Dell Sonicwall NSA系列产品资料

SSL VPN设置SonicWALL NSA产品具有SSL VPN拨号功能，可以用SSLVPN客户端（Nextender）和防火墙建立SSL VPN连接，通过SSL VPN隧道访问到公司或组织内部网络。

SSL VPN只在NSA设备的5.2.0以后的系统中可以使用，如果你的系统版本低，需要下载新的系统版本，安装后才可以使用。

SSL VPN在防火墙中也是使用license进行控制的，所以在使用SSL VPN配置之前，请检查一下系统是否带有SSL VPN的license。

WAN 接口的General界面，Management, User Login, 都在HTTPS方框打勾。

选择SSL VPN->Client Setting.在Interface下拉框中，使用X0（LAN口）作为SSL VPN服务口，同时在WAN安全区域允许SSL VPN接入，点WAN是红色的按钮变成绿色。

需要注意到是，Nextender的地址范围要和内网接口（本例是X0 LAN）的地址范围一致。

这个地址范围不要和其它机器冲突。

（你可以启用防火墙的另外一个没有使用的端口做SSL VPN 服务接口，那么你在Interface界面选择那个接口，IP 地址池范围就是那个接口网段的地址）NetExtender Client Settings是配置客户端的细致的设置。

Create Client Connection Profile:可以使NetExtender Client客户端软件自动保存成功连接的配置，下次连接，直接选择这个连接的参数，不用手工再次输入了。

点击SSL VPN->Client Routes菜单下，把需要访问的服务器网段地址或服务器地址添加进去。

Client Route界面把允许SSL VPN用户访问的主机地址和网段加入即可。

防火墙自动创建SSL VPN到各个安全区域的规则，本例是SSL VPN用户访问LAN Primary Subnet,就是LAN口的整个网段，自动生成的防火墙规则在Firewall->Access Rules, SSL VPN->LAN界面可以看到。

