Professional Documents
Culture Documents
FIR E WALL
Unified Threat Management SonicWALL ReassemblyFree Deep Packet Inspection and control intelligence
Factors like Web 2.0 applications, streaming video, evolving threats and new threat delivery vectors are overwhelming both the security and performance of traditional firewalls. The stateful packet inspection firewalls installed over the years by many organizations are unable to detect malware embedded in network traffic, nor are they able to identify and control applications being used on the network. By integrating gateway anti-virus, anti-spyware, intrusion prevention, content filtering, anti-spam and application control, the SonicWALL TZ Series of Unified Threat Management (UTM) Firewalls shatters these limitations by offering high performance multi-layered network protection. SonicWALL Application Intelligence and Control helps administrators control and manage both business and non-business related applications to enable network and user productivity. Utilizing SonicWALLs unique ReassemblyFree Deep Packet Inspection (RFDPI) technology,* the TZ Series delivers in-depth protection at unparalleled performance. The TZ Series also provides IPSec and SSL VPN remote access, VoIP, and 802.11b/g/n wireless, and 3G wireless multi-WAN connectivity. Designed for the needs of small businesses, branch offices, distributed enterprise sites, retailers and managed service providers, the TZ Series supports the highest speeds available from modern ISPs while delivering full UTM protection. Each TZ appliance is available as a SonicWALL TotalSecure solution, conveniently bundling all hardware and services needed for comprehensive protection.
Features and Benefits
Unified Threat Management (UTM) delivers real-time gateway protection against the latest viruses, spyware, intrusions, software vulnerabilities and other malicious code. SonicWALL Reassembly-Free Deep Packet Inspection provides enterprise-class protection for any protocol including Web traffic, email, compressed file transfers, IM and P2P. Application intelligence and control provides granular control and real-time visualization of applications to guarantee bandwidth prioritization and ensure maximum network security and productivity.** Uncompromising performance even while providing comprehensive packet level inspection of both inbound and outbound traffic for any file size, while adding near zero latency. SonicWALL Comprehensive Anti-Spam Service utilizes real-time sender IP reputation analysis and cloud-based Advanced Content Management techniques to remove spam, phishing and virus-laden messages from inbound SMTP-based emails before they reach your network. Modular 3G wireless broadband and analog modem support can be used as either a primary or secondary WAN connection for business continuity or rapid deployment in remote locations. Secure 802.11b/g/n Wireless LAN (WLAN) technologies provide secure high-speed wireless connectivity with SonicWALLs wireless security enforcement for multiple virtual SSIDs.
* U.S. Patent 7,310,815A method and apparatus for data stream analysis and blocking. ** Available as an option only on the TZ 210 Series
n Application
Uncompromising performance SonicWALL Comprehensive Anti-Spam Service Modular 3G wireless broadband and analog modem Secure 802.11b/g/n Wireless LAN WAN Acceleration Advanced IPSec and SSL VPN SonicWALL PortShield Automated failover and failback and multi-WAN Robust Voice and Video over IP Intuitive configuration wizards SonicWALL Global Management System
n n
n n
WAN Acceleration decreases latency and increases transfer speeds between remote sites for even higher network efficiency gains. (SonicWALL WXA Series required) Advanced IPSec and SSL VPN connectivity options provide secure, high-speed office-to-office and individual user remote access. SonicWALL PortShield port-level security offers flexible protection for traffic on the WAN, DMZ and devices inside your network by easily grouping ports into logical units. Automated failover and failback and multiWAN capabilities ensure continuous uptime for WAN connections including VPN tunnels by diverting traffic over alternate 3G WWAN or Ethernet WAN connections in the event of primary connection failure. Robust Voice and Video over IP (VoIP) capabilities offer secure, standards-based support for sending voice (audio), streaming video and other media over IP-based networks. Intuitive configuration wizards simplify even the most complicated tasks, including VPN set-up, NAT configuration and public server configuration. SonicWALL Global Management System (GMS) provides comprehensive global management and reporting tools for simplified configuration, enforcement and management from a central location.
