SonicWALL TZ-215 User Manual

SonicWALL TZ 215 Series

FIREWALL

High performance

security engine

Integrated intrusion

prevention

Advanced IPSec

and SSL VPN

Streamlined GUI and advanced management wizards

Application intelligence, control and visualization

Dual-band wireless

Content/URL filtering

Gateway Anti-Virus and Anti-Spyware Service

Comprehensive Anti-Spam Service

Multiple security zones

WAN/ISP redundancy and failover

Comprehensive centralized management

Enforced Client Anti-Virus

The highest-performing, most secure UTM ﬁrewall for small oﬃces

Today’s evolving threat landscape renders stateful packet inspection (SPI) ﬁrewalls irrelevant. SPI does not secure your organization against malware passing from the web and mobile devices or enable application control, which can hurt the productivity of your employees and your organization. In addition, as businesscritical applications move to the cloud, organizations need to ensure that bandwidth is available so that employees can quickly and easily access vital data. Only deep packet inspection (DPI) can do all this, by inspecting every byte of every packet. However, lesser solutions lack the power and sophistication to accomplish DPI without turning the ﬁrewall into a bottleneck for high-speed broadband networks. Organizations should not have to trade advanced DPI security and application control for network performance.

The new SonicWALL® TZ 215 is the highest-performing, most secure Uniﬁed Threat Management (UTM) ﬁrewall available today in its price point. It provides full deep packet inspection (DPI) without diminishing network performance, thus eliminating bottlenecks that other products introduce, while enabling businesses to realize increased productivity gains.

Designed for small businesses, distributed enterprises, branch oﬃces and retail deployments, the new TZ 215 elegantly integrates the most eﬀective anti-malware, intrusion prevention, URL ﬁltering into a single solution, driving down cost and complexity. The TZ 215 adds application intelligence and control to ensure bandwidth for critical applications, while throttling non-productive ones. It speeds troubleshooting and forensics of real-time and historic data, using drill-down visualization and Application Traﬃc Analytics to provide deep insight into bandwidth utilization and security threats. Advanced networking features include multiple ISP failover and load balancing, optional dual-band secure wireless, IPSec VPN support, network segmentation and PCI compliance capabilities. The TZ 215 is the only UTM ﬁrewall with a native VPN remote access client for iOS, Google® Android™, Windows, Mac OS and Linux that supports Clean VPN™, which decontaminates threats from VPN traﬃc. SonicWALL Enforced Client Anti-Virus and Anti-Spyware provides maximum prevention with virtually no administrative overhead, and is available for purchase with either McAfee® or Kaspersky® anti-virus software. The TZ 215 is the most trusted, reliable and easy-to-use security platform on the market.

Features and Benefits

High-performance security engine uses patented

Reassembly-Free Deep Packet Inspection® technology* to examine traffic simultaneously across all ports without introducing latency to the network.

Integrated intrusion prevention protects against a comprehensive array of network-based application-layer exploits that target both servers and client machines on the network.

Advanced IPSec and SSL VPN connectivity options provide easy-to-use, secure, high-speed office-to-of fice and client-to-of fice remote access.

Streamlined GUI and advanced management ease deployment and configuration through intuitive set-up wizards and a powerful web interface.

Application intelligence, control and visualization offers real-time categorization of

application traffic by user, delivering insight into the network for quick diagnosis and reaction to potential issues.

Dual-band wireless provides integrated 802.11a/b/g/n secure wireless access for network clients over the 2.4 GHz and the 5 GHz spectrums, and is perfect for retail and office environments.

Content/URL filtering helps organizations and educational institutions enforce their acceptable-use policies and protect against inappropriate, illegal and dangerous web content.

SonicWALL Gateway Anti-Virus and Anti-Spyware Service provides the ﬁrst layer of defense against Trojans,

viruses, key loggers and other malware by blocking them at the gateway.

SonicWALL Comprehensive Anti-Spam Service utilizes real-time sender IP reputation analysis and cloudbased Advanced Content Management techniques to remove spam, phishing and virus-laden messages from inbound SMTP-based emails before they reach the network.

Multiple security zones provide network segregation with distinct security policies for each network segment.

WAN/ISP redundancy and failover increases network availability by seamlessly transitioning between multiple ISP connections in case of failure.

Comprehensive centralized management using the SonicWALL Global Management System (GMS®) provides award-winning tools for simplified configuration, enforcement and reporting of global security policies, VPN and services, all from a central location.

