The SonicWall Network Security services platform (NSsp) 12000 series takes a modern approach to threat detection and prevention by combining cloud intelligence with appliance-based protection in a scalable, high-speed platform. Designed for large distributed enterprises, data centers and service providers, NSsp series next-generation firewalls (NGFWs) leverage innovative deep learning security technologies in the Capture Cloud Platform to deliver proven protection from the most advanced threats without slowing performance.
Security for the enterprise
The volume and sophistication of today’s network attacks continues to grow. Identifying and stopping unknown, zeroday threats and intrusions requires an approach that extends on-box protection with security intelligence in the cloud. Without that cloud intelligence, enterprise gateway security solutions are unable to stay ahead of today’s complex threats.
The SonicWall NSsp series takes threat intelligence gathered by our dedicated Capture Labs threat research team and combines it with on-box security to deliver continuously-updated protection. SonicWall’s cloud-based Capture Advanced Threat Protection (ATP) service utilizes patent-pending Real-Time Deep Memory Inspection (RTDMI™) technology to proactively detect and block mass market, zeroday threats and unknown malware by inspecting directly in memory. Because of the real-time architecture, SonicWall RTDMI technology is precise, minimizes false positives, and identifies and mitigates sophisticated attacks where the malware’s weaponry is exposed for less than 100 nanoseconds. Augmenting the cloud-based security is SonicWall’s patented* single-pass ReassemblyFree Deep Packet Inspection (RFDPI®) engine which inspects both inbound and outbound network traffic on the firewall. By leveraging the SonicWall Capture Cloud Platform in addition to on-box capabilities including intrusion prevention, antimalware and web/URL filtering, the NSsp series is able to provide the automated, real-time breach prevention enterprise organizations need.
With the increase in the number of encrypted web connections, it’s essential that NGFWs are able to inspect encrypted traffic for hidden threats. SonicWall firewalls provide complete protection by performing full decryption and inspection over hundreds of thousands of TLS/SSL and SSH encrypted connections regardless of port or protocol. The firewall looks deep inside every packet for protocol anomalies, threats, zero-days, intrusions, and even defined criteria. The deep packet inspection engine detects and prevents hidden attacks that leverage cryptography, blocks encrypted malware downloads, ceases the spread of infections, and thwarts command and control (C&C) communications and data exfiltration. Inclusion and exclusion rules allow total control to customize which traffic is subjected to decryption and inspection based on specific organizational compliance and/or legal requirements.
As organizations grow, the need for scalable security takes on greater importance. SonicWall supports growing enterprise networks with a solution that eliminates concerns around the need for adding more processing power. The NSsp 12400 includes four processor modules that can be upgraded to eight, while the NSsp 12800 comes with eight processor modules out of the box.
Activating deep packet inspection functions such as IPS, antivirus, antispyware and TLS/SSL decryption/ inspection on the firewall often slows network performance down, sometimes dramatically. NSsp series NGFWs, however, feature high-speed 40-GbE interfaces and a multi-core hardware architecture that utilizes specialized security processors. Combined with our RTDMI and RFDPI engines, this unique design eliminates the performance degradation networks experience with other firewalls.
Network control and flexibility
At the core of the NSsp series is SonicOS, SonicWall’s feature-rich operating system. SonicOS provides organizations with the network control and flexibility they require through application intelligence and control, real-time visualization, an intrusion prevention system (IPS) featuring sophisticated anti-evasion technology, high-speed virtual private networking (VPN) and additional security features.
Using application intelligence and control, network administrators can identify and categorize productive applications from those that are unproductive or potentially dangerous, and control that traffic through powerful application-level policies on both a per-user and a pergroup basis (along with schedules and exception lists).
Business-critical applications can be prioritized and allocated more bandwidth while nonessential applications are bandwidth-limited. Real-time monitoring and visualization provides a graphical representation of applications, users and bandwidth usage for granular insight into traffic across the network.