Application Intelligence
Intrusion Prevention
Gateway Anti-Virus
Content Filtering
Anti-Spyware
Clean VPN
Firewall
1
Clean Trac
Forwarding Engine
Routing
Trac IN
Exploits
Bandwidth Management
Trac OUT
Defrag
SonicWALLs TZ Series is the ultimate security platform for distributed and small networks, including remote and branch
Advanced Reputation Management
Normal
Flow Order
Presentation
2
Update Engine
Suppliers
Clean Trac
TZ Series Appliance
Telecommuters
offices and
Comprehensive Anti-Spam Service Email Server
retail/POS deployments
Dropped
TZ Series Appliance
Home Office
Deployments
Home Office/Small Office Designed as a complete Unified Threat Management (UTM) platform delivering business-class protection to home office networks, the TZ Series features PortShield technology, which provides secure segmentation of the home network from work equipment. Technologies utilized: n Unified Threat Management (Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, Application Intelligence and Control, Anti-Spam, Content Filtering, and Enforced Client Anti-Virus and Anti-Spyware)
n n n
TZ Series
PortShield SSL VPN and IPSec VPN Optional 802.11n Clean Wireless
Home/Family LAN
TZ 200
TZ 210
Comprehensive Gateway Security Suite includes gateway anti-virus, anti-spyware, intrusion prevention, application intelligence and control, content ltering, ViewPoint reporting and 24x7 support.
Site-to-Site VPN
3G/Analog Failover
Corporate
Small Office/Retail The TZ Series is a high-performance security platform for small professional offices and retail deployments with mission-critical needs. The TZ 200 and TZ 210 Series feature 3G connectivity through an integrated USB slot for use as either the primary or backup WAN connection. Technologies utilized: n Unified Threat Management (Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, Application Intelligence and Control, Anti-Spam, Content Filtering, and Enforced Client Anti-Virus and AntiSpyware)
Point-of-Sale Systems Comprehensive Gateway Security Suite includes gateway anti-virus, anti-spyware, intrusion prevention, application intelligence and control, content ltering, ViewPoint reporting and 24x7 support. Secure wireless zone with ReassemblyFree Deep Packet Inspection scanning.
n n n n n n
3G failover WAN and VPN failover PortShield 802.11n Clean Wireless Global Management System Virtual Access Points (VAPs)
Remote/Branch Office The TZ 200 and TZ 210 Series are the fastest multilayered network security solutions in their class, giving remote and branch offices unparalleled Unified Threat Management protection against continually evolving threats. PortShield offers network segmentation, while Application Intelligence Service on the TZ 210 provides application classification and policy management to control applications. Get security and segmentation, along with performance and reliability. Technologies utilized: n Unified Threat Management (Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, Application Intelligence and Control, Anti-Spam, Content Filtering, and Enforced Client Anti-Virus and Anti-Spyware)
n n n n n
TZ 100
TZ 200
TZ 210
Site-to-Site VPN
3G/Analog Failover
Corporate
Sales Network Comprehensive Gateway Security Suite includes gateway anti-virus, anti-spyware, intrusion prevention, application intelligence and control, content ltering, ViewPoint reporting and 24x7 support.
Protected Server Network Secure wireless zone with ReassemblyFree Deep Packet Inspection scanning. Clean VPN to encrypt and decontaminate trac.
