SonicWALL Firewall & Wireless Case Study

What can SonicWALL Do For You?

• • LiveDemo

SonicWALL Next Generation Firewalls offer a comprehensive suite of gateway security services that block malicious content, unauthorized websites & application control.

The web-based SonicOS Management Interface allows you to configure SonicWall Security Appliances (firewalls) running SonicOS 6.5 and above. For a complete list of appliances supported by SonicOS, see SonicOS 6.5 About SonicOS.

SonicOS provides an easy-to-use, graphical Management Interface for configuring your SonicWALL Security Appliance. For information about the dynamic Management Interface and its features, such as tooltips and dynamic tables, see SonicOS 6.5 About SonicOS.

Comprehensive Security Suite

SonicWALL can provide a comprehensive suite of Gateway & Endpoint Security services to protect your network from malicious content.

Client AV Enforcement

Client AV Enforcement is a distributed, gateway-enforced solution that ensures always-on, always-updated anti-virus software for every client on your network.

Client CF Enforcement

Client CF enforcement enables the automatic deployment of the content filtering client to end-points within firewall perimeter. The content filtering client protects the users from accessing harmful and objectionable web sites when the end-point is outside the firewall perimeter.

Geo-IP Filter

The Geo-IP Filter feature allows administrators to block connections to or from a geographic location based. The SonicWall appliance uses IP address to determine to the location of the connection.

Botnet Filter

The Botnet Filtering feature allows administrators to block connections to or from Botnet command and control servers.

Global & Local Security Monitoring

Each report includes a graph of threats blocked over time and a table of the top blocked threats. Reports, which are updated hourly, can be customized to display data for the last 12 hours, 14 days, 21 days, or 6 months. For easier viewing, the Threat Protection page can be transformed into a PDF file format with the click of a button.

The reports display threats detected or blocked by the SonicWALL Gateway Anti-Virus, Anti-Spyware, and Intrusion Prevention Service (IPS) security services. Four threat reports are displayed:

• • Viruses Blocked

  • Intrusions Prevented

  • Spyware Blocked

  • Multimedia (IM/P2P) Detected/Blocked

The threat reports provide the latest threat protection information to keep you informed about potential threats being blocked by SonicWALL appliances. If you subscribe to SonicWALL security services, you are automatically protected from the threats reported on the Threat Protection page. SonicWALL security services include ongoing new signature updates to protect against the latest virus and spyware attacks.

The Threat Protection page provides global and appliance-level threat protection statistics. At the appliance level, threat protection data from your SonicWALL appliance is displayed. At the global level, the threat reports are updated hourly from the SonicWALL backend server with aggregated threat protection data from globally-deployed SonicWALL appliances. Data provided by the SonicWALL backend server is cached locally for reliable delivery.

Gateway Anti-Virus

Gateway Anti-Virus integrates a high performance Real-Time Virus Scanning Engine and dynamically updated signature database to deliver continuous protection from malicious virus threats at the gateway.

Anti-Spyware

Anti-Spyware prevents malicious spyware from infecting networks by blocking spyware installation at the gateway & disrupts background communications from existing spyware programs that transmit confidential data.

Intrusion Prevention

Intrusion Prevention integrates a high-performance Deep Packet Inspection architecture and dynamically updated signature database to deliver complete network protection from application exploits, worms and malicious traffic. In addition, Intrusion Prevention provides access control for Instant Messenger (IM) and Peer-to-Peer (P2P) applications.

Multimedia Blocked

These are often Instant Messenger threats or Peer to Peer Threats being actively stopped by SonicWALL Firewall Security. 

Capture ATP service stops unknown, zero-day attacks such as ransomware at the gateway with automated remediation. This cloud-based multi-engine sandbox analyzes suspicious code to help discover and block newly developed malware from entering your network.

SonicWall Capture Advanced Threat Protection service is a cloud-based multi-engine sandbox designed to discover and stop unknown, zero-day attacks such as ransomware at the gateway with automated remediation.

• • Stop unknown threats at the Gateway

  • Analyze a broad range of file types

  • Block until verdict

  • Get real-time protection from unknown threats

Here you can see real time reporting of the Top 5 Applications by Consumption. If there is activity that needs to be blocked or restricted because of bandwidth abuse, here is a quick way to identify the source.