For enterprise organizations looking for advanced flexibility in their network design, SonicOS offers the tools to segment the network into zones through the use of virtual LANs (VLANs). This enables network administrators to create a virtual LAN interface that allows for network separation into one or more logical groups.
Simplified management and reporting
Ongoing management, monitoring and reporting of network activity are handled through the SonicWall Global Management System (GMS), providing administrators with an intuitive single pane of glass dashboard for managing all aspects of the network in real time. Together, the simplified deployment and setup along with the ease of management enable organizations to lower their total cost of ownership and realize a high return on investment.
- Stateful packet inspection
- Reassembly-Free Deep Packet Inspection
- DDoS attack protection (UDP/ICMP/SYN flood)
- Biometric authentication for remote access
- DNS proxy
TLS/SSL/SSH decryption and inspection1
- Deep packet inspection for TLS/SSL/SSH
- Inclusion/exclusion of objects, groups or hostnames
- TLS/SSL control
- Granular DPI SSL controls per zone or rule
Capture advanced threat protection1
- Real-Time Deep Memory Inspection
- Cloud-based multi-engine analysis
- Virtualized sandboxing
- Hypervisor level analysis
- Full system emulation
- Broad file type examination
- Automated and manual submission
- Real-time threat intelligence updates
- Block until verdict
- Signature-based scanning
- Automatic signature updates
- Bi-directional inspection
- Granular IPS rule capability
- GeoIP enforcement
- Botnet filtering with dynamic list
- Regular expression matching
- Stream-based malware scanning
- Gateway anti-virus
- Gateway anti-spyware
- Bi-directional inspection
- No file size limitation
- Cloud malware database
- Application control
- Application bandwidth management
- Custom application signature creation
- Data leakage prevention
- Application reporting over NetFlow/IPFIX
- Comprehensive application signature database
Traffic visualization and analytics
- User activity
- Application/bandwidth/threat usage
Web content filtering1
- URL filtering
- Proxy avoidance
- Bandwidth manage CFS rating categories
- Unified policy model with app control
- Content Filtering Client
- Auto-provision VPN
- IPSec VPN for site-to-site connectivity
- SSL VPN and IPSec client remote access
- Redundant VPN gateway
- Mobile Connect for iOS, Mac OS X, Windows, Chrome, Android and Kindle Fire
- Route-based VPN (OSPF, RIP, BGP)
- Jumbo frames
- Enhanced logging
- VLAN trunking
- RSTP (Rapid Spanning Tree Protocol)
- Port mirroring
- Port security
- Layer-2 QoS
- Dynamic routing (RIP/OSPF/BGP)
- SonicWall wireless controller
- Policy-based routing
- DNS/DNS proxy
- DHCP server
- Bandwidth management
- Link aggregation (static and dynamic)
- Port redundancy
- A/P high availability with state sync
- A/A clustering
- Inbound/outbound load balancing
- L2 bridge, wire/virtual wire mode, tap mode
- Asymmetric routing
- Common Access Card (CAC) support
- RF spectrum analysis
- Rogue AP prevention
- MiFi extender
- Guest cyclic quota
- LHM guest portal
- Granular QoS control
- Bandwidth management
- SIP and H.323 transformations per access rule
- H.323 gatekeeper and SIP proxy support
Management and monitoring
- GMS, Web, UI, CLI, SNMPv2/v3
- Netflow/IPFix exporting
- BlueCoat Security Analytics Platform
- SonicWall access point management
1Requires added subscription
Superior threat prevention and performance
- Patent-pending real-time deep memory inspection technology
- Patent reassembly-free deep packet inspection technology
- Cloud-based and on-box threat prevention
- TLS/SSL decryption and inspection
- Industry-validated security effectiveness
- Multiple 40-GbE and 10-GbE interfaces
- Dedicated Capture Labs threat research team
Network control and flexibility
- Powerful SonicOS operating system
- Application intelligence and control
- Network segmentation and zoning
- Deployment at the network edge or data center core
Scalability and reliability
- Multiple configuration options
- Built-in storage module
- Redundant power supplies and fans
Capture Cloud Platform
SonicWall's Capture Cloud Platform delivers cloud-based threat prevention and network management plus reporting and analytics for organizations of any size. The platform consolidates threat intelligence gathered from multiple sources including our award-winning multi-engine network sandboxing service, Capture Advanced Threat Protection, as well as more than 1 million SonicWall sensors located around the globe.