SonicWall SonicWave series wireless access points (APs) combinehigh-performance IEEE 802.11ac Wave 2 wireless technology with flexible deployment options. These APs can be managed via the cloud using SonicWall WiFi Cloud Manager (WCM) or through SonicWall’s industry-leading next-generation firewalls. The resultis a solution that could be untethered from the firewall to provide a superior experience for WiFi users that’s as secure as any wired connection.The SonicWave solution is based on: • SonicWall SonicWave series indoor andoutdoor APs which support the 802.11acWave 2 wireless standard• SonicWall WCM is an intuitive, cloud-managed WiFi network managementsystem suitable for networks of any size • SonicWall TZ, NS a, NS sp, NSA andSuperMassive firewalls, which use deeppacket inspection technology to detectand eliminate threats over wired andwireless networksEnhanced user experience SonicWave APs take advantage of the capabilities in 802.11ac Wave 2 and advanced RF capabilities to deliverhigh-speed wireless performance.MU-MIMO technology allows the APs to communicate to multiple client devicesat the same time, improving the overall network performance, efficiency and user experience. In combination, mesh technology supported on SonicWave APs enables ease of installation and fewer cables and less manpower todeploy, reducing installation costs.With multiple transmitting and receivingantennas, SonicWave APs are engineeredto optimize signal quality, range andreliability for wireless devices. SonicWaveAPs supports fast roaming, so that userscan roam from one location to anotherseamlessly. Feature-rich portfolioincludes air-time fairness, band steering,and signal analysis tools for monitoringand troubleshooting.Best-in-class wireless securitySonicWall firewalls scan all wirelesstraffic coming into and going outof the network using deep packetinspection technology and then removeharmful threats such as malware andintrusions, even over SSL/TLS encryptedconnections. Other security and controlcapabilities such as content filtering,application control and intelligence andCapture Advanced Threat Protection(ATP) provide added layers of protection.Capture ATP is our award-winning multi-engine sandboxing service that featuresSonicWall’s patent-pending Real-TimeDeep Memory Inspection (RTDMI)technology. The RTDMI engine of CaptureATP proactively detects and blocks massmarket, zero-day threats and unknownmalware by inspecting directly in memory.Because of the real-time architecture,SonicWall RTDMI technology is precise,minimizes false positives, and identifiesBenefits:• Enhanced user experience−802.11ac Wave 2−Auto channel selection−RF spectrum analysis−AirTime Fairness−Fast roaming• Best-in-class wireless security−Dedicated third scanning radio−Capture ATP and content filteringservice−Deep packet inspection technology−SSL/TLS decryption andinspection−Wireless intrusion detection andprevention• Intuitive cloud management−Alerts and rich analytics−Automatic firmware updates• Simplified firewall management−Auto-detection and provisioning−Wireless signal analysis tools−Single-pane-of-glass management• Zero-Touch Deployment powered bySonicWiFi app−Easy registration and onboarding−Auto-detection and auto-provisioning−App available on iOS and Android• Design with WiFi Planner−Advanced wireless site survey−Cloud-based tool• Ruggedized outdoor designSonicWave and SonicPoint Series Wireless Access PointsSecure, flexible, high-performance wireless solutionsSonicWave APs perform advancedsecurity services, including the Content Filtering Service (CFS) and Capture ATPsandbox service independently — even where firewalls are not deployed.Most SonicWave APs includes threeradios, where the third radio is dedicated to security and performs rogue APdetection, passive scanning and packet capturing. The SonicWave solution also integrates additional security-related features including wireless intrusion detection and prevention, virtual APsegmentation, wireless guest services, RF monitoring and wireless packet capture.Intuitive cloud managementSonicWall WCM provides an intuitive user interface to manage all SonicWave APs from a single pane of glass via SonicWall Capture Security Center (CSC). Easily monitor and manage networks with alerts and rich analytics updated in real-time. Always stay up-to-date with the current features and enhancements from the latest firmware. Updates are pushed automatically to APs, eliminating manual updates and chances of human error.Simplified firewall managementDeployment and setup of APs aregreatly simplified, reducing total cost of ownership. Optionally, SonicWave APs can be managed by SonicWall next-gen firewalls. Integrated into every SonicWallfirewall is a wireless controller that auto-detects and auto-provisions SonicWave APs across the network.Management and monitoring for wireless and security are handled centrallythrough the firewall or through SonicWall Global Management System, providing