SonicWALL TZ Series

FIR E WALL

Unified Threat Management Firewall

Unified Threat Management SonicWALL ReassemblyFree Deep Packet Inspection and control intelligence

Factors like Web 2.0 applications, streaming video, evolving threats and new threat delivery vectors are overwhelming both the security and performance of traditional firewalls. The stateful packet inspection firewalls installed over the years by many organizations are unable to detect malware embedded in network traffic, nor are they able to identify and control applications being used on the network. By integrating gateway anti-virus, anti-spyware, intrusion prevention, content filtering, anti-spam and application control, the SonicWALL TZ Series of Unified Threat Management (UTM) Firewalls shatters these limitations by offering high performance multi-layered network protection. SonicWALL Application Intelligence and Control helps administrators control and manage both business and non-business related applications to enable network and user productivity. Utilizing SonicWALLs unique ReassemblyFree Deep Packet Inspection (RFDPI) technology,* the TZ Series delivers in-depth protection at unparalleled performance. The TZ Series also provides IPSec and SSL VPN remote access, VoIP, and 802.11b/g/n wireless, and 3G wireless multi-WAN connectivity. Designed for the needs of small businesses, branch offices, distributed enterprise sites, retailers and managed service providers, the TZ Series supports the highest speeds available from modern ISPs while delivering full UTM protection. Each TZ appliance is available as a SonicWALL TotalSecure solution, conveniently bundling all hardware and services needed for comprehensive protection.
Features and Benefits
Unified Threat Management (UTM) delivers real-time gateway protection against the latest viruses, spyware, intrusions, software vulnerabilities and other malicious code. SonicWALL Reassembly-Free Deep Packet Inspection provides enterprise-class protection for any protocol including Web traffic, email, compressed file transfers, IM and P2P. Application intelligence and control provides granular control and real-time visualization of applications to guarantee bandwidth prioritization and ensure maximum network security and productivity.** Uncompromising performance even while providing comprehensive packet level inspection of both inbound and outbound traffic for any file size, while adding near zero latency. SonicWALL Comprehensive Anti-Spam Service utilizes real-time sender IP reputation analysis and cloud-based Advanced Content Management techniques to remove spam, phishing and virus-laden messages from inbound SMTP-based emails before they reach your network. Modular 3G wireless broadband and analog modem support can be used as either a primary or secondary WAN connection for business continuity or rapid deployment in remote locations. Secure 802.11b/g/n Wireless LAN (WLAN) technologies provide secure high-speed wireless connectivity with SonicWALLs wireless security enforcement for multiple virtual SSIDs.
* U.S. Patent 7,310,815A method and apparatus for data stream analysis and blocking. ** Available as an option only on the TZ 210 Series

n Application

Uncompromising performance SonicWALL Comprehensive Anti-Spam Service Modular 3G wireless broadband and analog modem Secure 802.11b/g/n Wireless LAN WAN Acceleration Advanced IPSec and SSL VPN SonicWALL PortShield Automated failover and failback and multi-WAN Robust Voice and Video over IP Intuitive configuration wizards SonicWALL Global Management System

n n

n n

WAN Acceleration decreases latency and increases transfer speeds between remote sites for even higher network efficiency gains. (SonicWALL WXA Series required) Advanced IPSec and SSL VPN connectivity options provide secure, high-speed office-to-office and individual user remote access. SonicWALL PortShield port-level security offers flexible protection for traffic on the WAN, DMZ and devices inside your network by easily grouping ports into logical units. Automated failover and failback and multiWAN capabilities ensure continuous uptime for WAN connections including VPN tunnels by diverting traffic over alternate 3G WWAN or Ethernet WAN connections in the event of primary connection failure. Robust Voice and Video over IP (VoIP) capabilities offer secure, standards-based support for sending voice (audio), streaming video and other media over IP-based networks. Intuitive configuration wizards simplify even the most complicated tasks, including VPN set-up, NAT configuration and public server configuration. SonicWALL Global Management System (GMS) provides comprehensive global management and reporting tools for simplified configuration, enforcement and management from a central location.

SonicWALL TZ Series - Wired and Wireless Security for Mission-critical Networks

SonicWALL Deep Packet Inspection Architecture

Eliminated Threats & Non-business Trac

Application Intelligence

Intrusion Prevention

Gateway Anti-Virus

Content Filtering

Anti-Spyware

Clean VPN

Emerging Blended Threats

Viruses Spyware
Bandwidth Management

Firewall

SonicWALL Real-time Unified Threat Management

Automatic Threat Database Updates

1
Clean Trac

Network I/O Engine PROT L2 L4 L3 L7

Forwarding Engine
Routing

Trac IN

Exploits

Bandwidth Management

Trac OUT

Defrag

Stateful Classication and Transformation

SonicWALLs TZ Series is the ultimate security platform for distributed and small networks, including remote and branch
Advanced Reputation Management

