SonicWall TZ series
Exceptional security and stellar performance at a disruptively low TCO
The SonicWall TZ series of Unified Threat Management (UTM) firewalls is ideally suited for any organization that requires enterprise-grade network protection.
SonicWall TZ series firewalls provide broad protection with advanced security services consisting of onbox and cloud-based anti-malware, anti-spyware, application control, intrusion prevention system (IPS), and URL filtering. To counter the trend of
encrypted attacks, the TZ series has the processing power to inspect encrypted SSL/TLS connections against the latest threats. Combined with Dell X-Series switches, selected TZ series firewalls can directly manage the security of these additional ports.
Backed by the SonicWall Capture Threat Network, the SonicWall TZ series delivers continuous updates to maintain a strong network defense against cybercriminals. The SonicWall TZ series is able to scan every byte of every packet on all ports and protocols with almost zero latency and no file size limitations.
The SonicWall TZ series features Gigabit Ethernet ports, optional integrated 802.11ac wireless*, IPSec and SSL VPN, failover through integrated 3G/4G support, load balancing and network
segmentation. The SonicWall TZ series UTM firewalls also provide fast, secure mobile access over Apple iOS, Google Android, Amazon Kindle, Windows, Mac OS X and Linux platforms.
The SonicWall Global Management System (GMS) enables centralized deployment and management of SonicWall TZ series firewalls from a single system.
Managed security for distributed environments
Schools, retail shops, remote sites, branch offices and distributed enterprises need a solution that integrates with their corporate firewall. SonicWall TZ series firewalls share the same code base—and same protection—as our flagship
SuperMassive next-generation firewalls. This simplifies remote site management, as every administrator sees the same user interface (UI). GMS enables network administrators to configure, monitor and manage remote SonicWall firewalls through a single pane of glass. By adding high-speed, secure
wireless, the SonicWall TZ series extends the protection perimeter to include customers and guests frequenting the retail site or remote office.
* 802.11ac currently not available on SOHO models; SOHO models support 802.11a/b/g/n
Benefits:
•Enterprise grade network protection
•Deep packet inspection of all traffic without restrictions on file size or protocol
•Secure 802.11ac wireless connectivity using integrated wireless controller or via
external SonicPoint wireless access points
•SSL VPN mobile access for Apple iOS, Google Android, Amazon Kindle, Windows, Mac OS and Linux devices
•Over 100 additional ports can be securely managed by the TZ console when deployed in combination with Dell X-Series switches
SonicWall TZ600 series
For emerging enterprises, retail and branch offices looking for security performance at a value price, the SonicWall TZ600 nextgeneration firewall secures networks with enterprise-class features and uncompromising performance.
Specification |
TZ600 series |
Firewall throughput |
1.5 Gbps |
Full DPI throughput |
500 Mbps |
Anti-malware throughput |
500 Mbps |
IPS throughput |
1.1 Gbps |
IMIX throughput |
900 Mbps |
Max DPI connections |
125,000 |
New connections/sec |
12,000 |
Power LED Test LED USB port |
Link and |
(3G/4G WAN |
activity |
failover) |
indicator LEDs |
Expansion |
Console |
8x1-GbE |
X0 LAN port |
Secure |
module |
port |
switch |
X1 WAN port |
power |
|
|
(configurable) |
|
|
SonicWall TZ500 series
For growing branch offices and SMBs, the SonicWall TZ500 series delivers highly effective, no-compromise protection with network productivity and optional integrated 802.11ac dual-band wireless.