If data coming into the network is found to contain previously-unseen malicious code, SonicWall’s dedicated, in-house Capture Labs threat research team develops signatures that are stored in the Capture Cloud Platform database and deployed to customer firewalls for up-to-date protection. New updates take effect immediately without reboots or interruptions. The signatures resident on the appliance protect against wide classes of attacks, covering tens of thousands of individual threats with a single signature.
In addition to the countermeasures on the appliance, NSsp firewalls also have continuous access to the Capture Cloud Platform database which extends the onboard signature intelligence with tens of millions of signatures.
Furthermore, the Capture Cloud Platform offers single pane of glass management and administrators can easily create both real-time and historical reports on network activity.
Advanced threat protection
At the center of SonicWall automated, real-time breach prevention is SonicWall Capture Advanced Threat Protection service, a cloud-based multi-engine sandbox that extends firewall threat protection to detect and prevent zeroday threats. Suspicious files are sent to the cloud where they are analyzed using deep learning algorithms with the option to hold them at the gateway until a verdict is determined. The multi-engine sandbox platform, which includes Real-Time Deep Memory Inspection, virtualized sandboxing, full system emulation and hypervisor level analysis technology, executes suspicious code and analyzes behavior. When a file is identified as malicious, it is blocked and a hash is immediately created within Capture ATP. Soon after, a signature is sent to firewalls to prevent follow-on attacks.
The service analyzes a broad range of operating systems and file types, including executable programs, DLL, PDFs, MS Office documents, archives, JAR and APK.
Reassembly-Free Deep Packet Inspection engine
The SonicWall Reassembly-Free Deep Packet Inspection (RFDPI) is a singlepass, low latency inspection system that performs stream-based, bi-directional traffic analysis at high speed without proxying or buffering to effectively uncover intrusion attempts and malware downloads while identifying application traffic regardless of port and protocol. This proprietary engine relies on streaming traffic payload inspection to detect threats at Layers 3-7, and takes network streams through extensive and repeated normalization and decryption in order to neutralize advanced evasion techniques that seek to confuse detection engines and sneak malicious code into the network.
Once a packet undergoes the necessary pre-processing, including TLS/SSL decryption, it is analyzed against a single, proprietary memory representation of three signature databases: intrusion attacks, malware and applications. The connection state is then advanced to represent the position of the stream relative to these databases until it encounters a state of attack, or other “match” event, at which point a pre-set action is taken.
In most cases, the connection is terminated and proper logging and notification events are created. However, the engine can also be configured for inspection only or, in case of application detection, to provide Layer 7 bandwidth management services for the remainder of the application stream as soon as the application is identified.
Global management and reporting
For highly regulated organizations wanting to achieve a fully coordinated security governance, compliance and risk management strategy, SonicWall provides administrators a unified, secure and extensible platform to manage SonicWall firewalls, wireless access points and WAN acceleration solutions through a correlated and auditable workstream process. Enterprises can easily consolidate the management of security appliances, reduce administrative and troubleshooting complexities, and govern all operational aspects of the security infrastructure, including centralized policy management and enforcement; real-time event monitoring; user activities; application identifications; flow analytics and forensics; compliance and audit reporting; and more. In addition, enterprises meet the firewall’s change management requirements through workflow automation which provides the agility and confidence to deploy the right firewall policies at the right time and in conformance with compliance regulations. SonicWall Global Management System (GMS), SonicWall's on-premises management and reporting solution, provides a coherent way to manage network security by business processes and service levels, dramatically simplifying lifecycle management of your overall security environments compared to managing on a device-by-device basis.
|Full DPI throughput
|Maximum DPI connections
||2 x 480 GB
||2 x 480 GB