SonicWall Solutions for Application Firewall

Traditional firewalls focus on blocking threats. UTM firewalls enhance the completeness of threat blocking capabilities to include Anti-Virus, IP Security, and more. An Application Firewall extends that protection beyond threats to the management and control of data and applications which pass through the network security appliance. This extended capability provides bandwidth management and control, application level access controls, data leakage control functionality, restrictions on the transfer of specific files and documents, and much more. The Application Firewall is available as part of gateway anti-virus, anti-spyware and intrusion prevention on all SonicWall E-Class NSa, NSa and TZ 210 solutions.

The Application Firewall Sorting Out Good and Bad traffic

Much of the traffic that passes through a firewall each day is not threat-based, but instead is business related applications and data. But not all this business traffic is “good”. One estimate has 25%¹ of office internet traffic being non-business related. This includes online trading sites, instant messaging/chat services, peer-to-peer sharing sites and streaming video sites. These non-business activities consume bandwidth and can impact the ability of the organization to use the network for business purposes. Administrators are continually challenged trying to manage the reality of network usage with solutions that range from issuing written policies to purchasing expensive monitoring and notification products and services. The SonicWall Application Firewall is a cost effective way to implement application based, data management and protection policies. These policies are simple to set-up and can help organizations of any size gain control of the “good” applications and data passing into and out of their organization.

Can Your Firewall Do This?

• "From 8am to 5pm each week day I'd like to automatically limit the bandwidth YouTube gets on my network."
• "While at work, our employees shouldn't be able to use their personal web-mail accounts, like Yahoo or Gmail, to send attachments containing company proprietary data."
• "Our mission critical cloud-based applications must always have the network bandwidth necessary to keep the company running."
• "When the firewall blocks a file or an attachment, I'd like the user to be notified with a simple message that keeps them from calling me, that would be perfect."
• "The list of P2P applications that my firewall blocks should be automatically updated when new P2P apps appear—I really don't have the time."

Download the E-Book: 10 Cool things your firewall should do.
 

The Continuum From Threats to Non-Threats

Inbound and outbound network traffic often is not easy to classify as being just good or bad. For example, the opinion of P2P, Social Networking, VoIP, IM, and similar applications can range from very useful to completely despised within the same organization.

SonicWall’s Application Firewall allows custom access controls based upon user, application, schedule, or IP subnet level. Its comprehensive policy capabilities include restricting transfer of specific files and documents, blocking e-mail attachments using a user-configurable criteria, customized application control, bandwidth limiting for matched policies, and denying internal and external Web access based on various user-configurable options. Application Firewall allows an administrator the ability to create polices that address the full range of applications that are available for access and for the first time truly manage them.

The Building Blocks for the Application Firewall

The SonicWall Application Firewall manages and controls applications and data as they pass through the Firewall without sacrificing it primary duty to stop threats. To properly implement this capability properly, SonicWall significantly advanced technology on two fronts; throughput performance and scanning ability. The SonicWall NSa Series of UTM firewalls delivers breakthrough throughput performance through the use of multi-core processors, from 2 cores in the NSa 240 up to 16 cores in the NSa E7500. In addition, the scanning capability of these systems is powered by SonicWall’s patented Reassembly Free Deep Packet Inspection (RFDPI) engine which delivers industry leading performance in evaluating packets as they pass through the system. The final element in delivering true Application Firewall capability is SonicOS. This proprietary operating system was designed and written to optimize processing across multiple cores while expanding threat identification beyond traditional port and protocol methods to also include application classification and application inspection. These three advancements, multi-core utilization, RFDPI and SonicOS are the enabling technologies which make SonicWall NSa firewalls with the Application Firewall service the unparalleled leader in next generation UTM Firewalls.