Integrated threat prevention and SD-WAN platform for
small/medium organizations and distributed enterprises
The SonicWall TZ series enables small to
mid-size organizations and distributed
enterprises realize the benets of an
integrated security solution that checks
all the boxes. Combining high-speed
threat prevention and software-dened
wide area networking (SD-WAN)
technology with an extensive range of
networking and wireless features plus
simplied deployment and centralized
management, the TZ series provides a
unied security solution at a low total
cost of ownership.
Flexible, integrated security solution
The foundation of the TZ series is
SonicOS, SonicWall’s feature-rich
operating system. SonicOS includes a
powerful set of capabilities that provides
organizations with the exibility to
tune these Unied Threat Management
(UTM) rewalls to their specic network
requirements. For example, creating a
secure high-speed wireless network is
simplied through a built-in wireless
controller and suppor t for the IEEE
802.11ac standard or by adding our
SonicWave 802.11ac Wave 2 access
points. To reduce the cost and complexity
of connecting high-speed wireless
access points and other Power over
Ethernet (PoE)-enabled devices such
as IP cameras, phones and printers,
the TZ300P and TZ600P provide
PoE/PoE+ power.
Distributed retail businesses and
campus environments can take
advantage of the many tools in
SonicOS to gain even greater benets.
Branch locations are able to exchange
information securely with the central
ofce using virtual private networking
(VPN). Creating virtual LANs (VLANs)
enables segmentation of the network
into separate corporate and customer
groups with rules that determine the
level of communication with devices on
other VLANs. SD-WAN offers a secure
alternative to costly MPLS circuits
while delivering consistent application
performance and availability. Deploying
TZ rewalls to remote locations is easy
using Zero-Touch Deployment which
enables provisioning of the rewall
remotely through the cloud.
Superior threat prevention and
performance
Our vision for securing networks in
today’s continually-evolving cyber
threat landscape is automated, realtime threat detection and prevention.
Through a combination of cloud-based
and on-box technologies we deliver
protection to our rewalls that’s been
validated by independent third-party
testing for its extremely high security
effectiveness. Unknown threats are sent
to SonicWall’s cloud-based Capture
Advanced Threat Protection (ATP) multi-
engine sandbox for analysis. Enhancing
Capture ATP is our patent-pending
Real-Time Deep Memory Inspection
(RTDMI™) technology. The RTDMI
engine detects and blocks malware
and zero-day threats by inspecting
directly in memory. RTDMI technology
is precise, minimizes false positives, and
identies and mitigates sophisticated
Benets:
Flexible, integrated security solution
• Secure SD-WAN
• Powerful SonicOS operating system
• High-speed 802.11ac wireless
• Power over Ethernet (PoE/PoE+)
• Network segmentation with VLANs
Superior threat prevention
and performance
• Patent-pending real-time deep
memory inspection technology
• Patented reassembly-free deep
packet inspection technology
• On-box and cloud-based threat
prevention
• TLS/SSL decr yption and inspection
• Industry-validated security
effectiveness
• Dedicated Capture Labs threat
research team
• Endpoint security with Capture Client
Easy deployment, setup and
ongoing management
• Zero-Touch Deployment
• Cloud-based and on-premises
centralized management
• Scalable line of rewalls
• Low total cost of ownership
Page 2
attacks where the malware’s weaponry is
exposed for less than 100 nanoseconds.
In combination, our patented single-pass
Reassembly-Free Deep Packet Inspection
(RFDPI) engine examines every byte of
every packet, inspecting both inbound
and outbound traf c directly on the
rewall. By leveraging Capture ATP with
RTDMI technology in the SonicWall
Capture Cloud Platform in addition to
on-box capabilities including intrusion
prevention, anti-malware and web/
URL ltering, TZ series rewalls stop
malware, ransomware and other threats
at the gateway. For mobile devices used
outside the rewall perimeter, SonicWall
Capture Client provides an added layer of
protection by applying advanced threat
protection techniques such as machine
learning and system rollback. Capture
Client also leverages the deep inspection
of encrypted TLS trafc (DPI-SSL) on
TZ series rewalls by installing and
managing trusted TLS certicates.
The continued growth in the use of
encryption to secure web sessions
means it is imperative rewalls are able
to scan encrypted traf c for threats.
TZ series rewalls provide complete
protection by performing full decryption
and inspection of TLS/SSL and SSH
encrypted connections regardless of
port or protocol. The rewall searches for
protocol non-compliance, threats, zero-
days, intrusions, and even dened criteria
by looking deep inside every packet.
The deep packet inspection engine
detects and prevents hidden attacks
that leverage cryptography. It also
blocks encrypted malware downloads,
ceases the spread of infections and
thwarts command and control (C&C)
communications and data exltration.
Inclusion and exclusion rules allow total
control to customize which trafc is
subjected to decr yption and inspection
based on specic organizational
compliance and/or legal requirements.
Easy deployment, setup and
ongoing management
SonicWall makes it easy to congure
and manage TZ series rewalls and
SonicWave 802.11ac Wave 2 access
points no matter where you deploy them.
Centralized management, reporting,
licensing and analytics are handled
through our cloud-based Capture
Security Center which offers the ultimate
in visibility, agility and capacity to
centrally govern the entire SonicWall
security ecosystem from a single pane
of glass.
A key component of the Capture Security
Center is Zero-Touch Deployment. This
cloud-based feature simplies and
speeds the deployment and provisioning
of SonicWall rewalls at remote and
branch of ce locations. The process
requires minimal user intervention, and
is fully automated to operationalize
rewalls at scale in just a few steps.
This signicantly reduces the time,
cost and complexity associated with
installation and conguration, while
security and connectivity occurs
instantly and automatically. Together, the
simplied deployment and setup along
with the ease of management enable
organizations to lower their total cost
of ownership and realize a high return
on investment.