network administrators with a single pane of glass from which to manage all aspects of the network.Zero-Touch Deployment (ZTD) powered by SonicWiFi appEasily register and onboard SonicWave APs with the help of SonicWall SonicWiFi mobile app. The APs are automatically detected and provisioned with Zero-Touch Deployment. Available on iOS and Android, SonicWiFi mobile app lets network admins monitor and manage networks, or set up mesh.Design with WiFi PlannerSonicWall WiFi planner is a cloud-based, advanced wireless site survey tool that enables to optimally design and deploy a wireless network for enhanced wireless user experience.Ruggedized outdoor designSonicWave outdoor APs are built towithstand rough outdoor conditions with industrial-grade enclosure. These APs are IP67 rated, which ensures protection against dust and water immersion.LED indicatorsMounting tab lock pointMounting tab insert pointinsert point LAN/POE port12V AdaptorportReset button5GHz RadioSonicWave 224w – The Wall Mount APPortsLED indicatorsMounting tabinsert pointPass through punchLAN 4/PoE out12V adapterinsert pointMounting peg slotMounting peg slotMounting bracketlock pointGround5Ghz antenna connectorport2.4Ghz antenna connectorExternal high-gain antennasLED indicatorsPortsSonicWave 432i - The Indoor APInternal antennasLED indicatorsPortsWLANSonicWave 432o - The Outdoor APExternal 2.4 GHz and 5 GHzExternal 2.4 GHz and 5 GHzhigh-gain antennasOutLED indicators*When used with a SonicWall firewall**When used with SonicWall Secure Mobile Access Series applianceSonicPoint Series SpecificationsFor organizations with a substantial investment in 802.11ac clients, the SonicWall SonicPoint series features dual radios, high-speed 802.11ac performance, 3x3 SU-MIMO and all the security advantages that SonicWall Wireless Network Security solutions offer.SonicPoint Series PoE Injector SpecificationsOperating humidity Maximum 90%, Non-condensing Maximum 90%, non-condensing Storage temperature–4º to 158ºF (–20º to 70ºC)-4 to 158 °F, -20 to 70 °C Storage humidity Maximum 95%, Non-condensing Maximum 95%, non-condensingSonicWave Feature SummaryFeature DescriptionReassembly-Free Deep Packet Inspection technology SonicWall next-generation firewalls tightly integrate Reassembly-Free Deep Packet Inspection (RFDPI) technology to scan all inbound and outbound traffic on wired and wireless networks and eliminate intrusions, ransomware, spyware, viruses and other threats before they enter the network.Real-Time Deep Memory Inspection (RTDMI) This patent-pending cloud-based technology detects and blocks malware that does not exhibit any malicious behavior and hides its weaponry via encryption. By forcing malware to reveal its weaponry into memory, the RTDMI engine proactively detects and blocks mass-market, zero-day threats and unknown malware.SSL/TLS decryption and inspection The SonicWall firewall decrypts and inspects SSL/TLS traffic on the fly, without proxying, for malware, intrusions and data leakage, and applies application, URL and content control policies in order to protect against threats hidden in SSL/TLS-encrypted traffic.Dedicated third scanning radio Most SonicWave access points include a dedicated that performs continual scanning of the wirelessspectrum for rogue access points plus additional security functions that help with PCI compliance.Wireless intrusion detection and prevention Wireless intrusion detection and prevention scans the wireless network for unauthorized (rogue) access points and then the managing firewall automatically takes countermeasures, such as preventing any connections to the device.Wireless guest services Wireless guest services enables administrators to provide internet-only access for guest users. This access is separate from internal access and requires guest users to securely authenticate to a virtual access point before access is granted.Lightweight hotspot messaging Lightweight hotspot messaging extends the SonicWall wireless guest services model of differentiated internet access for guest users, enabling extensive customization of the authentication interface and the use of any kind of authentication scheme.Captive portal Captive portal forces a user’s device to view a page and provide authentication through a web browserbefore internet access is granted.Virtual access point segmentation Administrators can create up to eight SSIDs on the same access point, each with its own dedicated authentication and privacy settings. This provides logical segmentation of secure wireless network traffic and secure customer access.Low TCO Features such as simplified deployment, single pane of glass management for both wireless and security, and no need to purchase a separate wireless controller drastically reduce an organization’s cost to add wireless into a new or existing network infrastructure.MiFi extender MiFi Extender enables the attachment of a 3G/4G/LTE modem to the SonicWave access point for useas