The SonicWALL
firewall is an appliance based solution
providing complete network security, management and connectivity.
The firewall provides security for the entire
private network. SonicWALL is a versatile product
suitable for large corporations with multiple networks as well as small and
medium offices. SonicWALL provides centralized, remote management of one or
all sites and is fully scalable to meet the needs of expanding organizations.
SonicWALL firewall provides the tools to effectively monitor and control
Internet access and insure that bandwidth resources are used for productive,
work-related activities. SonicWALL firewall's connectivity features provide
end-users with implementation alternatives that are within their scope of
expertise and cost parameters.
Maximum
throughput achieved with Stateful
Inspection
The firewall's superior performance is
the result of its
Stateful
Inspection Technology. This unique architecture applies stateful inspection at the
lowest layer of the protocol stack, allowing only packets permitted by the firewall
strategy to enter the network. By preventing packets from passing through numerous network
layers, throughput is dramatically increased, and the operating system remains completely
isolated.
DMZ Feature – Multiple
Security Zone Technology
The firewall
provides
security zone technology, allowing network administrators to install and manage multiple,
isolated security zones. DMZ feature applies
SonicWALL's top-level security and authentication
features to intranet and extranet architectures. Security zone isolation is implemented
through SonicWALL’s Stateful Inspection, examining each packet at the
lowest possible level, and allowing for the creation of demilitarized
zones (DMZ). This technology enables organizations to easily design, deploy, and
proactively update and monitor a multi-zoned security network through a single firewall
strategy.
Bandwidth Management
The nature of
TCP/IP relegates
bandwidth allocation to a "first come first
served" basis, creating the fluctuating and unpredictable service accepted as the
norm in Internet communications. All users are familiar with the rapid change in the
estimated download time while attempting to download a large file in competition with
other users. Without bandwidth management, there is virtually no way to prioritize users,
servers or services, or to guaranty allocation of bandwidth resources to networks or
servers. SonicWALL Bandwidth Management provides the solution. Differential
Quality of
Service (QoS)
may be the most important issue relating to the Internet today and may, as some believe,
determine the viability of the Net in the future.
User Authentication
SonicWALL's User authentication offers a great solution for users
connecting from the outside, via the Internet. For example, when managers, sales and
service people who are on the road connect to an internal host using an external Internet
provider, they do not have a previously known IP address. Opening up a secured internal
host to connections from any external IP address creates a serious security risk.
Therefore, by installing an authentication client on a remote user's notebook computer,
secured access can be provided without jeopardizing internal security.
Virtual Private Networking
Dramatically increase the security
level of intra-company traffic via the Internet, and in many cases replace
the use of expensive dedicated lines with one of the SonicWALL VPN
options:
Network Access Rules
SonicWALL network
access rules evaluate network traffic's Source IP
address, Destination IP address, and IP protocol type to decide if the IP
traffic is allowed to pass through the firewall. Custom rules take
precedence, and may override SonicWALL's default stateful packet inspection.
The ability to define Network Access Rules is a very powerful tool. Using
custom rules, it is possible to disable all firewall protection or block all
access to the Internet. Use extreme caution when creating or deleting
Network Access Rules. Network access rules will not disable protection from Denial of Service
attacks, such as SYN Flood, Ping of Death, LAND, etc. However, it is possible
to create vulnerabilities to attacks that exploit vulnerabilities in
applications, such as WinNuke.
Network Access Translation (NAT)
NAT provides unlimited local host addresses and
allows you to connect to the Internet without having to provide a new address to each and
every host. An encryption feature is also available, keeping actual addresses
confidential.
