| Firewall | Stateful packet inspection
Reassembly-Free Deep Packet Inspection
DDoS attack protection (UDP/ICMP/SYN flood)
IPv4/IPv6 support
Biometric authentication for remote access
DNS proxy
REST APIs
SonicWall Switch integration |
| TLS/SSL/SSH decryption and inspection | TLS 1.3
Deep packet inspection for TLS/SSL/SSH
Inclusion/exclusion of objects, groups or hostnames
SSL control
Granular DPI-SSL controls per zone or rule
Decryption Policies for SSL/TLS and SSH |
| Capture advanced threat protection | Real-Time Deep Memory Inspection
Cloud-based multi-engine analysis
Virtualized sandboxing
Hypervisor level analysis
Full system emulation
Broad file type examination
Automated and manual submission
Real-time threat intelligence updates
Block until verdict
Capture Client |
| Intrusion prevention | Signature-based scanning
Automatic signature updates
Bi-directional inspection
Granular IPS rule capability
GeoIP enforcement
Botnet filtering with dynamic list
Regular expression matching |
| Anti-malware | Stream-based malware scanning
Gateway anti-virus
Gateway anti-spyware
Bi-directional inspection
No file size limitation
Cloud malware database |
| Application identification | Application control
Application bandwidth management
Custom application signature creation
Data leakage prevention
Application reporting over NetFlow/IPFIX
Comprehensive application signature database |
| Traffic visualization and analytics | User activity
Application/bandwidth/threat usage
Cloud-based analytics |
| HTTP/HTTPS Web content filtering | URL filtering
Proxy avoidance
Keyword blocking
Policy-based filtering (exclusion/inclusion)
HTTP header insertion
Bandwidth manage CFS rating categories
Content Filtering Client |
| VPN | Auto-provision VPN
IPSec VPN for site-to-site connectivity
SSL VPN and IPSec client remote access
Redundant VPN gateway
Mobile Connect for iOS, Mac OS X, Windows, Chrome, Android and Kindle Fire
Route-based VPN (OSPF, RIP, BGP) |
| Networking | Multi-instance firewall (only on NSsp 15700)PortShield
Jumbo frames
Path MTU discovery
Enhanced logging
VLAN trunking
Port mirroring
Layer-2 QoS
Port security
Dynamic routing (RIP/OSPF/BGP)
Policy-based routing (ToS/metric and ECMP)
NAT
DHCP server
Bandwidth management
Link aggregation (static and dynamic)
Port redundancy
A/P high availability with state sync
Inbound/outbound load balancing
High availability - Active/Standby with state sync
Wire/virtual wire mode, tap mode, NAT mode
Asymmetric routing |
| VoIP | Granular QoS control
Bandwidth management
DPI for VoIP traffic
H.323 gatekeeper and SIP proxy support |
| Management and monitoring | Web GUI
Command line interface (CLI)
Zero-Touch registration & provisioning
Rest API
SonicExpress mobile app support |
| Management and monitoring cont’d | Centralized management and reporting with SonicWall Network Security Manager (NSM)1
Logging
Netflow/IPFix exporting
Cloud-based configuration backup
Application and bandwidth visualization
IPv4 and IPv6 management |
| Unified Security Policy | Unified Policy combines Layer 4 to Layer 7 rules:
Source/Destination IP/Port/Service
Application Control
CFS/Web Filtering
Single Pass Security Services enforcement
IPS/GAV/AS/Capture ATP
Rule management:
Cloning
Shadow rule analysis
In-cell editing
Group editing
Managing views
Used/un-used rules
Active/in-active rules
Sections |
