Specification Sheet

4
Reassembly-Free Deep Packet
Inspection engine
The SonicWall Reassembly-Free Deep
Packet Inspection (RFDPI) is a single-
pass, low latency inspection system that
performs stream-based, bi-directional
trafc analysis at high speed without
proxying or buffering to effectively
uncover intrusion attempts and malware
downloads while identifying application
trafc regardless of port and protocol.
This proprietary engine relies on
streaming trafc payload inspection to
detect threats at Layers 3-7, and takes
network streams through extensive and
repeated normalization and decryption
in order to neutralize advanced evasion
techniques that seek to confuse detection
engines and sneak malicious code into
the network.
Once a packet undergoes the necessary
pre-processing, including TLS/SSL
decryption, it is analyzed against a single,
proprietary memory representation of
three signature databases: intrusion
attacks, malware and applications. The
connection state is then advanced to
represent the position of the stream
relative to these databases until it
encounters a state of attack, or other
“match” event, at which point a pre-set
action is taken.
In most cases, the connection is
terminated and proper logging and
notication events are created. However,
the engine can also be congured for
inspection only or, in case of application
detection, to provide Layer 7 bandwidth
management services for the remainder
of the application stream as soon as the
application is identied.
Traffic out
Traffic out
Proxy
Scanning
Packet
disassembly
Packet assembly-based process
SonicWall stream-based architectureCompetitive proxy-based architecture
When proxy buffer
becomes full or
content too large,
files bypass
scanning.
Traffic in
Traffic in
TLS/SSL
Reassembly-free Deep Packet Inspection (RFDPI)
Reassembly-free packet
scanning eliminates proxy
and content size limitations.
Inspection time
Less More
Inspection capacity
Min Max
Inspection time
Less More
Inspection capacity
Min Max
CPU 1
CPU 2
CPU 3
CPU 4
CPU n
TLS/SSL
Centralized management
and reporting
For highly regulated organizations
wanting to achieve a fully coordinated
security governance, compliance and
risk management strategy, SonicWall
provides administrators a unied,
secure and extensible platform to
manage SonicWall rewalls, wireless
access points and Dell N-Series
and X-Series switches through a
correlated and auditable workstream
process. Enterprises can easily
consolidate the management of security
appliances, reduce administrative and
troubleshooting complexities, and govern
all operational aspects of the security
infrastructure, including centralized
policy management and enforcement;
real-time event monitoring; user
activities; application identications; ow
analytics and forensics; compliance and
audit reporting; and more. In addition,
enterprises meet the rewall’s change
management requirements through
workow automation which provides the
agility and condence to deploy the right
rewall policies at the right time and in
conformance with compliance regulations.
Available on premises as SonicWall
Global Management System and in
the cloud as Capture Security Center,
SonicWall management and reporting
solutions provide a coherent way to
manage network security by business
processes and service levels, dramatically
simplifying lifecycle management of your
overall security environments compared
to managing on a device-by-device basis.