This is an auto-updated real time view of the Top 10 Riskiest Applications running in & out of the network. Easily identify if there are major bandwidth hogs consuming bandwidth so we can easily mitigate problems before they get bigger.

Content Filter

Internet Content Filtering equips the SonicWALL to monitor usage and control access to objectionable Web content according to established Acceptable Use Policies.

• • Violence / Hate / Racism - Block

  • Intimate Apparel / Swimsuit - Block

  • Nudism - Block

  • Pornography - Block

  • Weapons - Block

  • Adult / Mature Content - Block

  • Cult / Occult - Block

  • Drugs / Illegal Drugs - Block

  • Illegal Skills / Questionable Skills - Block

  • Sex Education - Block

  • Gambling - Block

  • Alcohol / Tobacco - Block

  • Chat / Instant Messaging - Allow

  • Arts / Entertainment - Allow

  • Business & Economy - Allow

  • Abortion / Advocacy Groups - Block

  • Education - Allow

  • Cultural Institutions - Allow

  • Online Banking - Allow

  • Online Brokerage &* Trading - Allow

  • Games - Block

  • Government - Allow

  • Military - Allow

  • Political / Advocacy Groups - Allow

  • Health - Allow

  • Information Technology / Computers - Allow

  • Hacking / Proxy / Avoidance Systems - Block

  • Search Engines & Portals - Allow

  • E-mail - Allow

  • Web Communications - Allow

  • Job Search - Allow

  • News & Media - Allow

  • Personals & Dating - Block

  • Usenet News Groups - Allow

  • Reference - Allow

  • Religion - Allow

  • Shopping - Allow

  • Internet Auctions - Allow

  • Real Estate - Allow

  • Society & Lifestyle - Allow

  • Restaurants & Dining - Allow

  • Sports & Recreations - Allow

  • Travel - Allow

  • Vehicles - Allow

  • Humor / Jokes - Allow

  • Multimedia - Allow

  • Freeware / Software Downloads - Block

  • Pay to Surf Sites - Block

  • Kid Friendly - Allow

  • Advertisement - Block

  • Web Hosting - Allow

  • Other - Allow

  • Internet Watch Foundations CAIC - Block

  • Social Networking - Allow

  • Malware - Block

  • Radicalization & Extremism - Block

  • Not Rated - Allow

In addition, SonicWALL Content Filter Service can optionally enforce Internet standards enforce search monitoring, including: 

• •  Enable HTTPS Content Filtering 

  •  Enable Smart Filtering for Embedded URI 

  •  Enable Safe Search Enforcement 

  •  Enable Threat API Enforcement

  •  Enable Google Force Safe Search

  •  Enable YouTube Restrict Mode

  •  Enable Bing Force Safe Search

The Rules > App Control page provides a way to configure global App Control policies using categories, applications, and signatures. You can quickly enable blocking or logging for a whole category of applications, and can easily locate and do the same for an individual application or individual signature. When enabled, the category, application, or signature is blocked or logged globally without the need to create a policy on the Rules > App Rules page. All application detection and prevention configuration is available on the Rules > App Control page. In this configuration, we are blocking by category:

• • Gaming - All gaming applications, such as Steam & Call of Duty are blocked.

  • Peer to Peer - Connected computers often used for illegal file sharing & often contain malicious content.

  • Proxy-Access - Often VPN connections are used to bypass a computer network security policy. By blocking access to these back doors, end users are not able to subvert the business security policy.

Summarized visualizations of threats blocked by the SonicWALL Firewall. Get a total count of Countries blocked (GEO-IP), Intrusions prevented & blocked files, viruses, botnets or spyware. 

The Ingress / Egress Bandwidth data flow chart provides a visual representation of incoming (Ingress) and outgoing (Egress) bandwidth traffic. The current percentage of total bandwidth used, and the minimum and maximum amount of traffic that has gone through each interface is available in the display.

On the Connectivity | Access Points > Floor Plan View page in MANAGE view, the in SonicOS user interface allows a more visual approach to managing large numbers of SonicWave and SonicPoint devices. You can also track physical location and real-time status.

The Floor Plan View feature is an add-on to the existing wireless access point management suite in SonicOS. It provides a real-time picture of the actual wireless radio environment and improves your ability to estimate the wireless coverage of new deployments. The FPMV also provides a single point console to check access point statistics, monitor access point real-time status, configure access points, remove access points and even show the access point RF coverage from the consolidated the context menu.

