ºÝºÝߣ

ºÝºÝߣShare a Scribd company logo

Ds e class-nsa_e8500_us

?
?
Yustinus Malawau
Yustinus Malawau

The SonicWALL NSA E8500 appliance provides application intelligence and control, powerful intrusion prevention, and deep packet inspection of encrypted traffic. It can analyze over 1,100 applications and inspect hundreds of thousands of connections simultaneously across all ports. As a gateway or inline solution, it adds visibility and security to networks while keeping existing infrastructure intact. Regular updates ensure dynamic security against the latest threats.

1 of 2
Download to read offline
SonicWALL ECLASS Network Security Appliance N E T WO R K SECU R I T Y SonicWALL NSA E8500 for Application Intelligence and Control n Application intelligence A fundamental problem continues to emerge for CIOs and IT administrators: as they strive to increase and control workforce productivity and improve the quality of internal services, they lack insight into the total traffic intelligence on their networks. This information is required for accurate performance analysis, threat n Intuitive visualization tools discovery and for the ability to take immediate action to ensure smooth operations of critical systems. n SonicWALL Reassembly-Free Capturing traffic intelligence has become increasingly elusive for conventional tools that identify protocols Deep Packet Inspection by their respective ports, as newer applications become more Web-enabled and increasingly utilize common protocols such as HTTP/HTTPS. As a result, traditional firewalls have grown blind to the application traffic on n Powerful intrusion the network, to the threats that can travel through these applications and to the inefficient use of the network prevention through these applications. For example, although HTTP/HTTPS traffic looks benign to traditional firewalls, it can carry some of the most bandwidth intensive and potentially security compromising applications, n Flexible deployment including streaming video and audio, chat traffic and various document formats. The same can be said for social networking sites which, although not formally classified as true applications, utilize the same technologies, n Dynamic security exposing companies to malware and competing for bandwidth with mission critical applications. To regain control of this traffic, traditional firewalls must evolve far beyond basic stateful inspection and must analyze n Deep Packet Inspection traffic at the application layer. The ability to perform this task relies completely on deep packet inspection, of SSL-encrypted traffic which is the only technology capable of exposing all of these types of network activity. (DPI SSL) The SonicWALL E-Class Network Security Appliance (NSA) E8500 offers Dynamic Security for the Global Network by providing powerful application intelligence and control along with network intrusion detection and prevention. With the patented SonicWALL? Reassembly-Free Deep Packet Inspection? (RFDPI) engine and sophisticated application intelligence capabilities, the NSA E8500 can analyze and control over 1,100 unique applications, whether they are encrypted with SSL or are unencrypted. This exceptional combination of software sophistication and incredibly powerful hardware leaves little room for application traffic to hide on the network, since SonicWALL¡¯s patented RFDI? engine is capable of inspecting hundreds of thousands of connections simultaneously across all 65,535 ports equally, with nearly zero latency and without stream size limitations. The NSA E8500 can be deployed both inline and as a gateway in a network. When deployed as an inline solution, the NSA E8500 allows administrators to leave their existing infrastructure intact and add Application Intelligence and Control as an extra layer of security and visibility to their network. The NSA E8500 can also serve as a full-featured security gateway with all the required remote access, high availability and enterprise features expected in demanding deployments. Features and Benefits Application intelligence and control is provided by a messenger applications, backdoor exploits, and other configurable set of granular application-specific policies malicious code. that can be applied per user, application, schedule or IP subnet. These polices can be used to restrict transfer of Flexible deployment as either a traditional gateway specific files and documents, scan email attachments via or as an inline solution that allows administrators to user-configurable criteria, automate application bandwidth keep their existing network infrastructure, while adding allocation, control and inspect both internal and external application intelligence and control as an extra layer of Web access and enable users to add custom signatures. security and visibility. Intuitive visualization tools offer IT administrators a Dynamic security continually updates threat protection, wide range of data points on applications traversing the intrusion detection and prevention and application control network, including who is using them, and the potential services on a 24x7 basis to maximize security. The full suite security impact. of threat prevention services can defend against 1,000,000+ unique malware attacks. SonicWALL Reassembly-Free Deep Packet Inspection is capable of controlling over 1,100 unique Deep Packet Inspection of SSL-encrypted traffic applications on the network and inspecting hundreds of (DPI SSL) transparently decrypts and scans both inbound thousands of connections simultaneously across all 65,535 and outbound HTTPS traffic using SonicWALL RFDPI. ports, with nearly zero latency and unlimited stream size. The traffic is then re-encrypted and sent to its original destination if no threats or vulnerabilities are discovered. Powerful intrusion prevention protects against a comprehensive array of network-based application layer threats by scanning packet payloads for worms, Trojans, software vulnerabilities, peer-to-peer and instant PROTECTION AT THE SPEED OF BUSINESS?