* 802.11ac currently not available on SOHO/ SOHO 250 models; SOHO/SOHO 250 models suppor t 802.11a/b/g/n
SonicWave 432i
access point
Printer
Bi-directional
scanning
SonicWall TZ600P
IP Phone
Camera
802.3at PoE+ Devices
Integrated Security and Power for
Your PoE-enabled Devices
Provide power to your PoE-enabled
devices without the cost and complexity
of a Power over Ethernet switch or
injector. TZ300P and TZ600P rewalls
integrate IEEE 802.3at technology to
power PoE and PoE+ devices such as
wireless access points, cameras, IP
phones and more. The rewall scans all
trafc coming from and going to each
device using deep packet inspection
technology and then removes harmful
threats such as malware and intrusions,
even over encrypted connections.
2
Page 3
Capture Cloud Platform
SonicWall's Capture Cloud Platform
delivers cloud-based threat prevention
and network management plus reporting
and analytics for organizations of any
size. The platform consolidates threat
intelligence gathered from multiple
sources including our award-winning
multi-engine network sandboxing service,
Capture Advanced Threat Protection, as
well as more than 1 million SonicWall
sensors located around the globe.
If data coming into the network is found
to contain previously-unseen malicious
code, SonicWall’s dedicated, in-house
Capture Labs threat research team
develops signatures that are stored in
the Capture Cloud Platform database
and deployed to customer rewalls for
up-to-date protection. New updates take
effect immediately without reboots or
interruptions. The signatures resident
on the appliance protect against wide
classes of attacks, covering tens of
thousands of individual threats. In
addition to the countermeasures on
the appliance, TZ rewalls also have
continuous access to the Capture Cloud
Platform database which extends the
onboard signature intelligence with tens
of millions of signatures.
In addition to providing threat prevention,
the Capture Cloud Platform offers
single pane of glass management and
administrators can easily create both
real-time and historical repor ts on
network activity.
Advanced threat protection
At the center of SonicWall automated,
real-time breach prevention is SonicWall
Capture Advanced Threat Protection
service, a cloud-based multi-engine
sandbox that extends rewall threat
protection to detect and prevent zero-
day threats. Suspicious les are sent
to the cloud where they are analyzed
using deep learning algorithms with
the option to hold them at the gateway
until a verdict is determined. The multi-
engine sandbox platform, which includes
Real-Time Deep Memory Inspection,
virtualized sandboxing, full system
emulation and hypervisor level analysis
technology, executes suspicious code
and analyzes behavior. When a le is
identied as malicious, it is blocked
and a hash is immediately created
within Capture ATP. Soon after, a
signature is sent to rewalls to prevent
follow-on attacks.
The service analyzes a broad range
of operating systems and le types,
including executable programs, DLL,
PDFs, MS Ofce documents, archives,
JAR and APK .
Streaming Data
PDF
Email
Data File
101001001010
010100101101
010010100100
101001010010
110101010010
010100100010
101100100101
Endpoint
Arfact 1
Arfact 2
Arfact 3
Arfact 4
LEARNING
Deep Learning
MACHINE
Algorithms
For complete endpoint protection, the
SonicWall Capture Client combines
next-generation anti-virus technology
Packet Inspection (RFDPI) is a singlepass, low latency inspection system that
performs stream-based, bi-directional
trafc analysis at high speed without
proxying or buffering to effectively
uncover intrusion attempts and malware
downloads while identifying application
trafc regardless of port and protocol.
This proprietar y engine relies on
streaming trafc payload inspection to
detect threats at Layers 3-7, and takes
network streams through extensive and
repeated normalization and decryption
in order to neutralize advanced evasion
techniques that seek to confuse detection
engines and sneak malicious code into
the network.
Once a packet undergoes the necessary
pre-processing, including TLS/SSL
decryption, it is analyzed against a single,
proprietary memory representation of
three signature databases: intrusion
attacks, malware and applications. The
connection state is then advanced to
represent the position of the stream
relative to these databases until it
encounters a state of attack, or other
“match” event, at which point a pre-set
action is taken.
In most cases, the connection is
terminated and proper logging and
notication events are created. However,
the engine can also be congured for
inspection only or, in case of application
detection, to provide Layer 7 bandwidth
management services for the remainder
of the application stream as soon as the
application is identied.
Centralized management
and reporting
For highly regulated organizations
wanting to achieve a fully coordinated
security governance, compliance and
risk management strategy, SonicWall
provides administrators a unied,
secure and extensible platform to
manage SonicWall rewalls, wireless
access points and Dell N-Series
and X-Series switches through a
correlated and auditable workstream
4
process. Enterprises can easily
consolidate the management of security
appliances, reduce administrative and
troubleshooting complexities, and govern
all operational aspects of the security
infrastructure, including centralized
policy management and enforcement;
real-time event monitoring; user
activities; application identications; ow
analytics and forensics; compliance and
audit reporting; and more. In addition,
enterprises meet the rewall’s change
management requirements through
workow automation which provides the
agility and condence to deploy the right
rewall policies at the right time and in
conformance with compliance regulations.
Available on premises as SonicWall
Global Management System and in
the cloud as Capture Security Center,
SonicWall management and reporting
solutions provide a coherent way to
manage network security by business
processes and service levels, dramatically
simplifying lifecycle management of your
overall security environments compared
to managing on a device-by-device basis.
Page 5
Distributed networks
Because of their exibility, TZ series
rewalls are ideally suited for both
distributed enterprise and single site
deployments. In distributed networks
like those found in retail organizations,
each site has its own TZ rewall which
connects to the Internet often through
a local provider using a DSL, cable
or 3G/4G connection. In addition to
Internet access, each rewall utilizes
an Ethernet connection to transport
packets between remote sites and the
central headquarters. Web services
and SaaS applications such as Ofce
365, Salesforce and others are served
up from the data center. Through mesh
VPN technology, IT administrators can
create a hub and spoke conguration
for the safe transpor t of data between
all locations.
