Datasheet: Sonicwall Supermassive Series
Total Page:16
File Type:pdf, Size:1020Kb
SonicWall SuperMassive Series Uncompromising, high-performance, next-generation firewall protection for your enterprise network. The SonicWall SuperMassive Series is The RFDPI engine delivers full content SonicWall’s next-generation firewall inspection to eliminate various forms of (NGFW) platform designed for large malware before they enter the network networks to deliver scalability, reliability and provides protection against evolving and deep security at multi-gigabit threats — without file size, performance SuperMassive 9000 Series speeds with near zero latency. or latency limitations. Built to meet the needs of enterprise, The RFDPI engine also performs full Benefits: government, education, retail, healthcare decryption and inspection of TLS/SSL • Get complete breach prevention and service provider, the SuperMassive and SSH encrypted traffic as well as including high performance Series is ideal for securing distributed non-proxyable applications, enabling intrusion prevention, low latency enterprise networks, data centers and complete protection regardless of malware protection and cloud- service providers. transport or protocol. It looks deep inside based sandboxing every packets (the header and data part) The combination of SonicWall’s • Gain full granular application searching for protocol non-compliance, identification, control SonicOS operating system, patented* threats, zero-days, intrusions, and even and visualization Reassembly-Free Deep Packet defined criteria to detect and prevent ® Inspection (RFDPI) technology and attacks hidden inside encrypted traffic, • Find and block hidden threats with massively multi-core, highly scalable decryption and inspection of TLS/ cease the spread of infections, and SSL and SSH encrypted traffic, hardware architecture, the SuperMassive thwart command and control (C&C) without performance problems 9000 Series deliver industry-leading communications and data exfiltration. application control, intrusion prevention, Inclusion and exclusion rules allow total • Scale security performance for malware protection and TLS/SSL control to customize which traffic is 10/40 Gbps data centers decryption and inspection at multi- subject to decryption and inspection • Adapt to service-level increases gigabit speeds. The SuperMassive based on specific organizational and ensure network services Series is thoughtfully designed with compliance and/or legal requirements. and resources are available power, space and cooling (PSC) in mind, and protected providing the leading Gbps/watt NGFW Application traffic analytics enable in the industry for high performance the identification of productive and packet and data processing, application unproductive application traffic in real control and threat prevention. time, and traffic can then be controlled through powerful application-level The SonicWall RFDPI engine scans policies. Application control can be Partner Enabled Services every byte of every packet across all exercised on both a per-user and per- ports, delivering full content inspection group basis, along with schedules and Need help to plan, deploy of the entire stream while providing exception lists. All application, intrusion or optimize your SonicWall high performance and low latency. This prevention and malware signatures are solution? SonicWall technology is superior to proxy designs constantly updated by the SonicWall Advanced Services Partners that reassemble content using sockets Capture Labs threats research team. are trained to provide you bolted to anti-malware programs, Additionally, SonicOS, an advanced with world class professional which are plagued with inefficiencies purpose-built operating system, services. Learn more at and the overhead of socket memory provides integrated tools that allow thrashing, which leads to high latency, for custom application identification www.sonicwall.com/PES. low performance and file size limitations. and control. *U.S. Patents 7,310,815; 7,600,257; 7,738,380; 7,835,361 Series lineup The SonicWall SuperMassive 9000 Series features 4 x 10-GbE SFP+, up to 12 x 1-GbE SFP, 8 x 1-GbE copper and 1 GbE management interfaces, with an expansion port for an additional 2 x 10- GbE SFP+ interfaces (future release). The 9000 Series features hot-swappable fan modules and power supplies. SuperMassive 9000 Series LCD SD card for 2 x 80Gb 12 x 1-GbE 8 x 1-GbE LCD Dual 4 x 10-GbE 8 x 1-GbE 8 x 1-GbE controls future use SSD SFP ports ports controls USB ports SFP+ ports SFP ports ports LCD Console 1 GbE management LCD Console Dual USB 1 GbE management 4 x 10-GbE display port interface display port ports interface SFP+ ports Dual hot- Expansion bay Two hot-swappable, swappable fans for future use redundant power