Specification |
TZ500 series |
|
|
|
|
Firewall throughput |
1.4 Gbps |
|
|
|
|
Full DPI throughput |
400 Mbps |
|
|
|
|
Anti-malware throughput |
400 Mbps |
|
|
|
|
IPS throughput |
1.0 Gbps |
|
|
Optional |
|
|
|
||||
|
|
|
|
802.11ac |
|
IMIX throughput |
700 Mbps |
||||
|
|
wireless |
|||
Max DPI connections |
100,000 |
|
|
|
|
New connections/sec |
8,000 |
|
|
|
Power LED Test LED |
USB port |
Link and |
Console |
6x1-GbE |
X0 LAN port |
Secure |
|
(3G/4G WAN |
activity |
port |
switch |
X1 WAN port |
power |
|
failover) |
indicator LEDs |
|
(configurable) |
|
|
2
SonicWall TZ400 series
For small business, retail and branch office locations, the SonicWall TZ400 series delivers enterprise-grade protection. Flexible wireless deployment is available with optional 802.11ac dual-band wireless integrated into the firewall.
Specification |
TZ400 series |
|
|
|
|
Firewall throughput |
1.3 Gbps |
|
|
|
|
Full DPI throughput |
300 Mbps |
|
|
|
|
Anti-malware throughput |
300 Mbps |
|
|
|
|
IPS throughput |
900 Mbps |
|
|
Optional |
|
IMIX throughput |
500 Mbps |
|
|
802.11ac |
|
|
|
|
|
wireless |
|
Max DPI connections |
90,000 |
||||
|
|
|
|||
New connections/sec |
6,000 |
|
|
|
Power LED Test LED |
USB port |
Link and |
Console |
5x1-GbE switch |
X0 LAN port |
Secure |
|
(3G/4G WAN |
activity |
port |
(configurable) |
X1 WAN port |
power |
|
failover) |
indicator |
|
|
|
|
|
|
LEDs |
|
|
|
|
SonicWall TZ300 series
The SonicWall TZ300 series offers an all-in-one solution that protects networks from attack. Unlike consumer grade products, the SonicWall TZ300 series firewall combines effective intrusion prevention, anti-malware and content/URL filtering with optional 802.11ac integrated wireless and broadest secure mobile platforms support for laptops, smartphones and tablets.
Specification |
TZ300 series |
|
|
|
Firewall throughput |
750 Mbps |
|
|
|
Full DPI throughput |
100 Mbps |
|
|
|
Anti-malware throughput |
100 Mbps |
|
|
|
IPS throughput |
300 Mbps |
|
|
Optional |
|
|
|||
IMIX throughput |
200 Mbps |
|
|
802.11ac |
|
|
wireless |
||
Max DPI connections |
50,000 |
|
|
|
|
|
|
||
New connections/sec |
5,000 |
|
|
|
Power LED Test LED |
USB port |
Link and |
Console |
3x1-GbE switch |
X0 LAN port |
Secure |
|
(3G/4G WAN |
activity |
port |
(configurable) |
X1 WAN port |
power |
|
failover) |
indicator LEDs |
|
|
|
|
3
SonicWall SOHO series
For wired and wireless small and home office environments, the SonicWall SOHO series delivers the same business-class protection large organizations require at a more affordable price point.
Specification |
SOHO series |
|
|
|
|
Firewall throughput |
300 Mbps |
|
|
|
|
Full DPI throughput |
50 Mbps |
|
|
|
|
Anti-malware throughput |
50 Mbps |
|
|
Optional |
|
|
|
||||
|
|
|
|
802.11n |
|
IPS throughput |
100 Mbps |
||||
|
|
wireless |
|||
IMIX throughput |
60 Mbps |
|
|
||
|
|
|
|||
Max DPI connections |
10,000 |
|
|
|
|
New connections/sec |
1,800 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Power LED Test LED |
Link and |
USB port |
Console |
3x1-GbE switch |
X0 LAN port |
Secure |
|||||||||||
port |
(configurable) |
X1 WAN port |
power |
||||||||||||||
|
|
|
|
activity |
(3G/4G WAN |
||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
||||||
|
|
|
|
indicator LEDs |
failover) |
|
|
|
|
|
|
|
|
Extensible architecture for extreme scalability and performance
The Reassembly-Free Deep Packet Inspection (RFDPI) engine is designed from the ground up with an emphasis on providing security scanning at a high performance level, to match both the inherently parallel and ever-growing nature of network traffic. When combined with multi-core processor systems, this parallel-centric software architecture scales up perfectly to
address the demands of deep packet inspection at high traffic loads. The SonicWall TZ Series platform relies on processors that, unlike x86, are optimized for packet, crypto and network processing while retaining flexibility and programmability in the field — a weak point for ASICs systems. This flexibility is essential when new code and behavior updates are necessary to protect against new attacks that require updated and more sophisticated detection techniques.