The SD-WAN technology in SonicOS
is a perfect complement to TZ rewalls
Distributed Enterprise
Network with SD-WAN
NSsp 12800
IP
PBX
SonicWall Secure
SD-WAN Features
•
NSS Labs validated high
security efficacy
•
Zero-touch deployment
•
WAN load balancing
•
Dynamic path selection for
business-critical applications
•
Secure AES 256 VPN
•
Application identification and visibility
•
Cloud-based central management
deployed at remote and branch sites.
Instead of relying on more expensive
legacy technologies such as MPLS
and T1, organizations using SD-WAN
Corporate HQ
SD-WAN Enabled
Transport
Remote / Branch Offices
Data Center
NSa 9650
· Anti-malware
· IPS
· Content filtering
· Capture ATP
· VPN
Terminal
Low-Cost Transport Technologies
Ethernet / DSL / Cable / 3G / 4G
IoT Devices – Cameras,
POS
IP Phones, etc.
Web Server Farm
Application Server Farm
Security Center
Cloud Orchestration
and Management
TZ600P Firewall
Capture
Access Point
SonicWave
Wireless
Guest
Corp
WiFi
WiFi
can choose lower-cost public Internet
services while continuing to achieve a
high level of application availability and
predictable performance.
Capture Security Center
Tying the distributed network together
is SonicWall’s cloud-based Capture
Security Center (CSC) which centralizes
deployment, ongoing management
and real-time analytics of the TZ
rewalls. A key feature of CSC is Zero-
Touch Deployment. Conguring and
deploying rewalls across multiple
sites is time-consuming and requires
onsite personnel. However Zero-
Touch Deployment removes these
challenges by simplifying and speeding
the deployment and provisioning of
SonicWall rewalls remotely through
the cloud. Similarly, CSC eases ongoing
management by providing cloud-based
single-pane-of-glass management for
SonicWall devices on the network. For
complete situational awareness of the
network security environment, SonicWall
Analytics offers a single-pane view
into all activity occurring inside the
network. Organizations gain a deeper
understanding of application usage
and performance while reducing the
possibility of Shadow IT.
NSa or NSsp
Corporate
Headquarters
$
Sales network
Engineering network
Finance network
Single Sites
For single site deployments, having an
integrated network security solution
is highly benecial. TZ series rewalls
combine high security effectiveness
with options such as built-in 802.11ac
wireless and, in the case of the TZ300P
and TZ600P, PoE/PoE+ support. The
Capture
Security Center
TZ product line
Internet
3G/analog failover
Secure wireless zone
Printers
18-port Dell N-Series/X-Series switch
Protected server network
Storage
PoE
cameras
same security engine in our mid-range
NSa series and high-end NSsp series
is featured in TZ series rewall along
with the broad feature set of SonicOS.
Conguration and management is
easy using the intuitive SonicOS UI.
Organizations save valuable rack space
due to the compact desktop form factor.
5
Page 6
SonicWall TZ600 series
For emerging enterprises, retail and branch ofces looking for security, performance and options such as 802.3at PoE+ support at a
value price, the SonicWall TZ600 secures networks with enterprise-class features and uncompromising performance.
SpecicationTZ600 series
Firewall throughput1.9 Gbps
Threat Prevention throughput 800 Mbps
Anti-malware throughput800 Mbps
IPS throughput1.2 Gbps
Maximum connections150,000
New connections/sec12,000
TZ600P
PoE/PoE+ por ts (4 PoE/PoE+)
Power LED Tes t LE D
USB por t
(3G/4G WAN
failover)
Link and
activity
indicator LEDs
Expansion
module
Console
port
8x1-GbE
switch
(congurable)
X0 LAN port
X1 WAN port
SonicWall TZ500 series
For growing branch ofces and SMBs, the SonicWall TZ500 series delivers highly effective, no-compromise protection with
network productivity and optional integrated 802.11ac dual-band wireless.
SpecicationTZ500 series
Firewall throughput1.4 Gbps
Threat Prevention throughput 700 Mbps
Anti-malware throughput700 Mbps
IPS throughput1.0 Gbps
Maximum connections150,000
New connections/sec8,000
Optional
802 .11ac
wireless
12V DC 2A
power
Power LEDTes t LE D
USB por t
(3G/4G WAN
failover)
Link and
activity
indicator LEDs
Console
port
6x1-GbE switch
(congurable)
X0 LAN port
X1 WAN port
12V DC 2A
power
6
Page 7
SonicWall TZ400 series
For small business, retail and branch ofce locations, the SonicWall TZ400 series delivers enterprise-grade protection. Flexible
wireless deployment is available with optional 802.11ac dual-band wireless integrated into the rewall.
SpecicationTZ400 series
Firewall throughput1.3 Gbps
Threat Prevention throughput 600 Mbps
Anti-malware throughput600 Mbps
IPS throughput900 Mbps
Maximum connections150,000
New connections/sec6,000
Optional
802 .11ac
wireless
Power LED Tes t LE D5x1-GbE switch
USB por t
(3G/4G WAN
failover)
Link and
activity
indicator
LEDs
Console
port
(congurable)
X0 LAN port
X1 WAN port
12V DC
2A power
SonicWall TZ350/TZ300 series
The SonicWall TZ300 and TZ350 series offer an all-in-one solution that protects networks from advanced attacks. Unlike consumer
grade products, these UTM rewalls combine high-speed intrusion prevention, anti-malware and content /URL ltering plus broad
secure mobile access support for laptops, smartphones and tablets along with optional integrated 802.11ac wireless. In addition,
the TZ300 offers optional 802.3at PoE+ to power PoE-enabled devices.
SpecicationTZ350 seriesTZ300 series
Firewall throughput1.0 Gbps750 Mbps
Threat Prevention throughput 335 Mbps235 Mbps
Anti-malware throughput335 Mbps235 Mbps
IPS throughput400 Mbps300 Mbps
Maximum connections100,000100,000
New connections/sec6,0005,000
TZ300P
PoE/PoE+ ports (2 PoE or 1 PoE+)
Optional
802 .11ac
wireless
Power LED Tes t LE D
USB por t
(3G/4G WAN
failover)
Link and
activity
indicator LEDs
Console
port
3x1-GbE switch
(congurable)
X0 LAN port
X1 WAN port
12V DC 2A
power
7
Page 8
SonicWall SOHO 250/SOHO series
For wired and wireless small and home of ce environments, the SonicWall SOHO 250 and SOHO series deliver the same businessclass protection large organizations require at a more affordable price point. Add optional 802.11n wireless to provide employees,
customers and guests with secure wireless connectivity.
