Datasheet

ManualsBrandsSonicWALL ManualsNetworking01-SSC-0213

Reassembly-Free Deep Packet Inspection (RFDPI) engine

The RFDPI engine provides superior threat protection and application control without compromising performance. This patented

engine inspects the trac stream to detect threats at Layers 3-7. The RFDPI engine takes network streams through extensive and

repeated normalization and decryption in order to neutralize advanced evasion techniques that seek to confuse detection engines

and sneak malicious code into the network. Once a packet undergoes the necessary preprocessing, including SSL decryption,

it is analyzed against a single proprietary memory representation of three signature databases: intrusion attacks, malware and

applications. The connection state is then advanced to represent the position of the stream relative to these databases until it

encounters a state of attack, or another “match” event, at which point a pre-set action is taken. As malware is identiﬁed, the

SonicWALL ﬁrewall terminates the connection before any compromise can be achieved and properly logs the event. However,

the engine can also be conﬁgured for inspection only or, in the case of application detection, to provide Layer 7 bandwidth

management services for the remainder of the application stream as soon as the application is identiﬁed.

Extensible architecture for extreme scalability and performance

The RFDPI engine is designed from the ground up with an emphasis on providing security scanning at a high performance level,

to match both the inherently parallel and ever-growing nature of network trac. When combined with multi-core processor

systems, this parallel-centric software architecture scales up perfectly to address the demands of deep packet inspection at high

trac loads. The SonicWALL TZ Series platform relies on processors that, unlike x86, are optimized for packet, crypto and network

processing while retaining ﬂexibility and programmability in the ﬁeld—a weak point for ASICs systems. This ﬂexibility is essential

when new code and behavior updates are necessary to protect against new attacks that require updated and more sophisticated

detection techniques.

Trac in

Trac out

Packet reassembly-free process

Reassembly-free packet

scanning without proxy

or content size limitations

Inspection time

Less More

Inspection capacity

Min Max

Dell SonicWALL architecture

Trac in

Inspection time

Less More

Inspection capacity

Min Max

When proxy becomes full

or content too large, ﬁles

bypass scanning

Packet assembly-based process

Trac out

Proxy

Competitive architecture

Scanning

Packet

disassembly

NSA or SuperMassive

SOHO

TZ400

GMS

Corporate

headquarters

Home oce

Branch oce

TZ400

Branch oce

TZ500

Branch oce

TZ600

Branch oce

Global

Management

System

Software

or virtual

appliance