supplies Expansion bay Dual hot- Two hot-swappable, for future use swappable fans redundant power supplies CAPABILITY 9200 9400 9600 9800 Processing cores 24 32 32 64 Firewall throughput 15 Gbps 20 Gbps 20 Gbps 31.8 Gbps Application inspection throughput 5 Gbps 10 Gbps 11.5 Gbps 23 Gbps Intrusion prevention system (IPS) throughput 5 Gbps 10 Gbps 11.5 Gbps 21.3 Gbps Anti-malware inspection throughput 3.5 Gbps 4.5 Gbps 5 Gbps 11 Gbps Maximum DPI connections 1.5 M 1.5 M 2.0 M 8.0 M DEPLOYMENT MODES 9200 9400 9600 9800 L2 bridge mode Yes Yes Yes Yes Wire mode Yes Yes Yes Yes Gateway/NAT mode Yes Yes Yes Yes Tap mode Yes Yes Yes Yes Transparent mode Yes Yes Yes Yes 2 Reassembly-Free Deep Packet streams through extensive and repeated is then advanced to represent the Inspection engine normalization and decryption in order position of the stream relative to these to neutralize advanced obfuscation and databases until it encounters a state of RFDPI is a single-pass, low latency evasion techniques that seek to confuse attack, or other “match” event, at which inspection system that performs detection engines and sneak malicious point a preset action is taken. In most stream-based, bi-directional traffic code into the network. cases, the connection is terminated analysis at high speed without proxying and proper logging and notification or buffering to effectively uncover Once a packet undergoes the necessary events are created. However, the engine intrusion attempts, malware and identify pre-processing, including TLS/SSL can also be configured for inspection application traffic regardless of port and decryption, it is analyzed against a single only or, in the case of application protocol. This proprietary engine relies proprietary memory representation detection, to provide Layer 7 bandwidth on streaming traffic payload inspection of multiple signature databases: management services for the remainder in order to detect threats at Layers intrusion attacks, malware, botnet and of the application stream as soon as the 3-7. The RFDPI engine takes network applications. The connection state application is identified. Packet assembly-based process Reassembly-free Deep Packet Inspection (RFDPI) CPU n n=1024 Packet Proxy Scanning disassembly SSL CPU 4 SSL Traffic in Traffic out Traffic in Traffic out CPU 3 CPU 2 When proxy Inspection time becomes full or Inspection capacity Inspection time Inspection capacity content too large, CPU 1 Less More files bypass Min Max Less More Min Max scanning. Reassembly-free packet scanning eliminates proxy and content size limitations. Competitive proxy-based architecture SonicWall stream-based architecture Extensible architecture for extreme connections on any core in the system, scalability and performance providing ultimate scalability and the ability to deal with traffic spikes. This The RFDPI engine is purposely designed approach delivers extremely high new with a keen focus on providing security session establishment rates (new conn/ scanning at a high level of performance, sec) while deep packet inspection is to match both the inherently parallel enabled — a key metric that is often a and ever growing nature of network bottleneck for data center deployments. traffic. When combined with multi-core processor systems, this parallelism- centric software architecture scales up perfectly to address the demands of deep packet inspection (DPI) at high traffic loads. The SuperMassive platform relies on processors that, unlike x86, are optimized for packet, crypto and network processing while retaining flexibility and programmability in the field — a weak 12 x 1 GbE SFP SM interconnect point for ASICs systems. This flexibility is essential when new code and behavior updates are necessary to protect against new 4 x 10 GbE SFP+ attacks that require updated and more sophisticated detection techniques. Another aspect of the platform design multi-core is the unique ability to establish new 3 Capture Labs effect immediately without reboots The dedicated, in-house SonicWall or interruptions. The signatures on Capture Labs threats research the appliances protect against wide team researches and develops classes of attacks, covering up to tens countermeasures to deploy to customer of thousands of individual threats with a firewalls for up-to-date protection. The single signature. team gathers data on potential threat In addition to the countermeasures on data from several sources including our the appliance, SuperMassive firewalls award-winning network sandboxing also have access to the SonicWall Protection Collection service, Capture Advanced Threat CloudAV1, which extends the onboard Protection, as well as more than 1 million signature intelligence with tens of SonicWall sensors located around the millions of signatures, and growing LABS globe that