SpecicationSOHO 250 seriesSOHO series
Firewall throughput600 Mbps300 Mbps
Threat Prevention throughput 200 Mbps150 Mbps
Anti-malware throughput200 Mbps150 Mbps
IPS throughput250 Mbps200 Mbps
Maximum connections50,00010,000
New connections/sec3,0001,800
Optional
802 .11n
wireless
Power LEDTes t LE D
Link and
activity
indicator LEDs
USB por t
(3G/4G WAN
failover)
Partner Enabled Services
Need help to plan, deploy or optimize your SonicWall
solution? SonicWall Advanced Services Partners are
trained to provide you with world class professional
services. Learn more at www.sonicwall.com/PES.
Console
port
3x1-GbE switch
(congurable)
X0 LAN port
X1 WAN port
12V DC 2A
power
8
Page 9
Features
RFDPI ENGINE
FeatureDescription
Reassembly-Free Deep Packet
Inspection (RFDPI)
Bi-directional inspection
Stream-based inspection
Highly parallel and scalable
Single-pass inspection
FIREWALL AND NETWORKING
FeatureDescription
Secure SD-WAN
REST APIs
Stateful packet inspection All network trafc is inspected, analyzed and brought into compliance with rewall access policies.
High availability/clustering
DDoS/DoS attack protection
IPv6 support
Flexible deployment options The TZ series can be deployed in traditional NAT, Layer 2 bridge, wire and network tap modes.
WAN load balancing Load-balances multiple WAN interfaces using Round Robin, Spillover or Percentage methods.
Advanced quality of service (QoS)
H.323 gatekeeper and SIP proxy
support
Single and cascaded Dell N-Series and
X-Series switch management
Biometric authentication
Open authentication and social login
Wireless Network Security
MANAGEMENT AND REPORTING
FeatureDescription
Cloud-based and on-premises
management
Powerful single device management
IPFIX/NetFlow application ow
reporting
This high-performance, proprietary and patented inspection engine performs stream-based, bi-directional
trafc analysis, without proxying or buffering, to uncover intrusion attempts and malware and to identify
application trafc regardless of port.
Scans for threats in both inbound and outbound trafc simultaneously to ensure that the network is not
used to distribute malware and does not become a launch platform for attacks in case an infected machine
is brought inside.
Proxy-less and non-buffering inspection technology provides ultra-low latency performance for DPI of
millions of simultaneous network streams without introducing le and stream size limitations, and can be
applied on common protocols as well as raw TCP streams.
The unique design of the RFDPI engine works with the multi-core architecture to provide high DPI
throughput and extremely high new session establishment rates to deal with trafc spikes in demanding
networks.
A single-pass DPI architecture simultaneously scans for malware, intrusions and application identication,
drastically reducing DPI latency and ensuring that all threat information is correlated in a single architecture.
An alternative to more expensive technologies such as MPLS, Secure SD-WAN enables distributed
enterprise organizations to build, operate and manage secure, high-performance networks across remote
sites for the purpose of sharing data, applications and services using readily-available, low-cost public
internet services.
Allows the rewall to receive and leverage any and all proprietary, original equipment manufacturer and
third-party intelligence feeds to combat advanced threats such as zero-day, malicious insider, compromised
credentials, ransomware and advanced persistent threats.
SonicWall TZ500 and TZ600 models support high availability with Active/Standby with state synchronization.
SonicWall TZ300 and TZ400 models support high availability without Active/Standby synchronization. There
is no high availability on SonicWall SOHO models.
SYN ood protection provides a defense against DoS attacks using both Layer 3 SYN proxy and Layer
2 SYN blacklisting technologies. Additionally, it protects against DoS/DDoS through UDP/ICMP ood
protection and connection rate limiting.
Internet Protocol version 6 (IPv6) is in its early stages to replace IPv4. With SonicOS, the hardware will
support ltering and wire mode implementations.
Guarantees critical communications with 802.1p, DSCP tagging, and remapping of VoIP trafc on the
network.
Blocks spam calls by requiring that all incoming calls are authorized and authenticated by H.323 gatekeeper or
SIP proxy.
Manage security settings of additional ports, including Portshield, HA, PoE and PoE+, under a single pane
of glass using the rewall management dashboard for Dell’s N-Series and X-Series network switch (not
available with SOHO model).
Supports mobile device authentication such as ngerprint recognition that cannot be easily duplicated or
shared to securely authenticate the user identity for network access.
Enable guest users to use their credentials from social networking services such as Facebook, Twitter, or
Google+ to sign in and access the Internet and other guest services through a host's wireless, LAN or DMZ
zones using pass-through authentication.
Available as an integrated option on SonicWall TZ300 through TZ500, IEEE 802.11ac wireless technology
can deliver up to 1.3 Gbps of wireless throughput with greater range and reliability. Optional 802.11 a/b/g/n
is available on SonicWall SOHO models.
Conguration and management of SonicWall appliances is available via the cloud through the SonicWall
Capture Security Center and on-premises using SonicWall Global Management System (GMS).
An intuitive web-based interface allows quick and convenient conguration, in addition to a comprehensive
command-line interface and support for SNMPv2/3.
Exports application trafc analytics and usage data through IPFIX or NetFlow protocols for real-time and
historical monitoring and reporting with tools that support IPFIX and NetFlow with extensions.