either the primary WAN or as a secondary failover WAN link for business continuity.Bluetooth Low Energy SonicWave access points include a Bluetooth Low Energy radio that enables the use of ISM (industrial, scientific and medical) applications for healthcare, fitness, retail beacons, security and home entertainment over a low energy link.USB port Access points with USB port supports 3G/4G failover. Plug in a dongle to the port and networkcontinues to function over cellular connection, in case of WiFi network outage.Green access points SonicWave access points reduce costs by supporting green access points, which enables both radios to enter sleep mode for power saving when no clients are actively connected. The access point will exit sleep mode once a client attempts to associate with it.For a complete list of SKUs please contact your local SonicWall resellerFor a complete list of SKUs please contact your local SonicWall resellerSonicWall Wireless PromoThe SonicWall wireless promo provides next-gen security solutions to protect against advanced threats across wired and wireless networks, making the transformation seamless for businesses and enterprises. Leverage powerful end-to-end security, visibility and control. Ultimately, benefit from superior performance and provide exceptional user experience.Wireless promo ordering informationDescriptionUS SKUINTL SKUSonicWall TZ500 TotalSecure Advanced, Secure Wireless (2 SonicPoint ACe Access Points with PoE) - 3 Year 02-SSC-101002-SSC-1059SonicWall TZ600 TotalSecure Advanced, Secure Wireless (2 SonicPoint ACe Access Points with PoE) - 3 Year 02-SSC-104602-SSC-1060SonicWall NSA 2600 TotalSecure Advanced, Secure Wireless (2 SonicPoint ACe Access Points with PoE) - 3 Year 02-SSC-104702-SSC-1061SonicWall NSA 3600 TotalSecure Advanced, Secure Wireless (2 SonicPoint ACe Access Points with PoE) - 3 Year 02-SSC-104802-SSC-1062SonicWall TZ300 TotalSecure Advanced, Secure Wireless (2 SonicPoint N2 Access Points with PoE) - 3 Year 02-SSC-107402-SSC-1077SonicWall TZ400 TotalSecure Advanced, Secure Wireless (2 SonicPoint N2 Access Points with PoE) - 3 Year 02-SSC-107502-SSC-1078SonicWall TZ500 TotalSecure Advanced, Secure Wireless (2 SonicPoint N2 Access Points with PoE) - 3 Year 02-SSC-107602-SSC-1079SonicWall NSA 2600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432e Access Ponts, No PoE) - 3 Year 02-SSC-105002-SSC-1063SonicWall NSA 3600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432e Access Ponts, No PoE) - 3 Year 02-SSC-105102-SSC-1064SonicWall NSA 4600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432e Access Ponts, No PoE) - 3 Year 02-SSC-105202-SSC-1065SonicWall NSA 2600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432i Access Ponts, No PoE) - 3 Year 02-SSC-105302-SSC-1066SonicWall NSA 3600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432i Access Ponts, No PoE) - 3 Year 02-SSC-105402-SSC-1067SonicWall NSA 4600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432i Access Ponts, No PoE) - 3 Year 02-SSC-105502-SSC-1068SonicWall NSA 2600TotalSecure Advanced, Secure Wireless (2 SonicWave 432o Access Ponts, No PoE) - 3 Year 02-SSC-105602-SSC-1069SonicWall NSA 3600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432o Access Ponts, No PoE) - 3 Year 02-SSC-105702-SSC-1070SonicWall NSA 4600 TotalSecure Advanced, Secure Wireless (2 SonicWave 432o Access Ponts, No PoE) - 3 Year 02-SSC-105802-SSC-1071SonicWall TZ300 PoE TotalSecure Advanced, Secure Wireless (2 SonicPoint N2 Access Points) - 3 Year 02-SSC-136102-SSC-1369SonicWall TZ300 PoE TotalSecure Advanced, Secure Wireless (2 SonicPoint ACe Access Points) - 3 Year 02-SSC-136202-SSC-1370SonicWall TZ600 PoE TotalSecure Advanced, Secure Wireless (2 SonicPoint ACe Access Points) - 3 Year 02-SSC-136302-SSC-1371SonicWall TZ300 PoE TotalSecure Advanced, Secure Wireless (1 SonicWave 432i Access Point) - 3 Year 02-SSC-136402-SSC-1372SonicWall TZ600 PoE TotalSecure Advanced, Secure Wireless (2 SonicWave 432i Access Points) - 3 Year 02-SSC-136502-SSC-1373SonicWall TZ300 PoE TotalSecure Advanced, Secure Wireless (1 SonicWave 432e Access Point) - 3 Year 02-SSC-136602-SSC-1374SonicWall TZ600 PoE TotalSecure Advanced, Secure Wireless (2 SonicWave 432e Access Points) - 3 Year 02-SSC-136702-SSC-1375SonicWall TZ600 PoE TotalSecure Advanced, Secure Wireless (2 SonicWave 432o Access Points) - 3 Year02-SSC-136802-SSC-1376About SonicWallSonicWall has been fighting the cybercriminal industry for over 27 years defending small and medium businesses, enterprises and government agencies worldwide. Backed by research from SonicWall Capture Labs, our award- winning, real-time breach detection and prevention solutions secure more than a million networks, and their emails, applications and data, in over 215 countries and territories. These organizations run more effectively and fear less about security. For more information, visit or follow us on Twitter , LinkedIn , Facebook and Instagram.。