SonicWALL ECLASS Network Security Appliance Specifications NSA E8500 Firewall Stateful Throughput1 8.0 Gbps SonicWALL NSA E8500 IPS Performance2 3.5 Gbps GAV Performance2 2.3 Gbps Note: Performance metrics and product UTM Performance2 2.0 Gbps capacities are subject to change prior to IMIX Performance2 2.0 Gbps product availability. Maximum Connections 3 3,000,000 Maximum DPI Connections 1,500,000 Certifications New Connections/Sec 60,000 Nodes Supported Unrestricted Denial of Service Attack Prevention 22 classes of DoS, DDoS and scanning attacks SonicPoints Support (Maximum) 128 VPN 3DES/AES Throughput 4 4.0 Gbps Site-to-Site VPN Tunnels 10,000 Bundled Global VPN Client Licenses (Maximum) 2,000 (10,000) Bundled SSL VPN Licenses (Maximum) 2 (50) Bundled Virtual Assist Technicians (Maximum) 1 (25) Encryption/Authentication/DH Groups DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1/DH Groups 1, 2, 5, 14 Key Exchange IKE, IKEv2, Manual Key, PKI (X.509), L2TP over IPSec Route-based VPN Yes (OSPF, RIP) Certificate Support Verisign, Thawte, Cybertrust, RSA Keon, Entrust, and Microsoft CA for SonicWALLto-SonicWALL VPN, SCEP Redundant Gateway Yes Global VPN Client Platforms Supported Microsoft? Windows 2000, Windows XP, Microsoft? Vista 32-bit/64 bit, Windows 7 SSL VPN Platforms Supported Microsoft? Windows 2000 / XP / Vista 32/64-bit / Windows 7, Mac 10.4+, Linux FC 3+ / Ubuntu 7+ / OpenSUSE Security Services Deep Packet Inspection Service Service Intrusion Prevention (included), Gateway Anti-Virus, Anti-Spyware and Application Intelligence (included) Content Filtering Service (CFS) Premium Edition HTTP URL,HTTPS IP, keyword and content scanning ActiveX, Java Applet, and Cookie blocking Gateway-enforced Client Anti-Virus and Anti-Spyware HTTP/S, SMTP, POP3, IMAP and FTP, Enforced McAfee? Clients Email attachment blocking Comprehensive Anti-Spam Service Yes Application Intelligence (included) Provides application level enforcement and bandwidth control, regulate Web traffic, email, email attaches and file transfers, scan and restrict documents and files for key words and phrase DPI SSL Provides the ability to transparently decrypt HTTPS traffic in both directions, scan this traffic for threats using SonicWALL¡¯s Deep Packet Inspection technology (GAV/AS/IPS/Application Intelligence/CFS), then re-encrypt the traffic and send it to its destination if no threats or vulnerabilities are found. Networking IP Address Assignment Static, (DHCP, PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP relay NAT Modes 1:1, 1:many, many:1, many:many, flexible NAT (overlapping IPs), PAT, transparent mode VLAN Interfaces (802.1q) 512 Routing OSPF, RIPv1/v2, static routes, policy-based routing, Multicast QoS Bandwidth priority, maximum bandwidth, guaranteed bandwidth, DSCP marking, 802.1p Authentication XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix IPv6 Ready Internal Database/Single Sign-on Users 2,500/7,000 Users VoIP Full H.323v1-5, SIP, gatekeeper support, outbound bandwidth management, VoIP over WLAN, deep inspection security, full interoperability with most VoIP gateway and communications devices System Management and Monitoring Web GUI (HTTP, HTTPS), Command Line (SSH, Console), SNMP v2: Global management with SonicWALL GMS Logging and Reporting ViewPoint?, Local Log, Syslog, Solera Networks High Availability Active/Passive with State Sync, Active/Active UTM with State Sync Load Balancing Yes, (Outgoing with percent-based, round robin and spill-over) (Incoming with round robin, random distribution, sticky IP, block remap and symmetrical remap) Standards TCP/IP, UDP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3 Wireless Standards (With SonicPoint APs) 802.11 a/b/g/n, WEP, WPA, WPA2, TKIP, 802.1x, EAP-PEAP, EAP-TTLS Hardware Interfaces 1 Console Interface, 4 Gigabit Ethernet, 4 SFP (SX, LX or TX), 1 GbE HA Interface, 2 USB Memory (RAM) 2 GB Flash Memory 512 MB Compact Flash 3G Wireless/Modem* With 3G USB Adapter/Modem Power Supply Dual 250W ATX, Hot Swappable Fans Dual Fans, Hot Swappable Display Front LCD Display Power Input 100-240Vac, 60-50Hz Max Power Consumption 150 W Total Heat Dissipation 511.5 BTU MTBF 12.4 Years Certifications EAL4+, FIPS 140-2 Level 2, VPNC, ICSA Firewall 4.1 Form Factor 1U rack-mountable Dimensions 17 x 16.75 x 1.75 in/43.18 x 42.54 x 4.44 cm Weight 17.30 lbs/7.9 kg WEEE Weight 17.30 lbs/7.9 kg Major Regulatory FCC Class A, CES Class A, CE, C-Tick, VCCI, Compliance MIC, UL, cUL, TUV/GS, CB, NOM, RoHS, WEEE Environment 40-105¡ã F, 5-40¡ã C Humidity 10-90% non-condensing 1 Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services. 