9
Page 10
VIRTUAL PRIVATE NETWORKING
FeatureDescription
Auto-provision VPN
IPSec VPN for site-to-site connectivity
SSL VPN or IPSec client remote access
Redundant VPN gateway
Route-based VPN
CONTENT/CONTEXT AWARENESS
Simplies and reduces complex distributed rewall deployment down to a trivial effort by automating the initial
site-to-site VPN gateway provisioning between SonicWall rewalls while security and connectivity occurs
instantly and automatically.
High-performance IPSec VPN allows the TZ series to act as a VPN concentrator for thousands of other
large sites, branch ofces or home ofces.
Utilizes clientless SSL VPN technology or an easy-to-manage IPSec client for easy access to email, les,
computers, intranet sites and applications from a variety of platforms.
When using multiple WANs, a primary and secondary VPN can be congured to allow seamless, automatic
failover and failback of all VPN sessions.
The ability to perform dynamic routing over VPN links ensures continuous uptime in the event of a
temporary VPN tunnel failure, by seamlessly re-routing trafc between endpoints through alternate routes.
FeatureDescription
User activity tracking
GeoIP country trafc identication
Regular expression DPI ltering
CAPTURE ADVANCE THREAT PROTECTION
User identication and activity are made available through seamless AD/LDAP/Citrix1/Terminal Services1
SSO integration combined with extensive information obtained through DPI.
Identies and controls network trafc going to or coming from specic countries to either protect against
attacks from known or suspected origins of threat activity, or to investigate suspicious trafc originating
from the network. Provides the ability to create custom country and Botnet lists to override an incorrect
country or Botnet tag associated with an IP address. Eliminates unwanted ltering of IP addresses due to
misclassication.
Prevents data leakage by identifying and controlling content crossing the network through regular
expression matching. Provides the ability to create custom country and Botnet lists to override an incorrect
country or Botnet tag associated with an IP address.
FeatureDescription
Multi-engine sandboxing
Real-Time Deep Memory Inspection
(RTDMI)
Block until verdict
Broad le type and size analysis
Rapid deployment of signatures
Capture Client
ENCRYPTED THREAT PREVENTION
The multi-engine sandbox platform, which includes virtualized sandboxing, full system emulation,
and hypervisor level analysis technology, executes suspicious code and analyzes behavior, providing
comprehensive visibility to malicious activity.
This patent-pending cloud-based technology detects and blocks malware that does not exhibit any
malicious behavior and hides its weaponry via encryption. By forcing malware to reveal its weaponry into
memory, the RTDMI engine proactively detects and blocks mass-market, zero-day threats and unknown
malware.
To prevent potentially malicious les from entering the network, les sent to the cloud for analysis can be
held at the gateway until a verdict is determined.
Supports analysis of a broad range of le types, either individually or as a group, including executable
programs (PE), DLL, PDFs, MS Ofce documents, archives, JAR, and APK plus multiple operating systems
including Windows, Android, Mac OS X and multi-browser environments.
When a le is identied as malicious, a signature is immediately deployed to rewalls with SonicWall Capture
ATP subscriptions and Gateway Anti-Virus and IPS signature databases and the URL, IP and domain
reputation databases within 48 hours.
Capture Client is a unied client platform that delivers multiple endpoint protection capabilities, including
advanced malware protection and support for visibility into encrypted trafc. It leverages layered protection
technologies, comprehensive reporting and endpoint protection enforcement.
FeatureDescription
Decrypts and inspects TLS/SSL encrypted trafc on the y, without proxying, for malware, intrusions and
TLS/SSL decryption and inspection
SSH inspection
INTRUSION PREVENTION
data leakage, and applies application, URL and content control policies in order to protect against threats
hidden in encrypted trafc. Included with security subscriptions for all TZ series models except SOHO. Sold
as a separate license on SOHO.
Deep packet inspection of SSH (DPI-SSH) decrypts and inspect data traversing over SSH tunnel to prevent
attacks that leverage SSH.
FeatureDescription
Countermeasure-based protection
Automatic signature updates
Tightly integrated intrusion prevention system (IPS) leverages signatures and other countermeasures
to scan packet payloads for vulnerabilities and exploits, covering a broad spectrum of attacks and
vulnerabilities.
The SonicWall Threat Research Team continuously researches and deploys updates to an extensive list of
IPS countermeasures that covers more than 50 attack categories. The new updates take immediate effect
without any reboot or service interruption required.
10
Page 11
INTRUSION PREVENTION CON'T
FeatureDescription
Intra-zone IPS protection
Botnet command and control (CnC)
detection and blocking
Protocol abuse/anomaly Identies and blocks attacks that abuse protocols in an attempt to sneak past the IPS.
Zero-day protection
Anti-evasion technology
THREAT PREVENTION
Bolsters internal security by segmenting the network into multiple security zones with intrusion prevention,
preventing threats from propagating across the zone boundaries.
Identies and blocks command and control trafc originating from bots on the local network to IPs and
domains that are identied as propagating malware or are known CnC points.
Protects the network against zero-day attacks with constant updates against the latest exploit methods
and techniques that cover thousands of individual exploits.
Extensive stream normalization, decoding and other techniques ensure that threats do not enter the
network undetected by utilizing evasion techniques in Layers 2-7.
FeatureDescription
Gateway anti-malware
Capture Cloud malware protection
Around-the-clock security updates
Bi-directional raw TCP inspection
Extensive protocol support
APPLICATION INTELLIGENCE AND CONTROL
The RFDPI engine scans all inbound, outbound and intra-zone trafc for viruses, Trojans, key loggers and
other malware in les of unlimited length and size across all ports and TCP streams.
A continuously updated database of tens of millions of threat signatures resides in the SonicWall cloud
servers and is referenced to augment the capabilities of the onboard signature database, providing RFDPI
with extensive coverage of threats.
New threat updates are automatically pushed to rewalls in the eld with active security services, and take
effect immediately without reboots or interruptions.
The RFDPI engine is capable of scanning raw TCP streams on any port bi-directionally preventing attacks
that they to sneak by outdated security systems that focus on securing a few well-known ports.