On the Connectivity | Access Points > Topology View page in MANAGE view, access points can be managed by the new Topology View feature. The Topology View shows the network topology from the SonicWall firewall to the wireless access point. The access point real-time status can be monitored, and the context menu also provides configuration options.

This feature shows the logical relationship among all WLAN zone devices, and provides a way to manage devices directly in the Topology View.

The Connectivity | Access Points > Topology View page displays a tree-like or mesh diagram showing connected devices known to the firewall and their relationships, similar to the figure below:

Two graphs are shown in the Access Point Snapshot section of the Connectivity | Access Point > Dashboard: Access Point Online/Offline and Client Association. In the right corner, you can specify the refresh interval for these charts. Select the number of minutes from the drop-down menu; the options range from 5 to 10 minutes.

Access Point Online/Offline

The Access Point Online/Offline graph shows a quick status of the access points in the infrastructure. The data is presented as a pie chart; online is green and offline is red. At the bottom of the chart, the number of access points and the status is also listed.

The Online status includes operational, disabled, rebooting, and in IDS scanning mode.

Offline status includes unresponsive and initializing states.

Client Association

The Client Association chart shows the number of clients associated with each access point in the configuration. The number of users is shown in bar chart form.

Real-Time Bandwidth

A graph showing the bandwidth being used of the selected access point is displayed in the Real-Time Bandwidth section of the Connectivity | Access Point > Dashboard.

NOTE: Only SonicPoint ACe/ACi/N2 and SonicWave devices support the Real-Time Bandwidth feature.

SonicOS shows a stacked chart of the real-time traffic on the selected access point(s). The Y value is the total traffic, both received and transmitted. By default, all access points are selected for the display.

To select the refresh interval, select the interval period from the drop-down menu by the chart title. Options are: 1 minute, 2 minutes, 5 minutes, 10 minutes, and 60 minutes.

To change the access point being displayed, go to the Access Point drop-down menu and select a different device. The chart updates with the data for that access point.

OS Type

The OS Type pie chart displays the percentages of connected Windows clients, Macintosh clients, Linux clients, iPhones, Android, and so on. If the client has not generated any HTTP traffic, it might show as Unknown.

Radio

In SonicOS 6.5.2 and higher, the Client Report also provides a Radio chart. The Radio chart shows the percentage of clients connected to the 2.4GHz radio and the 5GHz radio.

The Top Client chart shows the clients who are using the most bandwidth. By going to the TOP field and selecting a number from the drop-down menu, you can show the top 5, top 10, top 15 or top 20 consumers for bandwidth. The values for both transmitting and receiving data are shown for the top users.

Easily manage all aspects of the network from a single interface. Each port on the SonicWALL Firewall can be divided into zones that are separated from the other. By also dividing a connected managed switch, we can isolate systems into different networks. There are multiple options of external managed switches that can be connected to the SonicWALL management interface. In this example, the top image is the SonicWALL TZ350 Firewall divided into zones, including:

• • X0 - Local Area Network

  • X1 - Internet Connection

  • X2 - Wireless Networks - Virtual Access Points (VAP)

    • X2:V2 - Public VAP

    • X2:V3 - Private VAP

    • X2:V4 - TV VAP

    • X2:V5 - Tenant VAP

  • X3 - Security Cameras

  • X4 - Streaming Music

The Connected Switch is divided into Virtual Local Area Networks (VLANs) & linked directly from the SonicWALL Firewall & then on out to endpoints on the individual networks.

Dyn DNS enables Access Control as well as Internet Connectivity by using Fully Qualified Domain Names, even behind Dynamic IP address connections. Host Names are setup for:

• • Remote connectivity to network devices

  • Authentication of Remote access authorization

As a leading Dynamic DNS provider, Oracle allows you to choose a unique hostname (ex: MyHome.dyndns.org) and link it to any IP-compatible device (router, webcam, security camera, DVR, thermostat, computer, file storage, etc.). As the IP addresses used to access these devices change, Oracle takes care of updating it for you, ensuring you are always connected. 

A Virtual Private Network (VPN) provides a secure connection between two or more computers or protected networks over the public Internet. It provides authentication to ensure that the information is going to and from the correct parties. It also offers security to protect the data from viewing or tampering en route.

