extensible platform to manage SonicWall firewalls, wireless access points and switches through a correlated and auditable workstream process. GMS enables enterprises to easily consolidate the managementof security appliances, reduce administrative and troubleshooting complexities, and govern all operational aspects of the security infrastructure, including centralized policy management and enforcement; real-time event monitoring; user activities; application identifications; flow analytics and forensics; compliance and audit reporting; and more. GMS also meets the firewall change management requirementsof enterprises through a workflowautomation feature. With GMS workflowautomation, all enterprises will gainagility and confidence in deploying theright firewall policies, at the right timeand in conformance to complianceregulations. GMS provides a coherentway to manage network security bybusiness processes and service levels,dramatically simplifying lifecyclemanagement of your overall securityenvironments as compared to managingon a device-by-device basis.• Centralizedmanagement• Error-free policymanagement• Strong access control• Comprehensiveaudit trails• PCI, HIPAA, SOXreport templates• Lower operating costsPort Expansion ScalabilitySonicWall GMS Secure Compliance EnforcementBenefits1 Requires added subscription1 Requires added subscriptionFirewall• Stateful packet inspection• Reassembly-Free DeepPacket Inspection• DDoS attack protection(UDP/ICMP/SYN flood)• IPv4/IPv6 support• Biometric authentication forremote access• DNS proxy• Threat APISSL/SSH decryption and inspection2• Deep packet inspection for TLS/SSL/SSH • Inclusion/exclusion of objects, groupsor hostnames• SSL ControlCapture advanced threat protection2• Cloud-based multi-engine analysis• Virtualized sandboxing• Hypervisor level analysis• Full system emulation• Broad file type examination• Automated and manual submission • Real-time threat intelligence updates • Auto-block capabilityIntrusion prevention2• Signature-based scanning• Automatic signature updates• Bi-directional inspection engine• Granular IPS rule set• GeoIP enforcement• Botnet filtering with dynamic list• Regular expression matchingAnti-malware2• Stream-based malware scanning• Gateway anti-virus• Gateway anti-spyware• Bi-directional inspection• No file size limitation• Cloud malware database Application identification2• Application control• Application traffic visualization• Application component blocking• Application bandwidth management• Custom application signature creation• Data leakage prevention• Application reporting overNetFlow/IPFIX• User activity tracking (SSO)• Comprehensive applicationsignature databaseWeb content filtering2• URL filtering• Anti-proxy technology• Keyword blocking• Bandwidth management forCFS categories• Unified policy model with app control• Content Filtering ClientVPN• Auto-provision VPN• IPSec VPN for site-to-site connectivity• SSL VPN and IPSEC client remote access• Redundant VPN gateway• Mobile Connect for iOS, Mac OSX, Windows, Chrome, Android andKindle Fire• Route-based VPN (OSPF, RIP, BGP)Networking• Dynamic LAG using LACP• PortShield• Jumbo frames• Path MTU discovery• Enhanced logging• VLAN trunking• Port mirroring• Layer-2 QoS• Port security• Dynamic routing (RIP/OSPF/BGP)• SonicWall wireless controller1• Policy-based routing(ToS/metric and ECMP)• NAT• DHCP server• Bandwidth management• Link aggregation (static and dynamic)• Port redundancy• A/P high availability with state sync• A/A clustering• Inbound/outbound load balancing• L2 bridge, wire/virtual wire mode, tapmode, NAT mode• 3G/4G WAN failover (not onSuperMassive 9800)• Asymmetric routing• Common Access Card (CAC) supportWireless• MU-MIMO• Wireless planning tool• Band steering• Beamforming• AirTime fairness• MiFi extender• Guest cyclic quotaVoIP• Granular QoS control• Bandwidth management• DPI for VoIP traffic• H.323 gatekeeper and SIP proxy supportManagement and monitoring• Web GUI• Command-line interface (CLI)• SNMPv2/v3• Centralized management and reportingwith SonicWall Global ManagementSystem (GMS)2• Logging• Netflow/IPFix exporting• Cloud-based configuration backup• BlueCoat security analytics platform• Application and bandwidth visualizer• IPv4 and IPv6 Management• LCD management screen• Dell X-Series switch management11 Not supported on SonicOS 6.2.7.72 Requires added subscriptionSuperMassive 9000 Series system specificationsTesting Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services. Full DPI/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs. VPN throughput measured using UDP traffic at 1280 byte packet. Applies to SuperMassive 9200, 9400 and 9600. SuperMassive 9800 UC APL certification is pending. Supported on SonicOS 6.1 and 6.2. For every 125,000 DPI connections reduced, the number of available DPI SSL connections increases by 750. *Future use. All specifications, features and availability are subject to change.SuperMassive 9000 Series ordering information*Please consult with a SonicWall SE for a complete list of supported SFP and SFP+ modules.© 2017 SonicWall Inc. ALL RIGHTS RESERVED. SonicWall is atrademark or registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A. and/or other countries. All other trademarksand registered trademarks are property of their respective owners.SonicWall, Inc.5455 Great America Parkway | Santa Clara, CA 95054 Refer to our website for additional information. About UsSonicWall has been fighting the cyber-criminal industry for over 25 years, defending small, medium size businesses and enterprises worldwide. Our combination of products and partners has enabled a real-time cyber defense solution tuned to the specific needs of the more than 500,000 global businesses in over 150 countries, so you can do more business with less fear.Datasheet-SuperMassive-US-VG-MKTG476。