Identies common protocols such as HTTP/S, FTP, SMTP, SMBv1/v2 and others, which do not send data in raw
TCP, and decodes payloads for malware inspection, even if they do not run on standard, well-known ports.
FeatureDescription
Application control
Custom application identication
Application bandwidth management
Granular control
CONTENT FILTERING
Control applications, or individual application features, that are identied by the RFDPI engine against a
continuously expanding database of over thousands of application signatures, to increase network security
and enhance network productivity.
Control custom applications by creating signatures based on specic parameters or patterns unique to an
application in its network communications, in order to gain further control over the network.
Granularly allocate and regulate available bandwidth for critical applications or application categories while
inhibiting nonessential application trafc.
Control applications, or specic components of an application, based on schedules, user groups, exclusion
lists and a range of actions with full SSO user identication through LDAP/AD/Terminal Services/Citrix
integration.
FeatureDescription
Inside/outside content ltering
Enforced Content Filtering Client
Granular controls
Web caching
ENFORCED ANTI-VIRUS AND ANTI-SPYWARE
Enforce acceptable use policies and block access to HTTP/HTTPS websites containing information or
images that are objectionable or unproductive with Content Filtering Service and Content Filtering Client.
Extend policy enforcement to block internet content for Windows, Mac OS, Android and Chrome devices
located outside the rewall perimeter.
Block content using the predened categories or any combination of categories. Filtering can be scheduled
by time of day, such as during school or business hours, and applied to individual users or groups.
URL ratings are cached locally on the SonicWall rewall so that the response time for subsequent access to
frequently visited sites is only a fraction of a second.
FeatureDescription
Multi-layered protection
Automated enforcement option
Automated deployment and
installation option
Next-generation antivirus
Spyware protection
Utilize the rewall capabilities as the rst layer of defense at the perimeter, coupled with endpoint
protection to block, viruses entering network through laptops, thumb drives and other unprotected systems.
Ensure every computer accessing the network has the appropriate antivirus software and/or DPISSL certicate installed and active, eliminating the costs commonly associated with desktop antivirus
management.
Machine-by-machine deployment and installation of antivirus and anti-spyware clients is automatic across
the network, minimizing administrative overhead.
Capture Client uses a static articial intelligence (AI) engine to determine threats before they can execute
and roll back to a previous uninfected state.
Powerful spyware protection scans and blocks the installation of a comprehensive array of spyware programs
on desktops and laptops before they transmit condential data, providing greater desktop security and
performance.
11
Page 12
SonicOS feature summary
Firewall
• Stateful packet inspection
• Reassembly-Free Deep Packet
Inspection
• DDoS attack protec tion
(UDP/ICMP/SYN ood)
• IPv4/IPv6 support
• Biometric authentication for remote
access
• DNS proxy
• REST APIs
SSL/SSH decryption and inspection¹
• Deep packet inspection for TL S/SSL /SSH
• Inclusion/exclusion of objects, groups or
hostnames
• TLS/SSL control
• Granular DPI SSL controls per zone or rule
Capture Advanced Threat Protection1
• Real-Time Deep Memor y Inspection
• Cloud-based multi-engine analysis
• Virtualized sandboxing
• Hyper visor level analysis
• Full system emulation
• Broad le type examination
• Automated and manual submission
• Real-time threat intelligence updates
• Block until verdict
• Capture Client
Intrusion prevention1
• Signature-based scanning
• Automatic signature updates
• Bidirectional inspection
• Granular IPS rule capability
• GeoIP/Botnet ltering
• Regular expression matching
Anti-malware1
• Stream-based malware scanning
• Gateway anti-virus
• Gateway anti-spyware
• Bi-directional inspection
• No le size limitation
• Cloud malware database
2
Application identication1
• Application control
• Application bandwidth management
• Custom application signature creation
• Data leakage prevention
• Application reporting over NetFlow/IPFIX
• Comprehensive application signature
database
Trafc visualization and analytics
• User activity
• Application/bandwidth/threat usage
• Cloud-based analytics
HTTP/HTTPS Web content ltering1
• URL ltering
• Anti-proxy technology
• Keyword blocking
• Policy-based ltering (exclusion/
inclusion)
• HTTP header insertion
• Bandwidth manage CFS rating
categories
• Unied policy model with app control
• Content Filtering Client
VPN
• Auto-provision VPN
• IPSec VPN for site-to-site connectivity
• SSL VPN and IPSec client remote access
• Redundant VPN gateway
• Mobile Connect for iOS, Mac OS X ,
Windows, Chrome, Android and
Kindle Fire
• Route-based VPN (OSPF, RIP, BGP)
Networking
• Secure SD-WAN
• PortShield
• Enhanced logging
• Layer-2 QoS
• Port security
• Dynamic routing (RIP/OSPF/BGP)
• SonicWall wireless controller
• Policy-based routing
(ToS/metric and ECMP)
• Asymmetric routing
• DHCP server
• NAT
• Bandwidth management
• High availability - Active/Standby with