2 UTM/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs. 3 Actual maximum connection counts are lower when UTM services are enabled. 4 VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544. *USB 3G card and modem are not included. See http://www.sonicwall.com/us/products/cardsupport.html for supported USB devices.¡± SonicWALL¡¯s line-up of comprehensive protection SonicWALL, Inc. 2001 Logic Drive, San Jose, CA 95124 T +1 408.745.9600 F +1 408.745.9300 NETWORK SECURE WEB AND E-MAIL BACKUP POLICY AND SECURITY REMOTE ACCESS SECURITY AND RECOVERY MANAGEMENT www.sonicwall.com PROTECTION AT THE SPEED OF BUSINESS? ?2010 SonicWALL and the SonicWALL logo is registered trademarks of SonicWALL, Inc. Protection at the Speed of Business is a trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Specifications and descriptions subject to change without notice. 02/10 SW 880

More Related Content

Ds e class-nsa_e8500_us

  • 1. SonicWALL ECLASS Network Security Appliance N E T WO R K SECU R I T Y SonicWALL NSA E8500 for Application Intelligence and Control n Application intelligence A fundamental problem continues to emerge for CIOs and IT administrators: as they strive to increase and control workforce productivity and improve the quality of internal services, they lack insight into the total traffic intelligence on their networks. This information is required for accurate performance analysis, threat n Intuitive visualization tools discovery and for the ability to take immediate action to ensure smooth operations of critical systems. n SonicWALL Reassembly-Free Capturing traffic intelligence has become increasingly elusive for conventional tools that identify protocols Deep Packet Inspection by their respective ports, as newer applications become more Web-enabled and increasingly utilize common protocols such as HTTP/HTTPS. As a result, traditional firewalls have grown blind to the application traffic on n Powerful intrusion the network, to the threats that can travel through these applications and to the inefficient use of the network prevention through these applications. For example, although HTTP/HTTPS traffic looks benign to traditional firewalls, it can carry some of the most bandwidth intensive and potentially security compromising applications, n Flexible deployment including streaming video and audio, chat traffic and various document formats. The same can be said for social networking sites which, although not formally classified as true applications, utilize the same technologies, n Dynamic security exposing companies to malware and competing for bandwidth with mission critical applications. To regain control of this traffic, traditional firewalls must evolve far beyond basic stateful inspection and must analyze n Deep Packet Inspection traffic at the application layer. The ability to perform this task relies completely on deep packet inspection, of SSL-encrypted traffic which is the only technology capable of exposing all of these types of network activity. (DPI SSL) The SonicWALL E-Class Network Security Appliance (NSA) E8500 offers Dynamic Security for the Global Network by providing powerful application intelligence and control along with network intrusion detection and prevention. With the patented SonicWALL? Reassembly-Free Deep Packet Inspection? (RFDPI) engine and sophisticated application intelligence capabilities, the NSA E8500 can analyze and control over 1,100 unique applications, whether they are encrypted with SSL or are unencrypted. This exceptional combination of software sophistication and incredibly powerful hardware leaves little room for application