Normal

Flow Order

Presentation

2
Update Engine

Best-in-Class Threat Protection

1 SonicWALL deep packet inspection protects against network risks such as viruses, worms, Trojans, spyware, phishing attacks, emerging threats and Internet misuse. Application intelligence and control adds highlyconfigurable controls to prevent data leakage and manage bandwidth at the application level and real-time application visualization. 2 The SonicWALL Reassembly-Free Deep Packet Inspection engine comprehensively scans entire packets in real-time without stalling traffic in memory. This functionality allows threats to be identified and eliminated over unlimited file sizes and unrestricted concurrent connections, without interruption. 3 The TZ Series provides dynamic network protection through continuous, automated security updates, protecting against emerging and evolving threats without requiring any administrator intervention.

SonicWALL Clean VPN

The TZ Series includes innovative SonicWALL Clean VPN technology that protects against vulnerabilities and decontaminates malicious code in traffic from remote users, mobile users and branch offices before it enters the corporate network, all without user intervention. The TZ Series supports both IPSec and SSL VPN termination.
Eliminated Threats

Suppliers

Clean Trac

TZ Series Appliance

Mobile Users UTM Engine Internal Network

Telecommuters

Advanced Content Management

offices and
Comprehensive Anti-Spam Service Email Server

retail/POS deployments

Dropped

TZ Series Appliance

SonicWALL Comprehensive Anti-Spam Service (CASS)

offers small- to medium-sized businesses comprehensive protection from spam and viruses, with instant deployment over existing SonicWALL firewalls. CASS speeds deployment, eases administration and reduces overhead by consolidating solutions, providing one-click anti-spam services, with advanced configuration in just ten minutes. CASS features complete inbound anti-spam, anti-phishing, anti-malware, GRID Network IP Reputation, Advanced Content Management, Denial of Service prevention, full quarantine and customizable per-user junk summaries. Outperforming RBL filtering, CASS offers >98% effectiveness against spam, dropping >80% of spam at the gateway, and advanced anti-spam techniques like Adversarial Bayesian filtering on remaining email.

Centralized Policy Management

The TZ Series can be managed using the SonicWALL Global Management System, which provides flexible, powerful and intuitive tools to manage configurations, view real-time monitoring metrics and integrate policy and compliance reporting, all from a central location.

Home Office

Deployments
Home Office/Small Office Designed as a complete Unified Threat Management (UTM) platform delivering business-class protection to home office networks, the TZ Series features PortShield technology, which provides secure segmentation of the home network from work equipment. Technologies utilized: n Unified Threat Management (Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, Application Intelligence and Control, Anti-Spam, Content Filtering, and Enforced Client Anti-Virus and Anti-Spyware)
n n n

TZ Series

PortShield SSL VPN and IPSec VPN Optional 802.11n Clean Wireless

Home Oce/Small Oce LAN

Home/Family LAN

etail/Small TZ 100 Office

TZ 200

TZ 210

Comprehensive Gateway Security Suite includes gateway anti-virus, anti-spyware, intrusion prevention, application intelligence and control, content ltering, ViewPoint reporting and 24x7 support.

Clean VPN to encrypt and decontaminate trac.

Site-to-Site VPN

3G/Analog Failover

Corporate

Global Management System

Small Office/Retail The TZ Series is a high-performance security platform for small professional offices and retail deployments with mission-critical needs. The TZ 200 and TZ 210 Series feature 3G connectivity through an integrated USB slot for use as either the primary or backup WAN connection. Technologies utilized: n Unified Threat Management (Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, Application Intelligence and Control, Anti-Spam, Content Filtering, and Enforced Client Anti-Virus and AntiSpyware)

Secure Wireless Zone

Point-of-Sale Systems Comprehensive Gateway Security Suite includes gateway anti-virus, anti-spyware, intrusion prevention, application intelligence and control, content ltering, ViewPoint reporting and 24x7 support. Secure wireless zone with ReassemblyFree Deep Packet Inspection scanning.

Oce LAN Clean VPN to encrypt and decontaminate trac.

n n n n n n

3G failover WAN and VPN failover PortShield 802.11n Clean Wireless Global Management System Virtual Access Points (VAPs)

Remote Branch Office

Remote/Branch Office The TZ 200 and TZ 210 Series are the fastest multilayered network security solutions in their class, giving remote and branch offices unparalleled Unified Threat Management protection against continually evolving threats. PortShield offers network segmentation, while Application Intelligence Service on the TZ 210 provides application classification and policy management to control applications. Get security and segmentation, along with performance and reliability. Technologies utilized: n Unified Threat Management (Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, Application Intelligence and Control, Anti-Spam, Content Filtering, and Enforced Client Anti-Virus and Anti-Spyware)
n n n n n

TZ 100

TZ 200

TZ 210

Site-to-Site VPN

3G/Analog Failover

Corporate

Global Management System

Secure Wireless Zone

Sales Network Comprehensive Gateway Security Suite includes gateway anti-virus, anti-spyware, intrusion prevention, application intelligence and control, content ltering, ViewPoint reporting and 24x7 support.