SonicWALL Enforced Client Anti-Virus provides an added layer of protection by ensuring network users are actively running McAfee or Kaspersky anti-virus software.

* U.S. Patents 7,310,815; 7,60 0,257; 7,738,380; 7,835,361

Specifications

SonicWALL T Z 215 01-SS C-497 8

SonicWALL T Z 215 TotalSecure* 01-SSC-4982

SonicWALL T Z 215 Wireless-N (US/Canada) 01-SS C-497 9

SonicWALL TZ 215 Wirel ess-N TotalSecure* (US/Canada) 01-SS C-49 84

Firewall

SonicOS Version SonicOS 5.8 .1 and later Stateful Throughput1 500 Mbps IPS Throughput2 110 Mb ps GAV Throughput2 70 Mbps UTM Throughput2 6 0 Mbps IMIX Throughput2 110 Mb ps Maximum Connections3 48,000 Maximum UTM/DPI Connections 32,000 New Connections/Sec 1,800 Nodes Supported Unrestricted Denial of Service Attack Protection 22 classes of D oS, DDoS and scanning at tacks SonicPoints Supported 16

VPN

3DES/AES Throughput4 130 M bps Site-to-Site VPN Tunnels 15 Bundle d GVC Licenses (M aximum) 2 (25) Bundled SSL VPN Licenses (Maximum) 2 (10) Encryption/Authentication/DH Group DES, 3DES, AE S (128, 142, 256-bit ), MD5, SHA-1/DH Group 1, 2, 5, 14 Virtual Assist Bundled (Maximum) 30-day t rial (2) Key Excha nge IKE, Manual Ke y, Certificates (X .509), L2TP over IPSe c Certificate Support Verisign, Th awte, Cybertrust , RSA Keon, Entrust an d Microsoft CA fo r SonicWALL-to-SonicWALL VPN, S CEP VPN Featu res Dea d Peer Detection, D HCP Over VPN, IPSec N AT Tr aversal, Redundan t VPN Gateway, Route-ba sed VPN Global VPN Client Platforms Supported Microsof t® Windows 200 0, Windows XP, Vista 32/64- bit, Windows 7 32/64 -bit SSL VPN Plat forms Microsof t Windows 200 0/XP/Vista 32/64- bit/Windo ws 7, Mac OSX 10.4+, Linux FC 3+/Ubuntu 7+/OpenSUSE Mobile Connect Platform Supported Apple® iOS 4. 2 or higher, Google® And roid™ 4.0 or higher

Security Services

Deep Packet Inspection Service s Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, Application Intelligence and Control Content Filtering Service (CFS) HTTP UR L, HTTPS IP, keyword a nd content scanning , ActiveX, Java Ap plet, and cooki e blocking,

bandwidth management on ﬁltering categories, allow/forbid lists Enforced Client Anti-Virus and Anti-Spyware McAfee® or Kasp ersky® Comprehensive Anti-Spam Service6 Supported Application Intelligence and Control Application Traﬃc Visualization, Application Bandwidth Management

Networking

IP Address Assignment Static, (DHC P, P PPoE, L2TP and PPTP c lient), Internal DHCP s erver, DHCP relay NAT Modes 1:1, 1:m any, many:1, many:many, ﬂexible NAT (overlapp ing IPs), PAT, transparent mode VLANS 20, PortShield DHCP Internal server, relay Routin g OSPF, RIP v1/v2, static routes,

policy-based routing, multicast

Authentication XAUTH/R ADIUS, Active Dire ctory, SSO, LDAP, Novell, internal use r database, Terminal Ser vices, Citrix Local User Database 150 use rs VoIP Full H.323v1-5, SIP, gatekeeper suppor t, outbound ban dwidth management , VoIP over WLAN,

deep inspe ction securit y, full interoperabil ity with most VoIP ga teway and communicati ons devices

System

Zone Sec urity Yes Schedules Yes Object-based/Group-based Management Yes DDNS Dynamic DN S providers inclu de: dyndns.org , yi.org, no-ip. com and changeip.co m Management and Monitoring Local CLI, Web GU I (HTTP, HTTPS), SNMP v2; Gl obal management w ith SonicWALL GMS Logging and Reporting Analyzer, Scr utinizer, GMS, Local Lo g, Syslog, Soler a Networks, N etFlow v5/v9, IPFIX wit h Extensions, R eal-time Visuali zation Hardware Failover Active/Passive Anti-Spam RBL suppor t, Allowed/B locked Lists , Optional SonicWALL C omprehensive Anti -Spam Service6 Load Balancing Yes, Outgoing and Incoming Standards TCP/IP, UDP, ICMP, H TTP, HTTPS, IPS ec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802. 3 WAN Acceleration Support7 Yes