SonicWall UTM一体化网络安全解决方案前言随着计算机技术的发展，互联网已经成为最大的公共数据网络，在全球范围内实现并促进了个人通信和商业通信。

互联网和企业网络上传输的数据流量每天都以指数级的速度迅速增长。

越来越多的通信都通过电子邮件进行；移动员工、远程办公人员和分支机构都利用互联网来从远程连接他们的企业网络。

但是这个庞大的网络及其相关的技术为不断增长的安全威胁提供了可乘之机，因而企业必须学会保护自己免受这些威胁的危害。

在捍卫网络安全的过程中，防火墙受到人们越来越多的青睐。

作为一种提供信息安全服务、实现网络和信息安全的基础设施，防火墙采用将内部网和公众网如Internet分开的方法，可以作为不同网络或网络安全域之间信息的出入口，根据企业的安全策略控制出入网络的信息流。

再加上防火墙本身具有较强的抗攻击能力，能有效地监控内部网和Internet之间的任何活动，从而为内部网络的安全提供了有力的保证。

1.1 XX公司网络现状分析：随着技术的发展，各种入侵和攻击从针对TCP/IP协议本身弱点的攻击转向针对特定系统和应用漏洞的攻击，如针对Windows系统和Oracle/SQL Server等数据库的攻击，这些攻击和入侵手段封装在TCP/IP协议的净荷部分。

传统的UTM设备如第一代的包过滤UTM，第二代的应用代理UTM到第三代的全状态检测UTM对此类攻击无能为力，因为它们只查TCP/IP协议包头部分而不检查数据包的内容。

