Dell TZ500 User Manual

SonicWall TZ series

Exceptional security and stellar performance at a disruptively low TCO

The SonicWall TZ series of Unied Threat

Management (UTM) rewalls is ideally
suited for any organization that requires
enterprise-grade network protection.

SonicWall TZ series rewalls provide
broad protection with advanced
security services consisting of on­box and cloud-based anti-malware,
anti-spyware, application control,
intrusion prevention system (IPS), and
URL ltering. To counter the trend of
encrypted attacks, the TZ series has the
processing power to inspect encrypted
SSL/TLS connections against the latest
threats. Combined with Dell X-Series
switches, selected TZ series rewalls can
directly manage the security of these
additional ports.

Backed by the SonicWall Capture

Threat Network, the SonicWall TZ

series delivers continuous updates to
maintain a strong network defense
against cybercriminals. The SonicWall

TZ series is able to scan every byte of

every packet on all ports and protocols
with almost zero latency and no le
size limitations.

The SonicWall TZ series features Gigabit

Ethernet ports, optional integrated

802.11ac wireless*, IPSec and SSL VPN,
failover through integrated 3G/4G
support, load balancing and network

segmentation. The SonicWall TZ series
UTM rewalls also provide fast, secure
mobile access over Apple iOS, Google
Android, Amazon Kindle, Windows,
Mac OS X and Linux platforms.

The SonicWall Global Management

System (GMS) enables centralized
deployment and management of
SonicWall TZ series rewalls from a
single system.

Managed security for
distributed environments

Schools, retail shops, remote sites,
branch ofces and distributed
enterprises need a solution that
integrates with their corporate
rewall. SonicWall TZ series rewalls
share the same code base—and
same protection—as our agship
SuperMassive next-generation rewalls.

This simplies remote site management,

as every administrator sees the same
user interface (UI). GMS enables
network administrators to congure,
monitor and manage remote SonicWall
rewalls through a single pane of
glass. By adding high-speed, secure
wireless, the SonicWall TZ series extends
the protection perimeter to include
customers and guests frequenting the
retail site or remote ofce.

Benets:

• Enterprise grade network
protection

• Deep packet inspection of all trafc
without restrictions on le size or
protocol

• Secure 802.11ac wireless
connectivity using integrated
wireless controller or via
external SonicPoint wireless access
points

• SSL VPN mobile access for Apple
iOS, Google Android, Amazon
Kindle, Windows, Mac OS and
Linux devices

• Over 100 additional por ts can
be securely managed by the
TZ console when deployed in
combination with Dell X-Series
switches

* 802.11ac currently not available on SOHO models; SOHO models support 802.11a/b/g/n

SonicWall TZ600 series

For emerging enterprises, retail and branch ofces looking for security performance at a value price, the SonicWall TZ600 next­generation rewall secures networks with enterprise-class features and uncompromising performance.

Specication TZ600 series

Firewall throughput 1.5 Gbps

Full DPI throughput 500 Mbps

Anti-malware throughput 500 Mbps

IPS throughput 1.1 Gbps

IMIX throughput 900 Mbps

Max DPI connections 125,000

New connections/sec 12,000

Power LED Test LED

USB port
(3G/4G WAN
failover)

Link and
activity
indicator LEDs

Expansion
module

Console
port

8x1-GbE
switch
(congurable)

X0 LAN port
X1 WAN port

SonicWall TZ500 series

For growing branch ofces and SMBs, the SonicWall TZ500 series delivers highly effective, no-compromise protection with
network productivity and optional integrated 802.11ac dual-band wireless.

Specication TZ500 series

Firewall throughput 1.4 Gbps

Full DPI throughput 400 Mbps

Anti-malware throughput 400 Mbps

IPS throughput 1.0 Gbps

IMIX throughput 700 Mbps

Max DPI connections 100,000

New connections/sec 8,000

Optional
802 .11ac
wireless

Secure

power

Power LED Test LED 6x1-GbE switch

USB port
(3G/4G WAN
failover)

Link and
activity
indicator LEDs

Console
port

(congurable)

X0 LAN port
X1 WAN port

Secure

power

2

SonicWall TZ400 series

For small business, retail and branch ofce locations, the SonicWall TZ400 series delivers enterprise-grade protection. Flexible
wireless deployment is available with optional 802.11ac dual-band wireless integrated into the rewall.