Comprehensive Anti-Spam Service SSL VPN and IPSec VPN 802.11n Clean Wireless Optional hardware failover Global Management System
TZ 100
TZ 200
TZ 210
Specifications
Firewall SonicOS Version Stateful Throughput 1 GAV Throughput 2 IPS Throughput 2 UTM Throughput 2 IMIX Throughput 2 Maximum Connections 3 Maximum UTM Connections New Connections/Sec Nodes Supported Denial of Service Attack Protection SonicPoints Supported VPN 3DES/AES Throughput Site-to-Site VPN Tunnels Bundled GVC Licenses (Maximum) Bundled SSL VPN Licenses (Maximum) Encryption/Authentication/DH Group Virtual Assist Bundled (Maximum) Key Exchange Certificate Support VPN Features Global VPN Client Platforms Supported SSL VPN Platforms
4
TZ 100 Series 100 Mbps 35 Mbps 50 Mbps 25 Mbps 40 Mbps 6,000 6,000 1,000
TZ 200 Series SonicOS 5.6 and later 100 Mbps 50 Mbps 70 Mbps 35 Mbps 50 Mbps 12,000 12,000 1,000 Unrestricted 22 classes of DoS, DDoS and scanning attacks 2 75 Mbps 10 2 (10)
TZ 210 Series 200 Mbps 70 Mbps 110 Mbps 50 Mbps 110 Mbps 30,000 20,000 1,500
SonicWALL TZ 100 01-SSC-8734 SonicWALL TZ 100 Wireless-N 01-SSC-8735 (US/Canada) SonicWALL TZ 100 TotalSecure* 01-SSC-8739 SonicWALL TZ 100 Wireless-N TotalSecure* 01-SSC-8723 (US/Canada)
16
5 0 (5) 1 (5)
15 2 (25)
1 (10) 2 (10) DES, 3DES, AES (128, 142, 256-bit), MD5, SHA-1/DH Group 1, 2, 5, 14 30-day trial (1) 30-day trial (2) IKE, Manual Key, Certificates (X.509), L2TP over IPSec Verisign, Thawte, Cybertrust, RSA Keon, Entrust and Microsoft CA for SonicWALL-to-SonicWALL VPN, SCEP Dead Peer Detection, DHCP Over VPN, IPSec NAT Traversal, Redundant VPN Gateway, Route-based VPN Microsoft Windows 2000, Windows XP, Vista 32/64-bit, Windows 7 32/64-bit Microsoft Windows 2000/ XP/ Vista 32/64-bit / Windows 7, Mac OSX 10.4+, Linux FC3+/ Ubuntu 7+/ OpenSUSE Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention HTTP URL, HTTPS IP, keyword and content scanning, ActiveX, Java Applet, and cookie blocking, bandwidth management on filtering categories, allow/forbid lists HTTP/S, SMTP, POP3, IMAP and FTP, Enforced McAfee Client Email attachment blocking Supported Supported
Security Services Deep Packet Inspection Services Content Filtering Service (CFS) Enforced Client Anti-Virus and Anti-Spyware Comprehensive Anti-Spam Service 8 Application Intelligence and Control Networking IP Address Assignment NAT Modes VLANS DHCP Routing Authentication Local User Database VoIP System Zone Security Schedules Object-based/Group-based Management DDNS Management and Monitoring Logging and Reporting Hardware Failover Anti-Spam Load Balancing Standards WAN Acceleration Support10 Built-in Wireless LAN Standards Virtual Access Points (VAPs)5 Antennas (5 dBi Diversity) Radio Power 802.11b 802.11g 802.11n Radio Receive Sensitivity 802.11b 802.11g 802.11n Hardware Interfaces Flash Memory/RAM 3G Wireless/Modem7 USB Ports Power Input Max Power Consumption Total Heat Dissipation Certifications Form Factor and Dimensions Weight (5) 10/100 (2) 10/100/1000, (5) 10/100 16 MB/256 MB 32 MB/256 MB Supported with approved adaptors Supported with approved adaptors 1 2 100 to 240 VAC, 50-60 Hz, 1 A 7.5 W/9.5 W (TZ 100 W) 8.6 W/10.6 W (TZ 200 W) 9.4 W/11.7 W (TZ 210 W) 26 BTU/33 BTU (TZ 100 W) 30 BTU/37 BTU (TZ 200 W) 32 BTU/40 BTU (TZ 210 W) Common Criteria EAL4+, VPNC, FIPS 140-2, ICSA Firewall 4.1 6.30 x 5.63 x 1.46 in 6.30 x 5.63 x 1.46 in 8.9 x 5.9 x 1.9 in (16 x 14.3 x 3.7 cm) (16 x 14.3 x 3.7 cm) (22.5 x 14.9 x 3.6 cm) 2.0 lbs/0.91 kg 