此外基于网络传播的病毒及间谍软件也给互联网用户造成巨大的损失。

同时层出不穷的即时消息和对等应用如MSN，QQ，BT等也带来很多安全威胁并降低员工的工作效率。

如今的安全威胁已经发展成一个混合型的安全威胁，传统的防火墙设备已经不能满足客户的安全需求。

1.2 XX公司网络简述：XX公司现有的网络属于紧缩核心层结构，通过核心交换机进行快速转发，与接入层交换机实现全网畅通，通过一台路由器与外网互连。

The Dell SonicWALL Secure Remote Access (SRA) Series provides mobile and remote workers using smartphones, tablets or laptops — whether managed or unmanaged BYOD — with fast, easy, policy-enforced access to mission-critical applications, data and resources, without compromising security.For mobile devices, the solution includes the intuitive Dell SonicWALL Mobile Connect app that provides iOS, Android, Kindle Fire, Windows, and Mac OS X devices secure access to allowed network resources, including shared folders, client-server applications, intranet sites and email.Users and IT administrators can download the Mobile Connect appvia the Apple App Store, Google Play and the Kindle store and Windows 8.1 smartphones, tablets and laptops ship pre-installed with the MobileConnect app. The solution also supports clientless, secure browser access, including support for industry standard HTML 5 browsers and thin-client VPN access for PCs and laptops, including Windows, Mac OS X and Linux computers.To protect from rogue access and malware, the SRA Series appliance connects only authorized users and trusted devices to permitted resources. When integrated with a Dell SonicWALL next-generation firewall as a Clean VPN, the combined solution delivers centralized access control, malware protection, application control and content filtering. The multi-layered protection of Clean VPN decryptsand decontaminates all authorized SSL VPN traffic before it enters the network environment.Why you need SRAThe proliferation of mobile devicesin the workplace has increasedthe demand for secure access to mission-critical applications, data and resources. Granting that access offers important productivity benefits to the organization, but introduces significant risks as well.For example, an unauthorized person might access company resources usinga lost or stolen device; an employee’s mobile device might act as a conduitto infect the network with malware; or corporate data might be intercepted over third-party wireless networks. Also, loss of business data stored on devices can occur if rogue personal apps or unauthorized users gain access to that data.Securing these devices is becoming increasingly difficult, as organizations may no longer influence device selection or control device management. Organizations must implement solutions that safeguard access to ensure only authorized users and devices that meet security policy are granted network access, and that company data in-flight and at rest on the device are secure. Unfortunately, this often involves complex multi-box solutions from multiple vendors and adds significantly to the total cost of ownership behind providing mobile access. Organizations are lookingfor easy-to-use, cost-effective and secure mobile access solutions that address the needs of their increasingly mobile workforces.Secure RemoteAccess SeriesEnable mobile and remote worker productivity whileprotecting from threatsBenefits:• Single access gateway to all networkresources, via mobile app, clientlessor web-delivered clients, works tolower IT overhead and TCO• Common user experience across alloperating systems facilitates ease ofuse from any endpoint• Mobile Connect app for iOS,Android, Windows 8.1 and Mac OS Xoffers mobile device ease of use• Context aware authenticationensures only authorized usersand trusted mobile devices aregranted access• One-click secure intranet file browseand on-device data protection• Adaptive addressing and routingdeploys appropriate access methodsand security levels• Setup wizard makes deployment easy• Efficient object-based policymanagement of all users, groups,resources and devices• Web Application Firewall enablesPCI complianceFeaturesSingle access gateway for mobile app, clientless or web-delivered clients — SRA lowers IT costs by enabling network managers to easily deploy and manage a single secure access gateway that extends remote access via SSL VPN for both internal and external users to all network resources — including web-based, client/server, host-based (suchas virtual desktop) and back-connect applications (such as VoIP). SRAs are either clientless with browser access to the customizable SRA Workplace portal or use mobile apps or lightweight web-delivered clients, reducing management overhead and support calls.Common user experience across all operating systems — SRA technology provides transparent access tonetwork resources from any network environment or device. An SRA provides a single gateway for smartphone, tablet, laptop and desktop access anda common user experience across all operating systems — including Windows, Mac OS X, iOS, Android, Kindle and Linux — from managed or unmanaged devices. Mobile Connect app — Mobile Connect app for iOS, Mac OS X, Android, Kindle and Windows 8.1 mobile devices provides users with easy, network-level access to corporate and academic resources over encrypted SSL VPN connections. Mobile Connect is easily downloadable from the Apple App Store, Google Play or Kindle store and embedded with Windows 8.1 devices.Context awareness — Access to the corporate network is granted only after the user has been authenticated and mobile device integrity has been verified.Protects data at rest on mobile devices — Authenticated users can securely browse and view allowed intranet file shares and files from within the Mobile Connect app. Administrators can establish and enforce mobile application management policy. Adaptive addressing and routing — Adaptive addressing and routing dynamically adapts to networks, eliminating conflicts common with other solutions.Setup wizard — All SRAs are easy toset up and deploy in just minutes. The set-up wizard provides an easy, intuitive “out-of-the-box” experience with rapid installation and deployment.Unified policy — SRA unified policy offers easy, object-based policy management of all users, groups, resources and devices whileenforcing granular control basedon both user authentication and endpoint interrogation.Dell SonicWALL SRA Series – anytime, anywhere accessSimple, secure mobile access to resourcesThe SRA Series can be used to provide Windows, Mac OS X, iOS, Linux, Android and Kindle users with access to a broad range of resources.Granular access to authorized users The SRA Series extends secure mobile and remote access beyond managed employees to unmanaged mobile and remote employees, partners and customers by employing policy-enforced fine-grained access