Specication TZ400 series

Firewall throughput 1.3 Gbps

Full DPI throughput 300 Mbps

Anti-malware throughput 300 Mbps

IPS throughput 900 Mbps

IMIX throughput 500 Mbps

Max DPI connections 90,000

New connections/sec 6,000

Optional
802 .11ac
wireless

Power LED Test LED 5x1-GbE switch

USB port
(3G/4G WAN
failover)

Link and
activity
indicator

Console
port

(congurable)

X0 LAN port
X1 WAN port

Secure

power

LEDs

SonicWall TZ300 series

The SonicWall TZ300 series offers an all-in-one solution that protects networks from attack. Unlike consumer grade products, the

SonicWall TZ300 series rewall combines effective intrusion prevention, anti-malware and content/URL ltering with optional

802.11ac integrated wireless and broadest secure mobile platforms support for laptops, smartphones and tablets.

Specication TZ300 series

Firewall throughput 750 Mbps

Full DPI throughput 100 Mbps

Anti-malware throughput 100 Mbps

IPS throughput 300 Mbps

IMIX throughput 200 Mbps

Max DPI connections 50,000

New connections/sec 5,000

Optional
802 .11ac
wireless

Power LED Test LED

USB port
(3G/4G WAN
failover)

Link and
activity
indicator LEDs

Console
port

3x1-GbE switch
(congurable)

X0 LAN port
X1 WAN port

Secure

power

3

SonicWall SOHO series

For wired and wireless small and home ofce environments, the SonicWall SOHO series delivers the same business-class protection
large organizations require at a more affordable price point.

Specication SOHO series

Firewall throughput 300 Mbps

Full DPI throughput 50 Mbps

Anti-malware throughput 50 Mbps

IPS throughput 100 Mbps

IMIX throughput 60 Mbps

Max DPI connections 10,000

New connections/sec 1,8 00

Optional
802 .11n
wireless

Power LED Test LED

Link and
activity
indicator LEDs

USB port
(3G/4G WAN
failover)

Extensible architecture for extreme scalability
and performance

The Reassembly-Free Deep Packet Inspection (RFDPI) engine
is designed from the ground up with an emphasis on providing
security scanning at a high performance level, to match both
the inherently parallel and ever-growing nature of network
trafc. When combined with multi-core processor systems, this
parallel-centric software architecture scales up perfectly to

NSA or SuperMassive

Corporate

Headquarters

Console
port

3x1-GbE switch
(congurable)

X0 LAN port
X1 WAN port

Secure

power

address the demands of deep packet inspection at high trafc
loads. The SonicWall TZ Series platform relies on processors
that, unlike x86, are optimized for packet, crypto and network
processing while retaining exibility and programmability in
the eld — a weak point for ASICs systems. This exibility is
essential when new code and behavior updates are necessary
to protect against new attacks that require updated and more
sophisticated detection techniques.

SOHO

Home office

Internet

TZ400

Global Management System

TZ600

18 port

X-Series switch

4

Small

branch office

Large

branch office

Reassembly-Free Deep Packet Inspection
(RFDPI) engine

The RFDPI engine provides superior threat protection and

application control without compromising performance. This
patented engine inspects the trafc stream to detect threats
at Layers 3-7. The RFDPI engine takes network streams through
extensive and repeated normalization and decryption in
order to neutralize advanced evasion techniques that seek
to confuse detection engines and sneak malicious code
into the network. Once a packet undergoes the necessary
preprocessing, including SSL decryption, it is analyzed against

a single proprietary memory representation of three signature
databases: intrusion attacks, malware and applications. The
connection state is then advanced to represent the position
of the stream relative to these databases until it encounters
a state of attack, or another “match” event, at which point a
pre-set action is taken. As malware is identied, the SonicWall
rewall terminates the connection before any compromise
can be achieved and properly logs the event. However, the
engine can also be congured for inspection only or, in the
case of application detection, to provide Layer 7 bandwidth
management services for the remainder of the application
stream as soon as the application is identied.

Packet assembly-based process

Packet

disassembly

Traffic out

Inspection capacity

Min Max

Traffic in

Inspection time

Less More

Proxy

Scanning

When proxy

becomes full or

content too large,

files bypass

scanning.

Global management and reporting

For larger, distributed enterprise deployments, the optional
SonicWall Global Management System (GMS) provides
administrators a unied, secure and extensible platform to
manage SonicWall security appliances and Dell X-Series
switches. It enables enterprises to easily consolidate the
management of security appliances, reduce administrative
and troubleshooting complexities and governs all operational

Packet reassembly-free process

Traffic in

Inspection time

Less More

Reassembly-free packet

scanning eliminates proxy

and content size limitations.

Traffic out

Inspection capacity

Min Max

SonicWall stream-based architectureCompetitive proxy-based architecture

aspects of the security infrastructure including centralized

policy management and enforcement, real-time event
monitoring, analytics and reporting, and more. GMS also meets
the rewall change management requirements of enterprises
through a workow automation feature. GMS provides a
better way to manage network security by business processes

and service levels that dramatically simplify the lifecycle

management of your overall security environments rather than

on a device-by-device basis.

5