A VPN is created by establishing a secure tunnel through the Internet. This tunnel is a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryption. It is flexible in that you can change it at any time to add more nodes, change the nodes, or remove them altogether. VPN is less costly, because it uses the existing Internet infrastructure.

VPNs can support either remote access—connecting a user’s computer to a corporate network—or site to site, which is connecting two networks. A VPN can also be used to interconnect two similar networks over a dissimilar middle network: for example, two IPv6 networks connecting over an IPv4 network.

NetExtender is an SSL VPN client for Windows, Mac or Linux users that is downloaded transparently and that allows you to run any application securely on the company's  network. It uses Point-to-Point Protocol (PPP). NetExtender allows remote clients seamless access to resources on your local network. Users can access NetExtender two ways:

• Logging in to the Virtual Office web portal provided by the SonicWall security appliance and clicking on the NetExtender button.

• Launching the standalone NetExtender client.

The NetExtender standalone client is installed the first time you launch NetExtender. Thereafter, it can be accessed directly from the Start menu on Windows systems, from the Application folder or dock on MacOS systems, or by the path name or from the shortcut bar on Linux systems.

NetExtender provides remote users with full access to your protected internal network. The experience is virtually identical to that of using a traditional IPSec VPN client, but NetExtender does not require any manual client installation. Instead, the NetExtender Windows client is automatically installed on a remote user's PC by an ActiveX control when using the Internet Explorer browser, or with the XPCOM plugin when using Firefox.

On MacOS systems, supported browsers use Java controls to automatically install NetExtender from the Virtual Office portal. Linux systems can also install and use the NetExtender client.

After installation, NetExtender automatically launches and connects a virtual adapter for secure SSL-VPN point-to-point access to permitted hosts and subnets on the internal network.

Deep Packet Inspection over Secure Socket Layer DPI-SSL

Deep Packet Inspection of Secure Socket Layer (DPI-SSL) extends SonicWall’s Deep Packet Inspection technology to the inspection of encrypted HTTPS traffic and other SSL-based traffic. The SSL traffic is decrypted (intercepted) transparently, scanned for threats, and then re-encrypted and, if no threats or vulnerabilities are found, sent along to its destination.

DPI-SSL provides additional security, application control, and data-leakage prevention for analyzing encrypted HTTPS and other SSL-based traffic. DPI-SSL supports:

• • Transport Layer Security (TLS) Handshake Protocol 1.2 and earlier versions – Starting with SonicOS 6.2.5.1, the TLS 1.2 communication protocol is supported during SSL inspection/decryption between the firewall and the server in DPI-SSL deployments (previously, TLS 1.2 was only supported between client and firewall). SonicOS also supports TLS 1.2 in other areas as well.

  • SHA-256 – All re-signed server certificates are signed with the SHA-256 hash algorithm.

  • Perfect Forward Secrecy (PFS) – Perfect Forward Secrecy-based ciphers and other stronger ciphers are prioritized over weak ciphers in the advertised cipher suite. As a result, the client or server is not expected to negotiate a weak cipher unless the client or server does not support a strong cipher.

DPI-SSL also supports application-level Bandwidth Management over SSL tunnels. App Rules HTTP bandwidth management policies also applies to content that is accessed over HTTPS when DPI-SSL is enabled for App Rules.

Many businesses need security camera recorder systems & want to be able to view camera activity remotely or receive alerts on mobile devices about alerts & events. The SonicWALL Firewall is able to connect these security cameras to mobile / remote devices for secured remote access & administration.

By creating a separate Zone in the SonicWALL, we can isolate the security recorder network from Local Area Network Computers & other Zones. Firewall Access Control Policies can be created to allow or deny Internet access on a granular level.

The SonicWALL Next Generation Firewall NGFW is a powerful security appliance with comprehensive network features, including:

• • Reassembly-Free Deep Packet Inspection (RFDPI)

  • Hardened physical security appliance with application specific hardware

  • Bandwidth Management

  • End point enforced Security Services

  • Mobile device Security Service Enforcement

  • Schedules for different zones

  • Virtual Local Area Network (VLAN) capable

  • High Availability / Failover / Load Balancing

  • DNS Security

  • Network Object & Group Management

  • DHCP Server

  • Amazon Web Services Connectivity

  • WAN Acceleration

  • Cellular Service Backup Connectivity

  • VOIP Connectivity

  • Anti-Spam Monitoring

  • Local or Active Directory User Authentication