traffic to hide on the network, since SonicWALL¡¯s patented RFDI? engine is capable of inspecting hundreds of thousands of connections simultaneously across all 65,535 ports equally, with nearly zero latency and without stream size limitations. The NSA E8500 can be deployed both inline and as a gateway in a network. When deployed as an inline solution, the NSA E8500 allows administrators to leave their existing infrastructure intact and add Application Intelligence and Control as an extra layer of security and visibility to their network. The NSA E8500 can also serve as a full-featured security gateway with all the required remote access, high availability and enterprise features expected in demanding deployments. Features and Benefits Application intelligence and control is provided by a messenger applications, backdoor exploits, and other configurable set of granular application-specific policies malicious code. that can be applied per user, application, schedule or IP subnet. These polices can be used to restrict transfer of Flexible deployment as either a traditional gateway specific files and documents, scan email attachments via or as an inline solution that allows administrators to user-configurable criteria, automate application bandwidth keep their existing network infrastructure, while adding allocation, control and inspect both internal and external application intelligence and control as an extra layer of Web access and enable users to add custom signatures. security and visibility. Intuitive visualization tools offer IT administrators a Dynamic security continually updates threat protection, wide range of data points on applications traversing the intrusion detection and prevention and application control network, including who is using them, and the potential services on a 24x7 basis to maximize security. The full suite security impact. of threat prevention services can defend against 1,000,000+ unique malware attacks. SonicWALL Reassembly-Free Deep Packet Inspection is capable of controlling over 1,100 unique Deep Packet Inspection of SSL-encrypted traffic applications on the network and inspecting hundreds of (DPI SSL) transparently decrypts and scans both inbound thousands of connections simultaneously across all 65,535 and outbound HTTPS traffic using SonicWALL RFDPI. ports, with nearly zero latency and unlimited stream size. The traffic is then re-encrypted and sent to its original destination if no threats or vulnerabilities are discovered. Powerful intrusion prevention protects against a comprehensive array of network-based application layer threats by scanning packet payloads for worms, Trojans, software vulnerabilities, peer-to-peer and instant PROTECTION AT THE SPEED OF BUSINESS?
  • 2. SonicWALL ECLASS Network Security Appliance Specifications NSA E8500 Firewall Stateful Throughput1 8.0 Gbps SonicWALL NSA E8500 IPS Performance2 3.5 Gbps GAV Performance2 2.3 Gbps Note: Performance metrics and product UTM Performance2 2.0 Gbps capacities are subject to change prior to IMIX Performance2 2.0 Gbps product availability. Maximum Connections 3 3,000,000 Maximum DPI Connections 1,500,000 Certifications New Connections/Sec 60,000 Nodes Supported Unrestricted Denial of Service Attack Prevention 22 classes of DoS, DDoS and scanning attacks SonicPoints Support (Maximum) 128 VPN 3DES/AES Throughput 4 4.0 Gbps Site-to-Site VPN Tunnels 10,000 Bundled Global VPN Client Licenses (Maximum) 2,000 (10,000) Bundled SSL VPN Licenses (Maximum) 2 (50) Bundled Virtual Assist Technicians (Maximum) 1 (25) Encryption/Authentication/DH Groups DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1/DH Groups 1, 2, 5, 14 Key Exchange IKE, IKEv2, Manual Key, PKI (X.509), L2TP over IPSec Route-based VPN Yes (OSPF, RIP) Certificate Support Verisign, Thawte, Cybertrust, RSA Keon, Entrust, and Microsoft CA for SonicWALLto-SonicWALL VPN, SCEP Redundant Gateway Yes Global VPN Client Platforms Supported Microsoft? Windows 2000, Windows XP, Microsoft? Vista 32-bit/64 bit, Windows 7 SSL VPN Platforms Supported Microsoft? Windows 2000 / XP / Vista 32/64-bit / Windows 7, Mac 10.4+, Linux