SonicWall NSsp 12400

Firewall

• Stateful packet inspection
• Reassembly-Free Deep Packet Inspection
• DDoS attack protection (UDP/ICMP/SYN flood)
• IPv4/IPv6
• Biometric authentication for remote access
• DNS proxy

TLS/SSL/SSH decryption and inspection¹

• Deep packet inspection for TLS/SSL/SSH
• Inclusion/exclusion of objects, groups or hostnames
• TLS/SSL control
• Granular DPI SSL controls per zone or rule

Capture advanced threat protection¹

• Real-Time Deep Memory Inspection
• Cloud-based multi-engine analysis
• Virtualized sandboxing
• Hypervisor level analysis
• Full system emulation
• Broad file type examination
• Automated and manual submission
• Real-time threat intelligence updates
• Block until verdict

Intrusion prevention¹

• Signature-based scanning
• Automatic signature updates
• Bi-directional inspection
• Granular IPS rule capability
• GeoIP enforcement
• Botnet filtering with dynamic list
• Regular expression matching

Anti-malware¹

• Stream-based malware scanning
• Gateway anti-virus
• Gateway anti-spyware
• Bi-directional inspection
• No file size limitation
• Cloud malware database

Application identification¹

• Application control
• Application bandwidth management
• Custom application signature creation
• Data leakage prevention
• Application reporting over NetFlow/IPFIX
• Comprehensive application signature database

Traffic visualization and analytics

• User activity
• Application/bandwidth/threat usage

Web content filtering¹

• URL filtering
• Proxy avoidance
• Bandwidth manage CFS rating categories
• Unified policy model with app control
• Content Filtering Client

VPN

• Auto-provision VPN
• IPSec VPN for site-to-site connectivity
• SSL VPN and IPSec client remote access
• Redundant VPN gateway
• Mobile Connect for iOS, Mac OS X, Windows, Chrome, Android and Kindle Fire
• Route-based VPN (OSPF, RIP, BGP)

Networking

• PortShield
• Jumbo frames
• Enhanced logging
• VLAN trunking
• RSTP (Rapid Spanning Tree Protocol)
• Port mirroring
• Port security
• Layer-2 QoS
• Dynamic routing (RIP/OSPF/BGP)
• SonicWall wireless controller
• Policy-based routing
• NAT
• DNS/DNS proxy
• DHCP server
• Bandwidth management
• Link aggregation (static and dynamic)
• Port redundancy
• A/P high availability with state sync
• A/A clustering
• Inbound/outbound load balancing
• L2 bridge, wire/virtual wire mode, tap mode
• Asymmetric routing
• Common Access Card (CAC) support

Wireless

• WIDS/WIPS
• RF spectrum analysis
• Rogue AP prevention
• MiFi extender
• Guest cyclic quota
• LHM guest portal

VoIP

• Granular QoS control
• Bandwidth management
• SIP and H.323 transformations per access rule
• H.323 gatekeeper and SIP proxy support

Management and monitoring

• GMS, Web, UI, CLI, SNMPv2/v3
• Logging
• Netflow/IPFix exporting
• BlueCoat Security Analytics Platform
• SonicWall access point management

¹Requires added subscription

Capture Cloud Platform

SonicWall's Capture Cloud Platform delivers cloud-based threat prevention and network management plus reporting and analytics for organizations of any size. The platform consolidates threat intelligence gathered from multiple sources including our award-winning multi-engine network sandboxing service, Capture Advanced Threat Protection, as well as more than 1 million SonicWall sensors located around the globe.

If data coming into the network is found to contain previously-unseen malicious code, SonicWall’s dedicated, in-house Capture Labs threat research team develops signatures that are stored in the Capture Cloud Platform database and deployed to customer firewalls for up-to-date protection. New updates take effect immediately without reboots or interruptions. The signatures resident on the appliance protect against wide classes of attacks, covering tens of thousands of individual threats with a single signature.

In addition to the countermeasures on the appliance, NSsp firewalls also have continuous access to the Capture Cloud Platform database which extends the onboard signature intelligence with tens of millions of signatures.

Furthermore, the Capture Cloud Platform offers single pane of glass management and administrators can easily create both real-time and historical reports on network activity.

Advanced threat protection

At the center of SonicWall automated, real-time breach prevention is SonicWall Capture Advanced Threat Protection service, a cloud-based multi-engine sandbox that extends firewall threat protection to detect and prevent zeroday threats. Suspicious files are sent to the cloud where they are analyzed using deep learning algorithms with the option to hold them at the gateway until a verdict is determined. The multi-engine sandbox platform, which includes Real-Time Deep Memory Inspection, virtualized sandboxing, full system emulation and hypervisor level analysis technology, executes suspicious code and analyzes behavior. When a file is identified as malicious, it is blocked and a hash is immediately created within Capture ATP. Soon after, a signature is sent to firewalls to prevent follow-on attacks.

The service analyzes a broad range of operating systems and file types, including executable programs, DLL, PDFs, MS Office documents, archives, JAR and APK.

Reassembly-Free Deep Packet Inspection engine

The SonicWall Reassembly-Free Deep Packet Inspection (RFDPI) is a singlepass, low latency inspection system that performs stream-based, bi-directional traffic analysis at high speed without proxying or buffering to effectively uncover intrusion attempts and malware downloads while identifying application traffic regardless of port and protocol. This proprietary engine relies on streaming traffic payload inspection to detect threats at Layers 3-7, and takes network streams through extensive and repeated normalization and decryption in order to neutralize advanced evasion techniques that seek to confuse detection engines and sneak malicious code into the network.

Once a packet undergoes the necessary pre-processing, including TLS/SSL decryption, it is analyzed against a single, proprietary memory representation of three signature databases: intrusion attacks, malware and applications. The connection state is then advanced to represent the position of the stream relative to these databases until it encounters a state of attack, or other “match” event, at which point a pre-set action is taken.

In most cases, the connection is terminated and proper logging and notification events are created. However, the engine can also be configured for inspection only or, in case of application detection, to provide Layer 7 bandwidth management services for the remainder of the application stream as soon as the application is identified.

Global management and reporting

For highly regulated organizations wanting to achieve a fully coordinated security governance, compliance and risk management strategy, SonicWall provides administrators a unified, secure and extensible platform to manage SonicWall firewalls, wireless access points and WAN acceleration solutions through a correlated and auditable workstream process. Enterprises can easily consolidate the management of security appliances, reduce administrative and troubleshooting complexities, and govern all operational aspects of the security infrastructure, including centralized policy management and enforcement; real-time event monitoring; user activities; application identifications; flow analytics and forensics; compliance and audit reporting; and more. In addition, enterprises meet the firewall’s change management requirements through workflow automation which provides the agility and confidence to deploy the right firewall policies at the right time and in conformance with compliance regulations. SonicWall Global Management System (GMS), SonicWall's on-premises management and reporting solution, provides a coherent way to manage network security by business processes and service levels, dramatically simplifying lifecycle management of your overall security environments compared to managing on a device-by-device basis.