SonicWALL’s firewall product line provides integrated firewall and IPSec VPN solutions in a single appliance. Antivirus and content filtering are also built into the SonicWALL firewalls.The core of the SonicWALL firewall is based on stateful inspection technology, which provides a connection-oriented security model by verifying the validity of every connection while still providing a high-performance architecture.The SonicWALL firewalls, like the NetScreens, are based on a custombuilt architecture consisting of ASIC technology with a main processor. SonicWALL uses two distinct hardware architectures.

In home office and small business appliances such as the TZ 170, SonicWALL utilizes a SonicWALL security processor to handle the workload.Throughout the higher-end appliances, such as the SonicWALL PRO 3060, SonicWALL utilizes an Intel or x86-based main processor, along with a Cavium Nitrox cryptographic accelerator.The combination of the cryptographic accelerator and the x86 architecture has proven to be an effective hardware design, as shown in the SonicWALL product line’s overall stability and high throughput in processing VPN and firewall traffic. The firewall platform also contains additional technologies to increase your network’s security.The products support deep inspection like the NetScreens; all of the appliances include the ability to create IPSec VPNs to secure traffic; and the integrated VPN technology has received the ICSA (www.icsalabs.com) Firewall Certifications.This means that the IPSec VPN technologies have good cross-compatibility and standards compliance. SonicWALL also offers three client VPN solutions to pair with the SonicWALL firewall.The SonicWALL VPN client provides the ability to create an IPSec connection to any SonicWALL firewall or any IPSec compliant device.The SonicWALL Global VPN Client is custom-engineered software designed to easily create tunnels with the SonicWALL firewall. It is designed for enhanced security as well as ease of management.The SonicWALL Global Security Client work similarly to the Global VPN client, adding a software firewall to its functionality. The SonicWALL firewall product line also leverages a subscription-based antivirus software.This allows you to scan traffic as it passes directly through the firewall, thus mitigating the risks of viruses spreading throughout your network. The SonicWALL firewall platform provides three management options:

- CLI Available only on certain SonicWALL models, and only by using a serial cable. Although SonicWALL has support for the CLI, it is not fullfeatured; you cannot set up access rules using the CLI.

- WebUI The WebUI is a streamlined Web-based application with a userfriendly interface that allows you to easily manage the SonicWALL appliance. This is the preferred method for configuring the SonicWALL appliance.

- SonicWALL Global Management System (GMS) A centralized enterprise- class solution that allows you to manage your entire SonicWALL firewall infrastructure.The GMS not only provides a central console to manage your firewalls, it also provides consolidated logging and reporting.This is a great option that allows you to see all of your network’s activity from a central location.

The SonicWALL Firewall Core Technologies

Sitting at the core of every SonicWALL appliance is SonicOS, which is the firmware developed by SonicWALL engineers that give the appliance its features and functionality. All SonicWALL appliances are built on and rely on SonicOS to do its job policing network traffic. There are two modern versions of SonicOS: SonicOS Standard and SonicOS Enhanced. Often you will see the enhanced version listed with a trailing “e” signifying “enhanced.”The differences between SonicOS Standard and SonicOS Enhanced include SonicOS Enhanced’s ability to provide ISP failover, wide area network (WAN) load balancing, and zone-based management.Tables 4.4 and 4.5 list detailed feature comparisons of SonicOS Standard and SonicOS Enhanced on two of the available SonicWALL models.

Zones

Originally, SonicWALL’s security model was going to allow administrators to create rules based on traffic flowing in one physical interface and out another.With the release of SonicOS 2.0 enhanced firmware came the introduction of security zones in the SonicWALL firmware. A security zone is a logical method of grouping one or more interfaces or subinterfaces and applying security rules to traffic as it passes between zones.To protect departments and more restricted resources from internal malicious intent, an administrator can enable zones, place different departments into different zones, and create rules to police the traffic between the zones. As discussed, zones are not unique to SonicWALL appliances; they are used industry-wide in the firewall and networking world.

Interface Modes

When you first power up a SonicWALL and begin to deploy it, the default configuration is for the SonicWALL to utilize NAT and act as a router. In this instance, devices inside the firewall are assigned private IP addresses that are not routable on the Internet. As traffic traverses the SonicWALL, the firewall creates a session and provides translation to ensure traffic is properly delivered. However, there may be instances where you need to assign public IP addresses to servers or systems, but still want to provide firewall filtering to the traffic.To do this, SonicWALL provides the ability to operate in transparent mode. When operating in transparent mode, the SonicWALL acts as a bridge between the WAN interface and one or more of the internal interfaces, assigning both interfaces the same address as is assigned to the WAN interface. Public addresses can then be assigned to devices behind the internal interface. When traffic is transmitted, no translation of addresses is performed.

Access Rules

An access rule is a statement that allows or denies traffic based on a defined set of specifications.The base specifications are the source IP address, destination IP address, source zone, destination zone, and service or port. SonicWALL appliances have a couple of default access rules built into the SonicOS. By default, there is a global access rule that denies traffic from passing through the SonicWALL from the public network to the private network.Therefore, if traffic is not implicitly allowed by another policy, it is denied.There is also a default access rule that allows traffic to pass from the private interface to the public interface. Each SonicWALL device has a limited number of policies, including a license restriction and a capacity restriction. As with NetScreen firewalls, you cannot create new policies once you reach the maximum number of policies per device.This is set to ensure that the performance numbers are specified in the specification sheets. It doesn’t make sense to allow a low-end TZ 150 appliance to run 40,000 policies, only to have the performance at 1Mbps.These restrictions are on each platform and are not modifiable. There are many different elements involved in configuring an advanced policy, including traffic shaping, user authentication, NAT, alarms, URL filtering, and scheduling.These elements provide a great deal of configuration options. Administering policies can be done from the WebUI or by using the SonicWALL GMS. Each method creates the same end result, but performing each task is slightly different.

VPN

SonicWALL firewalls also provide VPN functionality and support.They can terminate most VPN tunnels (e.g., site-to-site tunnels, dial-up VPNs, and so forth). SonicWALL firewalls support all of the standard elements you expect a VPN device to including:

- IKE

- AH

- ESP

- Tunnel mode

- Transport mode

- Aggressive mode

- Quick mode

- Main mode

- MD5

- SHA-1

- DES

- 3DES

- AES-128

- Perfect forward secrecy SonicWALL’s appliance VPN capabilities are interoperable with most other VPN appliances on the market.

Deep Inspection

Deep inspection allows you to inspect traffic at the application layer, relying on signatures to determine what content in a packet is malicious. SonicWALL incorporates this technology in its Intrusion Prevention System (ISP) or IPS.The SonicWALL IPS uses a database of signatures similar to those that antivirus software uses to scan files, except that it scans the packets as they traverse the firewall for possible matches to its signature database. When a match is detected, the SonicWALL can either log or reset the session and drop the packet; whichever is configured. SonicWall dynamically and automatically updates the signature database.