controls.Employee on corporate laptop in hotelEmployee on home computer Employee onsmartphone/tablet Employee at kiosk Authorized partner Authorized customerContext-aware authenticationBest-in-class, context-aware authentication grants access only to trusted devices and authorized users. Mobile devices are interrogated for essential security information suchas jailbreak or root status, device ID, certificate status and OS versions prior to granting access. Laptops and PCsare also interrogated for the presenceor absence of security software, client certificates, and device ID. Devices that do not meet policy requirements are not allowed network access and the user is notified of non-compliance.Protection of data at rest onmobile devicesAuthenticated Mobile Connect userscan securely browse and view allowed intranet file shares and files from within the Mobile Connect app. Administrators can establish and enforce mobile application management policy for the Mobile Connect app to control whether files viewed can be opened in other apps (iOS 7 and newer), copied to the clipboard, printed or cached securely within the Mobile Connect app. For iOS 7 and newer, this allows administrators to isolate business data from personal data stored on the device and reduces the risk of data loss. In addition, if the user’s credentials are revoked, content stored in the Mobile Connect app is locked and can no longer be accessed or viewed.Clean VPNWhen deployed with a Dell SonicWALL next-generation firewall, Mobile Connect establishes a Clean VPN, an extra layer of protection that decrypts and scans all SSL VPN traffic for malware before it enters the network.Web Application Firewall andPCI complianceThe Dell SonicWALL Web Application Firewall Service offers businesses a complete, affordable, well integrated compliance solution for web-based applications that is easy to manage and deploy. It supports OWASP Top Tenand PCI DSS compliance, providing protection against injection and cross-site scripting attacks (XSS), credit card and Social Security number theft, cookie tampering and cross-site request forgery (CSRF). Dynamic signature updatesand custom rules protect againstknown and unknown vulnerabilities. Web Application Firewall can detect sophisticated web-based attacks and protect web applications (includingSSL VPN portals), deny access upon detecting web application malware,and redirect users to an explanatory error page. It provides an easy-to-deploy offering with advanced statistics and reporting options for meeting compliance mandates.Incoming traffic is seamlesslyforwarded by the Dell SonicWALL NSA or TZ Series firewall to the Dell SonicWALL SRA appliance, which decrypts and authenticates network traffic.Users are authenticated using theonboard database or through third-party authentication methods such as LDAP,Active Directory, Radius, Dell Defender and other two-factor authentication solutions.A personalized web portal provides access to only those resources that the user is authorized to view based on company policies.To create a Clean VPN environment, traffic is passed through to the NSA or TZ Series firewall (running gateway anti-virus, anti-spyware, intrusion prevention, and application intelligence and control), where it is fully inspected for viruses, worms, Trojans, spyware and other sophisticated threats.2134Simple to manageSRA Series solutions feature unified policy and an intuitive web-based management interface that offers context-sensitive help to enhanceusability. In addition, multiple products can be centrally managed using the Dell SonicWALL Global Management System (GMS 4.0+). Resource access via the products can be effortlessly monitored using the Dell SonicWALL Analyzer reporting tool.Specifications1The recommended number of users supported is based on factors such as access mechanisms, applications accessed and application traffic being sent. 2Available in conjunction with Secure Virtual Assist for SRA 4600 and SRA Virtual Appliances only.3Refer to the latest SRA release notes and admin guide for supported configurations.4Botnet filtering and Geolocation-based policies require an active support contract to be in place on the hardware or virtual appliance.© 2015 Dell, Inc. ALL RIGHTS RESERVED. Dell, Dell Software, the Dell Software logo and products—as identified in this document—are registered trademarks of Dell, Inc. in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their respective owners.Dell Software5 Polaris Way, Aliso Viejo, CA 92656 | If you are located outside North America, you can find local office information on our Web site.DataSheet-SonicWALL-SRASeries-US-VG-25825SRA 1600, 5 user ...................................01-SCC-6594SRA 1600 additional users (50 user maximum)Add 5 Concurrent users ..........................01-SSC-7138Add 10 Concurrent users ........................01-SSC-7139SRA 1600 supportDell SonicWALL Dynamic Support24x7 for up to 25 Users (1-year) ............01-SSC-7141Dell SonicWALL Dynamic Support8x5 for up to 25 Users (1-year) ..............01-SSC-7144Dell SonicWALL SRA for SMB SeriesSRA 4600, 25 user .................................01-SSC-6596SRA 4600 additional users (500 user maximum)Add 10 Concurrent Users ........................01-SSC-7118Add 25 Concurrent Users ........................01-SSC-7119Add 100 Concurrent Users......................01-SSC-7120SRA 4600 SupportDell SonicWALL Dynamic Support24x7 for up to 100 Users (1-year) ..........01-SSC-7123Dell SonicWALL Dynamic Support8x5 for up to 100 users (1-year).............01-SSC-7126Dell SonicWALL Dynamic Support24x7 for 101 to 500 users (1-year) .........01-SSC-7129Dell SonicWALL Dynamic Support8x5 for 101 to 500 users (1-year)...........01-SSC-7132Dell SonicWALL SRA Virtual Appliance,5 User .........................................................01-SSC-8469SRA virtual appliance additional users (50 user maximum)Add 5 concurrent users ..........................01-SSC-9182Add 10 concurrent users ........................01-SSC-9183Add 25 concurrent users ........................01-SSC-9184SRA Virtual Appliance supportDell SonicWALL Dynamic Support8x5 for up to 25 users (1-year) ..............01-SSC-9188Dell SonicWALL Dynamic Support24x7 for up to 25 users (1-year) .............01-SSC-9191Dell SonicWALL Dynamic Support8x5 for up to 50 users (1-year)..............01-SSC-9194Dell SonicWALL Dynamic Support24x7 for up to 50 users (1-year) .............01-SSC-9197For more information on Dell SonicWALL Secure Remote Access solutions, visit .For more information Dell SonicWALL5455 Great America Parkway Santa Clara, CA T +1 408.745.9600F +1 408.745.9300。