2.0 lbs/0.91 kg 2.0 lbs/0.91 kg 2.5 lbs/1.1 kg (TZ 100 W) 2.5 lbs/1.1 kg (TZ 200 W) 2.8 lbs/1.3 kg (TZ 210 W) FCC Class B, ICES Class B, CE, C-Tick, VCCI Class B, MIC, NOM, UL, cUL, TUV/GS, CB, WEEE, RoHS 32-105 F, 0-40 C/ 5-95% non-condensing 8 Years Minimum (5) 10/100 16 MB/128 MB 802.11b/g/n (WEP, WPA, WPA2, 802.11i, TKIP, PSK,02.1x, EAP-PEAP, EAP-TTLS) Up to 8 for all appliances Dual, detachable, external Triple, detachable, external 18 dBm maximum 18 dBM @ 6~48 Mbps 14 dBm @ 54 Mbps 19 dBm MCS 0, 12 dBm MCS 15 -90 dBm @ 11Mbps -91 dBm @ 6Mbps, -74 dBm @ 54 Mbps -89 dBm MCS 0, -70 dBm MCS 15 Yes Yes Yes Yes Yes Yes Dynamic DNS providers include: dyndns.org, yi.org, no-ip.com and changeip.com Local CLI, Web GUI (HTTP, HTTPS), SNMP v2; Global management with SonicWALL GMS ViewPoint, Local Log, Syslog, Solera Networks, NetFlow v5/v9, IPFIX with Extensions, Real-time Visualization9 Active/Passive Active/Passive RBL support, Allowed/Blocked Lists, Optional SonicWALL Comprehensive Anti-Spam Service8 6 Yes, Outgoing and Incoming TCP/IP, UDP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3 Yes Yes Yes Yes
SonicWALL TZ 200 01-SSC-8741 SonicWALL TZ 200 Wireless-N 01-SSC-8742 (US/Canada) SonicWALL TZ 200 TotalSecure* 01-SSC-8746 SonicWALL TZ 200 Wireless-N TotalSecure* 01-SSC-8715 (US/Canada)
Static, (DHCP, PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP relay 1:1, 1:many, many:1, many:many, flexible NAT (overlapping IPs), PAT, transparent mode 10, PortShield 10, PortShield Internal server, relay RIPv1/v2 advertisement, OSPF, RIP v1/v2, static routes, static routes policy-based routing, multicast XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database 25 users 100 users 150 users Full H.323v1-5, SIP, gatekeeper support, outbound bandwidth management, VoIP over WLAN, deep inspection security, full interoperability with most VoIP gateway and communications devices 5, PortShield
SonicWALL TZ 210 01-SSC-8753 SonicWALL TZ 210 Wireless-N 01-SSC-8754 (US/Canada) SonicWALL TZ 210 TotalSecure* 01-SSC-8769 SonicWALL TZ 210 Wireless-N TotalSecure* 01-SSC-8773 (US/Canada) *Includes one-year of Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, Application Intelligence (TZ 210 Series) Service, Content Filtering Service, Dynamic Support 24x7 and ViewPoint Reporting.
Certifications
Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services. 2 UTM/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs. 3 Actual maximum connection counts are lower when UTM services are enabled. 4 VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544. 5 Supported on the Internal Radio for the TZ 100 W, TZ 200 W and TZ 210 W only. 6 With SonicOS Enhanced. 7 3G card and modem are not included. See http://www.sonicwall.com/us/products/cardsupport.html for supported USB devices. 8 The Comprehensive Anti-Spam Service supports an unrestricted number of users but is recommended for 250 users or less. 9 TZ 100/200 not supported. 10 With SonicWALL WXA Series Appliances.
SonicWALLs line-up of dynamic security solutions SonicWALL, Inc. 2001 Logic Drive, San Jose, CA 95124 T +1 408.745.9600 F +1 408.745.9300 www.sonicwall.com
NETWORK SECURITY
2011 SonicWALL, Inc. All rights reserved. SonicWALL is a registered trademark of SonicWALL, Inc. and all other SonicWALL product and service names and slogans are trademarks or registered trademarks of SonicWALL, Inc. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective owners. 06/11 SW 1281