Specification Sheet
9
Features
RFDPI ENGINE
Feature Description
Reassembly-Free Deep Packet
Inspection (RFDPI)
This high-performance, proprietary and patented inspection engine performs stream-based, bi-directional
trafc analysis, without proxying or buffering, to uncover intrusion attempts and malware and to identify
application trafc regardless of port.
Bi-directional inspection
Scans for threats in both inbound and outbound trafc simultaneously to ensure that the network is not
used to distribute malware and does not become a launch platform for attacks in case an infected machine
is brought inside.
Stream-based inspection
Proxy-less and non-buffering inspection technology provides ultra-low latency performance for DPI of
millions of simultaneous network streams without introducing le and stream size limitations, and can be
applied on common protocols as well as raw TCP streams.
Highly parallel and scalable
The unique design of the RFDPI engine works with the multi-core architecture to provide high DPI
throughput and extremely high new session establishment rates to deal with trafc spikes in demanding
networks.
Single-pass inspection
A single-pass DPI architecture simultaneously scans for malware, intrusions and application identication,
drastically reducing DPI latency and ensuring that all threat information is correlated in a single architecture.
FIREWALL AND NETWORKING
Feature Description
Secure SD-WAN
An alternative to more expensive technologies such as MPLS, Secure SD-WAN enables distributed
enterprise organizations to build, operate and manage secure, high-performance networks across remote
sites for the purpose of sharing data, applications and services using readily-available, low-cost public
internet services.
REST APIs
Allows the rewall to receive and leverage any and all proprietary, original equipment manufacturer and
third-party intelligence feeds to combat advanced threats such as zero-day, malicious insider, compromised
credentials, ransomware and advanced persistent threats.
Stateful packet inspection All network trafc is inspected, analyzed and brought into compliance with rewall access policies.
High availability/clustering
SonicWall TZ500 and TZ600 models support high availability with Active/Standby with state synchronization.
SonicWall TZ300 and TZ400 models support high availability without Active/Standby synchronization. There
is no high availability on SonicWall SOHO models.
DDoS/DoS attack protection
SYN ood protection provides a defense against DoS attacks using both Layer 3 SYN proxy and Layer
2 SYN blacklisting technologies. Additionally, it protects against DoS/DDoS through UDP/ICMP ood
protection and connection rate limiting.
IPv6 support
Internet Protocol version 6 (IPv6) is in its early stages to replace IPv4. With SonicOS, the hardware will
support ltering and wire mode implementations.
Flexible deployment options The TZ series can be deployed in traditional NAT, Layer 2 bridge, wire and network tap modes.
WAN load balancing Load-balances multiple WAN interfaces using Round Robin, Spillover or Percentage methods.
Advanced quality of service (QoS)
Guarantees critical communications with 802.1p, DSCP tagging, and remapping of VoIP trafc on the
network.
H.323 gatekeeper and SIP proxy
support
Blocks spam calls by requiring that all incoming calls are authorized and authenticated by H.323 gatekeeper or
SIP proxy.
Single and cascaded Dell N-Series and
X-Series switch management
Manage security settings of additional ports, including Portshield, HA, PoE and PoE+, under a single pane
of glass using the rewall management dashboard for Dell’s N-Series and X-Series network switch (not
available with SOHO model).
Biometric authentication
Supports mobile device authentication such as ngerprint recognition that cannot be easily duplicated or
shared to securely authenticate the user identity for network access.
Open authentication and social login
Enable guest users to use their credentials from social networking services such as Facebook, Twitter, or
Google+ to sign in and access the Internet and other guest services through a host's wireless, LAN or DMZ
zones using pass-through authentication.
Wireless Network Security
Available as an integrated option on SonicWall TZ300 through TZ500, IEEE 802.11ac wireless technology
can deliver up to 1.3 Gbps of wireless throughput with greater range and reliability. Optional 802.11 a/b/g/n
is available on SonicWall SOHO models.
MANAGEMENT AND REPORTING
Feature Description
Cloud-based and on-premises
management
Conguration and management of SonicWall appliances is available via the cloud through the SonicWall
Capture Security Center and on-premises using SonicWall Global Management System (GMS).
Powerful single device management
An intuitive web-based interface allows quick and convenient conguration, in addition to a comprehensive
command-line interface and support for SNMPv2/3.
IPFIX/NetFlow application ow
reporting
Exports application trafc analytics and usage data through IPFIX or NetFlow protocols for real-time and
historical monitoring and reporting with tools that support IPFIX and NetFlow with extensions.