|
|
NSA or SuperMassive |
|
|
|
|
|
|
|
|
|
|||||
|
|
|
|
|
|
|
|
|
|
|
||||||
|
|
|
|
|
|
|
|
|
SOHO |
Home office |
||||||
|
|
|
|
|
|
|
|
|
|
|
||||||
|
|
|
|
|
|
|
|
Internet |
|
|
|
|
|
|
|
|
Corporate |
|
|
|
|
|
|
|
|
|
|||||||
|
|
|
|
|
|
|
|
|
|
|||||||
Headquarters |
|
|
|
|
|
|
|
|
|
|
||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
TZ400 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Small |
||||||
|
|
|
|
|
|
|
|
|
|
|
|
|||||
|
|
Global Management System |
|
|
|
branch office |
||||||||||
|
|
|
|
|
|
|
|
|
|
|
||||||
|
|
|
|
|
|
|
|
|
TZ600 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
18 port |
Large |
|
X-Series switch |
||
branch office |
||
|
4
Reassembly-Free Deep Packet Inspection (RFDPI) engine
The RFDPI engine provides superior threat protection and application control without compromising performance. This patented engine inspects the traffic stream to detect threats at Layers 3-7. The RFDPI engine takes network streams through extensive and repeated normalization and decryption in order to neutralize advanced evasion techniques that seek
to confuse detection engines and sneak malicious code into the network. Once a packet undergoes the necessary
preprocessing, including SSL decryption, it is analyzed against
Packet assembly-based process
|
|
|
|
|
|
|
Packet |
|
|
|
|
|
Traffic in |
|
|
|
|
|
Traffic out |
||
|
|
|
|
|
|
|
|
|
|
|
Inspection time |
When proxy |
|
Inspection capacity |
|||||||
becomes full or |
|
|||||||||
|
|
|
|
content too large, |
|
|
|
|
||
Less |
More |
files bypass |
|
Min |
Max |
|||||
|
|
|
|
|
scanning. |
|
|
|
|
Competitive proxy-based architecture
Global management and reporting
For larger, distributed enterprise deployments, the optional SonicWall Global Management System (GMS) provides administrators a unified, secure and extensible platform to manage SonicWall security appliances and Dell X-Series switches. It enables enterprises to easily consolidate the management of security appliances, reduce administrative and troubleshooting complexities and governs all operational
a single proprietary memory representation of three signature databases: intrusion attacks, malware and applications. The connection state is then advanced to represent the position of the stream relative to these databases until it encounters a state of attack, or another “match” event, at which point a pre-set action is taken. As malware is identified, the SonicWall firewall terminates the connection before any compromise can be achieved and properly logs the event. However, the engine can also be configured for inspection only or, in the case of application detection, to provide Layer 7 bandwidth management services for the remainder of the application stream as soon as the application is identified.
Packet reassembly-free process
|
Traffic in |
|
|
|
|
|
|
Traffic out |
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
|
|
Inspection time |
|
|
|
|
|
|
Inspection capacity |
|||
|
|
|
|
|
|
|||||
|
|
|
||||||||
Less |
More |
|
|
|
Min |
Max |
Reassembly-free packet scanning eliminates proxy and content size limitations.
SonicWall stream-based architecture
aspects of the security infrastructure including centralized policy management and enforcement, real-time event monitoring, analytics and reporting, and more. GMS also meets the firewall change management requirements of enterprises through a workflow automation feature. GMS provides a better way to manage network security by business processes and service levels that dramatically simplify the lifecycle management of your overall security environments rather than on a device-by-device basis.
5