FC 3+ / Ubuntu 7+ / OpenSUSE Security Services Deep Packet Inspection Service Service Intrusion Prevention (included), Gateway Anti-Virus, Anti-Spyware and Application Intelligence (included) Content Filtering Service (CFS) Premium Edition HTTP URL,HTTPS IP, keyword and content scanning ActiveX, Java Applet, and Cookie blocking Gateway-enforced Client Anti-Virus and Anti-Spyware HTTP/S, SMTP, POP3, IMAP and FTP, Enforced McAfee? Clients Email attachment blocking Comprehensive Anti-Spam Service Yes Application Intelligence (included) Provides application level enforcement and bandwidth control, regulate Web traffic, email, email attaches and file transfers, scan and restrict documents and files for key words and phrase DPI SSL Provides the ability to transparently decrypt HTTPS traffic in both directions, scan this traffic for threats using SonicWALL¡¯s Deep Packet Inspection technology (GAV/AS/IPS/Application Intelligence/CFS), then re-encrypt the traffic and send it to its destination if no threats or vulnerabilities are found. Networking IP Address Assignment Static, (DHCP, PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP relay NAT Modes 1:1, 1:many, many:1, many:many, flexible NAT (overlapping IPs), PAT, transparent mode VLAN Interfaces (802.1q) 512 Routing OSPF, RIPv1/v2, static routes, policy-based routing, Multicast QoS Bandwidth priority, maximum bandwidth, guaranteed bandwidth, DSCP marking, 802.1p Authentication XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix IPv6 Ready Internal Database/Single Sign-on Users 2,500/7,000 Users VoIP Full H.323v1-5, SIP, gatekeeper support, outbound bandwidth management, VoIP over WLAN, deep inspection security, full interoperability with most VoIP gateway and communications devices System Management and Monitoring Web GUI (HTTP, HTTPS), Command Line (SSH, Console), SNMP v2: Global management with SonicWALL GMS Logging and Reporting ViewPoint?, Local Log, Syslog, Solera Networks High Availability Active/Passive with State Sync, Active/Active UTM with State Sync Load Balancing Yes, (Outgoing with percent-based, round robin and spill-over) (Incoming with round robin, random distribution, sticky IP, block remap and symmetrical remap) Standards TCP/IP, UDP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3 Wireless Standards (With SonicPoint APs) 802.11 a/b/g/n, WEP, WPA, WPA2, TKIP, 802.1x, EAP-PEAP, EAP-TTLS Hardware Interfaces 1 Console Interface, 4 Gigabit Ethernet, 4 SFP (SX, LX or TX), 1 GbE HA Interface, 2 USB Memory (RAM) 2 GB Flash Memory 512 MB Compact Flash 3G Wireless/Modem* With 3G USB Adapter/Modem Power Supply Dual 250W ATX, Hot Swappable Fans Dual Fans, Hot Swappable Display Front LCD Display Power Input 100-240Vac, 60-50Hz Max Power Consumption 150 W Total Heat Dissipation 511.5 BTU MTBF 12.4 Years Certifications EAL4+, FIPS 140-2 Level 2, VPNC, ICSA Firewall 4.1 Form Factor 1U rack-mountable Dimensions 17 x 16.75 x 1.75 in/43.18 x 42.54 x 4.44 cm Weight 17.30 lbs/7.9 kg WEEE Weight 17.30 lbs/7.9 kg Major Regulatory FCC Class A, CES Class A, CE, C-Tick, VCCI, Compliance MIC, UL, cUL, TUV/GS, CB, NOM, RoHS, WEEE Environment 40-105¡ã F, 5-40¡ã C Humidity 10-90% non-condensing 1 Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services. 2 UTM/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs. 3 Actual maximum connection counts are lower when UTM services are enabled. 4 VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544. *USB 3G card and modem are not included. See http://www.sonicwall.com/us/products/cardsupport.html for supported USB devices.¡± SonicWALL¡¯s line-up of comprehensive protection SonicWALL, Inc. 2001 Logic Drive, San Jose, CA 95124 T +1 408.745.9600 F +1 408.745.9300 NETWORK SECURE WEB AND E-MAIL BACKUP POLICY AND SECURITY REMOTE ACCESS SECURITY AND RECOVERY MANAGEMENT www.sonicwall.com PROTECTION AT THE SPEED OF BUSINESS? ?2010 SonicWALL and the SonicWALL logo is registered trademarks of SonicWALL, Inc. Protection at the Speed of Business is a trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Specifications and descriptions subject to change without notice. 02/10 SW 880