Protected Server Network Secure wireless zone with ReassemblyFree Deep Packet Inspection scanning. Clean VPN to encrypt and decontaminate trac.

Comprehensive Anti-Spam Service SSL VPN and IPSec VPN 802.11n Clean Wireless Optional hardware failover Global Management System

TZ 100

TZ 200

TZ 210

Specifications
Firewall SonicOS Version Stateful Throughput 1 GAV Throughput 2 IPS Throughput 2 UTM Throughput 2 IMIX Throughput 2 Maximum Connections 3 Maximum UTM Connections New Connections/Sec Nodes Supported Denial of Service Attack Protection SonicPoints Supported VPN 3DES/AES Throughput Site-to-Site VPN Tunnels Bundled GVC Licenses (Maximum) Bundled SSL VPN Licenses (Maximum) Encryption/Authentication/DH Group Virtual Assist Bundled (Maximum) Key Exchange Certificate Support VPN Features Global VPN Client Platforms Supported SSL VPN Platforms
4

TZ 100 Series 100 Mbps 35 Mbps 50 Mbps 25 Mbps 40 Mbps 6,000 6,000 1,000

TZ 200 Series SonicOS 5.6 and later 100 Mbps 50 Mbps 70 Mbps 35 Mbps 50 Mbps 12,000 12,000 1,000 Unrestricted 22 classes of DoS, DDoS and scanning attacks 2 75 Mbps 10 2 (10)

TZ 210 Series 200 Mbps 70 Mbps 110 Mbps 50 Mbps 110 Mbps 30,000 20,000 1,500

SonicWALL TZ 100 01-SSC-8734 SonicWALL TZ 100 Wireless-N 01-SSC-8735 (US/Canada) SonicWALL TZ 100 TotalSecure* 01-SSC-8739 SonicWALL TZ 100 Wireless-N TotalSecure* 01-SSC-8723 (US/Canada)

16

5 0 (5) 1 (5)

15 2 (25)

1 (10) 2 (10) DES, 3DES, AES (128, 142, 256-bit), MD5, SHA-1/DH Group 1, 2, 5, 14 30-day trial (1) 30-day trial (2) IKE, Manual Key, Certificates (X.509), L2TP over IPSec Verisign, Thawte, Cybertrust, RSA Keon, Entrust and Microsoft CA for SonicWALL-to-SonicWALL VPN, SCEP Dead Peer Detection, DHCP Over VPN, IPSec NAT Traversal, Redundant VPN Gateway, Route-based VPN Microsoft Windows 2000, Windows XP, Vista 32/64-bit, Windows 7 32/64-bit Microsoft Windows 2000/ XP/ Vista 32/64-bit / Windows 7, Mac OSX 10.4+, Linux FC3+/ Ubuntu 7+/ OpenSUSE Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention HTTP URL, HTTPS IP, keyword and content scanning, ActiveX, Java Applet, and cookie blocking, bandwidth management on filtering categories, allow/forbid lists HTTP/S, SMTP, POP3, IMAP and FTP, Enforced McAfee Client Email attachment blocking Supported Supported