state sync
2
• Inbound/outbound load balancing
• L2 bridge mode, NAT mode
• 3G/4G WAN failover
• Common Access Card (CAC) support
VoIP
• Granular QoS control
• Bandwidth management
• DPI for VoIP traf c
• H.323 gatekeeper and SIP proxy support
Management and monitoring
• Web GUI
• Command line interface (CLI)
• SNMPv2/ v3
• Centralized management and reporting
with SonicWall GMS and Capture
Security Center
• Logging
• Net ow/IPFix expor ting
• Cloud-based conguration backup
• Application and bandwidth visualization
• IPv4 and IPv6 management
• Dell N-Series and X-Series switch
management including cascaded
switches
2
Integrated Wireless
• Dual-band (2.4 GHz and 5.0 GHz)
• 802.11 a/b/g/n/ac wireless standards
• WIDS/WIPS
• Wireless guest services
• Lightweight hotspot messaging
• Virtual access point segmentation
• Captive portal
• Cloud ACL
2
1
Requires added subscription
2
State sync high availability only on SonicWall TZ500 and SonicWall TZ6 00 models
12
Page 13
SonicWall TZ series system specications
FIREWALL GENERALSOHO SERIESSOHO 250 SERIESTZ300 SERIESTZ350 SERIES
Operating systemSonicOS
Interfaces5x1GbE, 1 USB, 1 Console
Power over Ethernet (PoE) support——
5x1GbE, 1 USB,
1 Console
TZ300P - 2 ports
(2 PoE or 1 PoE+)
ExpansionUSB
ManagementCLI, SSH, Web UI, Capture Security Center, GMS, REST APIs
Single Sign-On (SSO) Users250350500500
VLAN interfaces25
Access points supported (maximum)2488
FIREWALL/VPN PERFORMANCESOHO SERIESSOHO 250 SERIESTZ300 SERIESTZ350 SERIES
Maximum connections (SPI)10,00050,000100,000100,000
Maximum connections (DPI)10,00050,00090,00090,000
Maximum connections (DPI SSL)25025,00025,00025,000
VPNSOHO SERIESSOHO 250 SERIESTZ300 SERIESTZ350 SERIES
HTTP URL, HTTPS IP, keyword and content scanning, Comprehensive ltering based
on le types such as ActiveX, Java, Cookies for privacy, allow/forbid lists
Comprehensive Anti-Spam ServiceSupported
Application VisualizationNoYesYesYes
Application ControlYesYe sYesYe s
Capture Advanced Threat ProtectionNoYe sYesYes
NETWORKINGSOHO SERIESSOHO 250 SERIESTZ300 SERIESTZ350 SERIES
IP address assignmentStatic, (DHCP, PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP relay
NAT modes1:1, 1:many, many:1, many:many, exible NAT (overlapping IPs), PAT, transparent mode
802.11a: Orthogonal Frequency Division
Multiplexing (OFDM); 802.11b: Direct
Sequence Spread Spectrum (DSSS);
802.11g: Orthogonal Frequency
Division Multiplexing (OFDM)/Direct
Sequence Spread Spectrum (DSSS);
802.11n: Orthogonal Frequency
Division Multiplexing (OFDM); 802.11ac:
Orthogonal Frequency Division
Multiplexing (OFDM)
*Future use.
1
Testing Methodologies: Maximum per formance based on RFC 2544 (for rewall). Actual performance may vary depending on net work conditions and ac tivated services.
2
Threat Prevention/ GatewayAV/Anti-Spyware/IPS throughput measured using indus try standard Spirent WebAvalanche HT TP perfor mance test and Ixia test tools. Testing
done with multiple ows through multiple port pairs. Threat Prevention throughput measured with Gateway AV, Anti-Spy ware, IPS and Applicat ion Control enabled.
3
VPN throughput measured using UDP trafc at 1280 by te packet size adhering to RFC 254 4. All speci cat ions, features and availability are subject to change.
4
BGP is available only on SonicWall TZ400, TZ500 and T Z60 0.
5
All TZ integr ated wireless models can support either 2.4GHz or 5GHz band. For dual-band support, please use SonicWall's wireless access point products
15
Page 16
SonicWall TZ series system specications cont'd
FIREWALL GENERALTZ400 SERIESTZ500 SERIESTZ600 SERIES
Operating systemSonicOS
Interfaces
7x1GbE, 1 USB,
1 Console
8x1GbE, 2 USB,
1 Console
Power over Ethernet (PoE) support——
ExpansionUSB2 USBExpansion Slot (Rear)*, 2 USB
ManagementCLI, SSH, Web UI, Capture Security Center, GMS, REST APIs
Single Sign-On (SSO) Users500500500
VLAN interfaces505050
Access points supported (maximum)161624
FIREWALL/VPN PERFORMANCETZ400 SERIESTZ500 SERIESTZ600 SERIES
Firewall inspection throughput
Threat Prevention throughput
Application inspection throughput
IPS throughput
2
Anti-malware inspection throughput
TLS/SSL inspection and decryption throughput
(DPI SSL)
2
IPSec VPN throughput
1
2
2
1.3 Gbps1.4 Gbps1.9 Gbps
600 Mbps700 Mbps800 Mbps
1.2 Gbps1.3 Gbps1.8 Gbps
900 Mbps1.0 Gbps1.2 Gbps
2
600 Mbps700 Mbps800 Mbps
180 Mbps225 Mbps300 Mbps
3
900 Mbps1.0 Gbps1.1 Gbps
Connections per second6,0008,00012,000
Maximum connections (SPI)150,000150,000150,000
Maximum connections (DPI)125,000125,000125,000
Maximum connections (DPI SSL)25,00025,00025,000
HTTP URL, HTTPS IP, keyword and content scanning, Comprehensive ltering based on le types
such as ActiveX, Java, Cookies for privacy, allow/forbid lists
Comprehensive Anti-Spam ServiceSupported
Application VisualizationYesYesYes
Application ControlYesYesYes
Capture Advanced Threat ProtectionYesYesYes
NETWORKINGTZ400 SERIESTZ500 SERIESTZ600 SERIES
IP address assignmentStatic, (DHCP, PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP relay
Frequency Division Multiplexing (OFDM); 802.11ac: Orthogonal
Frequency Division Multiplexing (OFDM)
—
—
—
—
—
—
18
Page 19
SonicWall TZ Series ordering information
ProductSKU
SOHO 250 with 1-year TotalSecure Advanced Edition02-SSC-1815
SOHO 250 Wireless-AC with 1-year TotalSecure Advanced Edition02-SSC-1824
TZ300 with 1-year TotalSecure Advanced Edition01-SSC-1702