Built-in Wireless LAN

Standards 802.11a/b/g/n (WEP, WPA, WPA2, 802.11i, TKIP, PSK,02.1x, EAP-PEAP, EAP-TTLS) Virtu al Access Poi nts (VAPs) Up to 8 Antenn as (5 dBi Divers ity) Triple, detachable, external Radio Power–802.11a/802.11b/802.11g 15.5 dBm max /18 dBm max/17 dBM @ 6 Mbps, 13 dBM @ 54 Mbps Radio Power–802.11n (2.4GHz)/802.11n (5.0GHz) 19 dBm MCS 0, 11 dBm MCS 15/17 dBm MCS 0, 12 dBm MCS 15 Radio Receive Sensitivity–802.11a/802.11b/802.11g -95 d Bm MCS 0, -81 dBm MCS 15/-90 dBm @ 11Mbps/

-91 dBm @ 6Mbps, -74 dBm @ 54 Mbps Radio Receive Sensitivity–802.11n (2. 4GHz)/802.11n (5.0GHz) -89 dBm MCS 0, -70 dBm M CS 15/

-95 dBm MCS 0, -76 dBm MC S 15

Hardware Built-in Wireless LAN

Interfaces (7) 10/100/1000 Coppe r Gigabit, 2 USB, 1 Conso le Flash Memory/RAM 32 MB/512 MB 3G Wireless/Modem5 Support ed with approved a dapters5 USB Port s 2 Power Input 100 to 240 VAC, 50-60 Hz , 1 A Max Power Consumption 11W/ 15W Total Heat Dissipation 37BTU/50BTU Certiﬁcations VPNC, ICSA Fi rewall 4.1 Certiﬁcations Pending EAL4+, FIPS 140 -2 Level 2, IPv6 Phase 1, IPv6 P hase 2 Form Factor and Dimensions 7.12 5 x 1.5 x 10.5 in

(18.1 x 3.81 x 26.67 cm) Weight 1.95 lbs/0.97 kg

2.15 l bs/0 .97 k g

Major Regulatory Compliance FCC Class A, CES Class A, CE, C-Tick, VCCI, Com pliance MIC, NOM, U L, cUL, TUV/GS, CB, NOM , WEEE, RoHS Environment/Humidity 40-105° F, 0-40° C/ 5-95% non-condensing MTBF 28 yea rs/15 years

Testing Metho dologies: Maxim um performance b ased on RFC 2544 (fo r firewall). Actual p erformance may var y depending on ne twork condition s and activated ser vices. 2 UTM/Gateway AV/Anti-Spyware/IPS throughput measured using i ndustry stan dard Spirent WebAvalanche H TTP perfo rmance test and Ixia tes t tools. Testing done w ith multiple flo ws through multiple p ort pairs. 3 Actual maxi mum connection co unts are lower when DPI services a re enabled. 4 VPN throughpu t measured using UDP tr affic at 1280 byte pac ket size adhering to RFC 2 544. 5 3G card and modem are not included. See http://www.sonicwall.com/us/products/cardsupport.html for supporte d USB devices. 6 The Comprehe nsive Anti-Spam Ser vice supports an u nrestricted nu mber of users but is reco mmended for 250 use rs or less. 7 With SonicWALL W XA Series Appli ances.

TZ 215 Series

SonicWALL’s line-up of dynamic security solutions

SonicWALL, Inc.

2001 Logic Drive, San Jose, CA 95124

T +1 408.745.9600 F +1 408.745.9300

www.sonicwall.com

© 2012 SonicWALL, Inc. All righ ts reserved. Soni cWALL® is a r egistered trademar k of SonicWALL, Inc. and al l other SonicWALL produc t and service names a nd slogans are tradema rks or registered tr ademarks of Sonic WALL, Inc. Other produ ct and company names mentioned h erein may be trademar ks and/or registered tr ademarks of thei r respective owner s. 03/12 SW 1555C

NETWORK SECURITY

SECURE

REMOTE ACCESS

WEB AND E-MAIL

SECURITY

BACKUP

AND RECOVERY

POLICY AND

MANAGEMENT