Security Services Deep Packet Inspection Services Content Filtering Service (CFS) Enforced Client Anti-Virus and Anti-Spyware Comprehensive Anti-Spam Service 8 Application Intelligence and Control Networking IP Address Assignment NAT Modes VLANS DHCP Routing Authentication Local User Database VoIP System Zone Security Schedules Object-based/Group-based Management DDNS Management and Monitoring Logging and Reporting Hardware Failover Anti-Spam Load Balancing Standards WAN Acceleration Support10 Built-in Wireless LAN Standards Virtual Access Points (VAPs)5 Antennas (5 dBi Diversity) Radio Power 802.11b 802.11g 802.11n Radio Receive Sensitivity 802.11b 802.11g 802.11n Hardware Interfaces Flash Memory/RAM 3G Wireless/Modem7 USB Ports Power Input Max Power Consumption Total Heat Dissipation Certifications Form Factor and Dimensions Weight (5) 10/100 (2) 10/100/1000, (5) 10/100 16 MB/256 MB 32 MB/256 MB Supported with approved adaptors Supported with approved adaptors 1 2 100 to 240 VAC, 50-60 Hz, 1 A 7.5 W/9.5 W (TZ 100 W) 8.6 W/10.6 W (TZ 200 W) 9.4 W/11.7 W (TZ 210 W) 26 BTU/33 BTU (TZ 100 W) 30 BTU/37 BTU (TZ 200 W) 32 BTU/40 BTU (TZ 210 W) Common Criteria EAL4+, VPNC, FIPS 140-2, ICSA Firewall 4.1 6.30 x 5.63 x 1.46 in 6.30 x 5.63 x 1.46 in 8.9 x 5.9 x 1.9 in (16 x 14.3 x 3.7 cm) (16 x 14.3 x 3.7 cm) (22.5 x 14.9 x 3.6 cm) 2.0 lbs/0.91 kg 2.0 lbs/0.91 kg 2.0 lbs/0.91 kg 2.5 lbs/1.1 kg (TZ 100 W) 2.5 lbs/1.1 kg (TZ 200 W) 2.8 lbs/1.3 kg (TZ 210 W) FCC Class B, ICES Class B, CE, C-Tick, VCCI Class B, MIC, NOM, UL, cUL, TUV/GS, CB, WEEE, RoHS 32-105 F, 0-40 C/ 5-95% non-condensing 8 Years Minimum (5) 10/100 16 MB/128 MB 802.11b/g/n (WEP, WPA, WPA2, 802.11i, TKIP, PSK,02.1x, EAP-PEAP, EAP-TTLS) Up to 8 for all appliances Dual, detachable, external Triple, detachable, external 18 dBm maximum 18 dBM @ 6~48 Mbps 14 dBm @ 54 Mbps 19 dBm MCS 0, 12 dBm MCS 15 -90 dBm @ 11Mbps -91 dBm @ 6Mbps, -74 dBm @ 54 Mbps -89 dBm MCS 0, -70 dBm MCS 15 Yes Yes Yes Yes Yes Yes Dynamic DNS providers include: dyndns.org, yi.org, no-ip.com and changeip.com Local CLI, Web GUI (HTTP, HTTPS), SNMP v2; Global management with SonicWALL GMS ViewPoint, Local Log, Syslog, Solera Networks, NetFlow v5/v9, IPFIX with Extensions, Real-time Visualization9 Active/Passive Active/Passive RBL support, Allowed/Blocked Lists, Optional SonicWALL Comprehensive Anti-Spam Service8 6 Yes, Outgoing and Incoming TCP/IP, UDP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3 Yes Yes Yes Yes

SonicWALL TZ 200 01-SSC-8741 SonicWALL TZ 200 Wireless-N 01-SSC-8742 (US/Canada) SonicWALL TZ 200 TotalSecure* 01-SSC-8746 SonicWALL TZ 200 Wireless-N TotalSecure* 01-SSC-8715 (US/Canada)

Static, (DHCP, PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP relay 1:1, 1:many, many:1, many:many, flexible NAT (overlapping IPs), PAT, transparent mode 10, PortShield 10, PortShield Internal server, relay RIPv1/v2 advertisement, OSPF, RIP v1/v2, static routes, static routes policy-based routing, multicast XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database 25 users 100 users 150 users Full H.323v1-5, SIP, gatekeeper support, outbound bandwidth management, VoIP over WLAN, deep inspection security, full interoperability with most VoIP gateway and communications devices 5, PortShield

SonicWALL TZ 210 01-SSC-8753 SonicWALL TZ 210 Wireless-N 01-SSC-8754 (US/Canada) SonicWALL TZ 210 TotalSecure* 01-SSC-8769 SonicWALL TZ 210 Wireless-N TotalSecure* 01-SSC-8773 (US/Canada) *Includes one-year of Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, Application Intelligence (TZ 210 Series) Service, Content Filtering Service, Dynamic Support 24x7 and ViewPoint Reporting.

Certifications

Major Regulatory Compliance Environment/Humidity MTBF

1

Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services. 2 UTM/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs. 3 Actual maximum connection counts are lower when UTM services are enabled. 4 VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544. 5 Supported on the Internal Radio for the TZ 100 W, TZ 200 W and TZ 210 W only. 6 With SonicOS Enhanced. 7 3G card and modem are not included. See http://www.sonicwall.com/us/products/cardsupport.html for supported USB devices. 8 The Comprehensive Anti-Spam Service supports an unrestricted number of users but is recommended for 250 users or less. 9 TZ 100/200 not supported. 10 With SonicWALL WXA Series Appliances.

SonicWALLs line-up of dynamic security solutions SonicWALL, Inc. 2001 Logic Drive, San Jose, CA 95124 T +1 408.745.9600 F +1 408.745.9300 www.sonicwall.com

NETWORK SECURITY

SECURE REMOTE ACCESS

WEB AND E-MAIL SECURITY

BACKUP AND RECOVERY

POLICY AND MANAGEMENT

2011 SonicWALL, Inc. All rights reserved. SonicWALL is a registered trademark of SonicWALL, Inc. and all other SonicWALL product and service names and slogans are trademarks or registered trademarks of SonicWALL, Inc. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective owners. 06/11 SW 1281