TZ300 Wireless-AC with 1-year TotalSecure Advanced Edition01-SSC-1703
TZ300P with 1-year TotalSecure Advanced Edition02-SSC-0602
TZ350 with 1-year TotalSecure Advanced Edition02-SSC-1843
TZ350 Wireless-AC with 1-year TotalSecure Advanced Edition02-SSC-1851
TZ400 with 1-year TotalSecure Advanced Edition01-SSC-1705
TZ400 Wireless-AC with 1-year TotalSecure Advanced Edition01-SSC-1706
TZ500 with 1-year TotalSecure Advanced Edition01-SSC-1708
TZ500 Wireless-AC with 1-year TotalSecure Advanced Edition01-SSC-1709
TZ600 with 1-year TotalSecure Advanced Edition01-SSC-1711
TZ600P with 1-year TotalSecure Advanced Edition02-SSC-0600
High availability options (each unit must be the same model)
TZ500 High Availability01-SSC-0439
TZ600 High Availability01-SSC-0220
ServicesSKU
For SonicWall SOHO 250 Series
Advanced Gateway Security Suite - Capture ATP, Threat Prevention, Firewall management and reporting,
Shadow IT Visibility, and 24x7 Support (1-year)
Capture Advanced Threat Protection for SOHO 250 (1-year)02-SSC-1732
Gateway Anti-Virus, Intrusion Prevention and Application Control (1-year)02-SSC-1750
Content Filtering Service (1-year)02-SSC-1744
Comprehensive Anti-Spam Service (1-year)02-SSC-1823
24x7 Support (1-year)02-SSC-1720
For SonicWall TZ300 Series
Advanced Gateway Security Suite - Capture ATP, Threat Prevention, Firewall management and reporting,
Shadow IT Visibility, and 24x7 Support (1-year)
Capture Advanced Threat Protection for TZ300 (1-year)01-SSC-1435
Gateway Anti-Virus, Intrusion Prevention and Application Control (1-year)01-SSC-0602
Content Filtering Service (1-year)01-SSC-0608
Comprehensive Anti-Spam Service (1-year)01-SSC-0632
24x7 Support (1-year)01-SSC-0620
For SonicWall TZ350 Series
Advanced Gateway Security Suite - Capture ATP, Threat Prevention, Firewall management and reporting,
Shadow IT Visibility, and 24x7 Support (1-year)
Capture Advanced Threat Protection for TZ350 (1-year)02-SSC-1779
Gateway Anti-Virus, Intrusion Prevention and Application Control (1-year)02-SSC-1797
Content Filtering Service (1-year)02-SSC-1791
Comprehensive Anti-Spam Service (1-year)02-SSC-1809
24x7 Support (1-year)02-SSC-1767
02-SSC-1726
01-SSC-1430
02-SSC-1773
19
Page 20
SonicWall TZ Series ordering information
For SonicWall TZ400 Series
Advanced Gateway Security Suite - Capture ATP, Threat Prevention, Firewall management and reporting,
Shadow IT Visibility, and 24x7 Support (1-year)
Capture Advanced Threat Protection for TZ400 (1-year)01-SSC-1445
Gateway Anti-Virus, Intrusion Prevention and Application Control (1-year)01-SSC-0534
Content Filtering Service (1-year)01-SSC-0540
Comprehensive Anti-Spam Service (1-year)01-SSC-0561
24x7 Support (1-year)01-SSC-0552
For SonicWall TZ500 Series
Advanced Gateway Security Suite - Capture ATP, Threat Prevention, Firewall management and reporting,
Shadow IT Visibility, and 24x7 Support (1-year)
Capture Advanced Threat Protection for TZ500 (1-year)01-SSC-1455
Gateway Anti-Virus, Intrusion Prevention and Application Control (1-year)01-SSC-0458
Content Filtering Service (1-year)01-SSC-0464
Comprehensive Anti-Spam Service (1-year)01-SSC-0482
24x7 Support (1-year)01-SSC-0476
For SonicWall TZ600 Series
Advanced Gateway Security Suite - Capture ATP, Threat Prevention, Firewall management and reporting,
Shadow IT Visibility, and 24x7 Support (1-year)
Capture Advanced Threat Protection for TZ600 (1-year)01-SSC-1465
Gateway Anti-Virus, Intrusion Prevention and Application Control (1-year)01-SSC-0228
Content Filtering Service (1-year)01-SSC-0234
Comprehensive Anti-Spam Service (1-year)01-SSC-0252
24x7 Support (1-year)01-SSC-0246
01-SSC-1440
01-SSC-1450
01-SSC-1460
Regulatory model numbers
SOHO/SOHO WirelessA PL31- 0B9/AP L41-0BA
SOHO 250/SOHO 250 WirelessAP L41-0D6 /A P L41-0B A
TZ300/ TZ300 Wireless/
TZ300P
TZ350/ TZ350 Wireless APL28-0B4/APL28-0B5
TZ400/ TZ400 WirelessAPL28-0B4/APL28-0B5
TZ500/ TZ500 WirelessAPL29-0B6/APL29-0B7
TZ600/ TZ600PAPL30-0B8/APL48-0D3
The Gartner Peer Insights Customers’ Choice logo is a trademark and service mark of Gartner, Inc., and/or its afliates, and is used herein with permission. All rights reser ved. Gartner Peer Insights
Customers’ Choice distinctions are determined by the subjective opinions of individual end-user customers based on their own experiences, the number of published reviews on Gartner Peer Insights and
overall ratings for a given vendor in the market, as further described here, and are not intended in any way to represent the views of Gartner or its afliates.
SonicWall, Inc.
1033 McCarthy Boulevard | Milpitas, CA 95035
Refer to our website for additional information.
aliates in the U.S.A. and/or other countries. All other trademarks and
registered trademarks are property of their respective owners.
Datasheet-TZ Series-US-VG-340
SonicWall has been ghting the cybercriminal industry for over
27 years defending small and medium businesses, enterprises
and government agencies worldwide. Backed by research
from SonicWall Capture Labs, our award- winning, real-time
breach detection and prevention solutions secure more than a
million networks, and their emails, applications and data, in over
215 countries and territories. These organizations run more
effectively and fear less about security. For more information,
visit www.sonicwall.comor follow us on Twit t e r, LinkedIn,
Facebook andInstagram.
About SonicWall
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.