Next-Generation Firewall Buyer's Guide: SonicWALL_2 - Page 2

E-Class appliances use reassembly free deep packet inspection to deliver speedy application intelligence and control.

 By Lisa Phifer
Page 2 of 2   |  Back to Page 1
Print Article

Administrators can use SonicWALL's Application Intelligence and Control service to define rules consisting of primitives: applications, users, groups, schedules, and actions. "Our actions include things like bandwidth management, so that you can block gaming except at lunchtime, when you allow but bandwidth-restrict certain groups and users, while still blocking other aspects of those applications," said Ayrapetov. "We provide administrators with tools; it's up to them to decide what's good for their own businesses."


Keeping up with threats

SonicWALL develops all of its own signatures for application fingerprinting, IPS, and AV. "We have a large research team and a GRID Network lab," explained Ayrapetov. "We learn a lot about IP reputation and get a lot of malware samples from our customers. We participate in industry consortiums and partner with other companies, but all R&D is in-house. We get our performance by coding very low to the metal."


However, this means that SonicWALL R&D must keep pace with a fast-growing wave of new applications. "We have over 3500 application signatures now; that covers the majority of applications found on networks today. But yes there will always be new applications we don't yet have. We rely on customer feedback and our security team to identify things like new Flash protocols or new BitTorrent protocols or clones of existing applications," said Ayrapetov.


According to Ayrapetov, SonicWALL's R&D team generates its own traffic samples to create new signatures. But SonicWALL also provides an "administrative window" into DPI, exposing information that customers can use to create their own signatures – hex strings that are pattern-matched against application streams. "This can also be used as a Data Leak Prevention (DLP) mechanism, checking for watermarks to block [sensitive documents]," he said.


Fitting SonicWALL into your network

Most E-Class NSA appliances are deployed as security gateways, replacing another firewall. However, customers that have invested another vendor's infrastructure may be reluctant to replace their firewall. To help these customers tap NGFW services, E-Class NSA appliances can be deployed as "bumps in the wire."


"We realize that SuperMassive or E-Class NSA deployment won't happen over the weekend. Customers want to see how our firewall is doing. We can start in bypass mode, acting like switch, to help customers gain confidence. We can then go into inspect mode, copying traffic to cores and security engines, listening to show what would have blocked. Once customers know what policies they want, they can go into protect mode by applying actions within policies," explained Ayrapetov.


SuperMassive can be scaled by adding cards to the chassis as performance needs grow, such as in a telco or large university network. E-Class NSA models vary in number of cores and throughput/connection capacity; they should be selected to meet anticipated traffic loads for each environment. However, all E-Class NSA models can be administered consistently, through SonicWALL's central management console.


Bottom Line

When the firewall industry moved towards IP/port-independent application inspection, SonicWALL leveraged its reassembly free deep packet inspection technology, quickly adding application control and threat intelligence to the mix – albeit using a la carte service modules that raise a deployment's overall sticker price.


Given its SMB roots, SonicWALL has worked hard to deliver NGFW visibility and control while keeping its firewalls relatively fast and easy to administer. "We think NGFW is about making the network more effective and increasing employee efficiency," said Ayrapetov. To learn more about SonicWALL's NGFW families, visit this link.


 Lisa Phifer owns Core Competence, a consulting firm focused on business use of emerging network and security technologies. With over 25 years in the network industry, Lisa has reviewed, deployed, and tested network security products for nearly a decade.

This article was originally published on Aug 11, 2011
Get the Latest Scoop with Networking Update Newsletter