SONICWALL GLOBAL MANAGEMENT SYSTEM Comprehensive security management, monitoring, reporting and analyticsA winning security management strategy demands deep understanding of the security environment to promote better policy coordination and decisions. Not having an enterprise-wide view of the full security construct often leaves organizations at risk to preventable cyber-attacks and compliance violations. Using numerous tools running on different platforms and reporting data in different formats make security analytics and reporting operationally inefficient. This further impairs the organization’s ability to quickly recognize and respond to security risks. Organizations must establish a systematic approach to governing the network security environment to overcomethese challenges.SonicWall Global Management System (GMS) solves these challenges. GMS integrates management and monitoring, analytics, forensics andaudit reporting. This forms thefoundation of a security governance,compliance and risk managementstrategy. The feature-rich GMS platformgives distributed enterprises, serviceproviders and other organizations afluid, holistic approach to unifying alloperational aspects of their securityenvironment. With GMS, security teamscan easily manage SonicWall firewall,wireless access point, email security andsecure mobile access solutions, as wellas third-party network switch solutions.This is all done via a controlled andauditable work-stream process to keepnetworks sharp, safe and compliant.GMS includes centralized policymanagement and enforcement, real-time event monitoring, granular dataanalytics and reporting, audit trails,and more, under a unifiedmanagement platform.Benefits:• Establishes a unified securitygovernance, compliance and riskmanagement security program• Adopts a coherent and auditableapproach to security orchestration,forensics, analytics and reporting• Reduces risk and provide a fastresponse to security events• Provides an enterprise-wide view ofthe security ecosystem• Automates workflows and assuressecurity operation compliance• Reports on HIPAA, SOX, and PCI forinternal and external auditors• Deploys fast and easy with software,virtual appliance or cloud deploymentoptions — all at a low cost.GOVERNS CENTRALLY• Establish an easy path to comprehensive security management, analytic reporting and compliance to unify your network security defense program• Automate and correlate workflowsto form a fully coordinated security governance, compliance and risk management strategy COMPLIANCE• Helps make regulatory bodies andauditors happy with automatic PCI,HIPAA and SOX security reports• Customize any combination of securityauditable data to help you move towardsspecific compliance regulationsRISK MANAGEMENT• Helps make regulatory bodies andauditors happy with automatic PCI,HIPAA and SOX security reports• Customize any combination of securityauditable data to help you move towardsspecific compliance regulationsGMS provides a holistic approach to security governance, compliance and risk managementGMS satisfies the enterprise’s change management requirements through a workflow automation processes and procedures. The workflow feature assures the correctness and the compliance of policy changes by enforcing a rigorous process for configuring, comparing, validating,reviewing and approving policies prior to deployment. The approval groups are flexible, enabling adherence to company security policy while mitigating risk, reducing errors, improving efficiency, and ensuring high security effectiveness.With GMS’s workflow automation and auditing of policy changes, enterprises gain agility and confidence in deploying the right firewall policies, at the right time, and in conformance to compliance regulations.GMS Workflow Automation: Five steps to error-free policy management1. CONFIGURE AND COMPARE GMS configures policy change orders and color-codes diffs for clear comparisons2. VALIDATE GMS performs an integrityvalidation of the policy’s logic3. REVIEW & APPROVE GMS emailsreviewers and logs a (dis)approval audit trail of the policy4. DEPLOY GMS deploys the policy changes immediately or on a schedule5. AUDIT The change logs enable accurate policy auditing and precise compliancedataScalable distributed architectureAt the core of GMS is a distributed architecture that facilitates limitless system scalability. A single instance of GMS can add visibility and control over thousands of your network security devices under its management, regardless of location. At the user-experience level, the GMS universal dashboard utilizes cutting-edge user interface design and usability concepts that work together to provide consistent operator workflows across the security ecosystem.GMS is an on-premises solution, deployable as a software or a virtual appliance. Alternatively, SonicWall Cloud Global Management System (Cloud GMS) is cloud-delivered security management and reporting platform that accelerates and simplify security management operations while increasingservice agility – all at a low subscription cost.Port Expansion ScalabilityWall GMS Secure Compliance EnforcementVPNEnterprise ClientsMSSP’s managed firewalls MSSP’s co-managed firewallsCloud-based SonicWall Global Management System EnvironmentsContext-sensitive dashboards display a variety of informational widgets, such as geographical maps, syslog reports, bandwidth summaries, top websites accessed, or the data that is most relevant to specific users.Intuitive graphical reports simplify managed appliance monitoring. Easily identify traffic anomalies based on usage data for a specific timeline, initiator, responder or service. Export reports to a Microsoft Excel spreadsheet, portable document format (PDF) file or directly to a printer.Minimum system requirementsBelow are the minimum requirements for SonicWall GMS with respect to the operating systems, databases, drivers, hardware and SonicWall-supported appliances:Operating systemWindows Server 2016Windows Server 2012 Standard 64-bitWindows Server 2012 R2 Standard 64-bit (English and Japaneselanguage versions)Windows Server 2012 R2 DatacenterHardware requirementsUse the GMS Capacity Calculator to determine the hardware requirements for your deployment.Virtual appliance requirementsHypervisor: ESXi 6.5, 6.0 or 5.5Use the GMS Capacity Calculator to determine the hardware requirements for your deployment.VMware Hardware Compatibility Guide:/resources/compatibility/search.php Supported databasesExternal databases: Microsoft SQL Server 2012 and 2014Bundled with the GMS application: MySQLInternet browsersMicrosoft® Internet Explorer 11.0 or higher (do not use compatibility mode) Mozilla Firefox 37.0 or higherGoogle Chrome 42.0 or higherSafari (latest version)GMS gatewaySonicWall SuperMassive™ E10000 Series, SonicWall SuperMassive™ 9000 Series, E-Class Network Security Appliance (NSA), and NSA Series Supported SonicWall appliances managed by GMSSonicWall Network Security Appliances: SuperMassive E10000 and 9000 Series, E-Class NSA, NSA, and TZ Series appliances®SonicWall Secure Mobile Access (SMA) appliances: SMA Series andE-Class SRASonicWall Email Security appliancesAll TCP/IP and SNMP-enabled devices and applications for active monitoringAbout UsSonicWall has been fighting the cyber-criminal industry for over 25 years, defending small, medium size businesses and enterprises worldwide. Our combination of products and partners has enabled a real-time cyber defense solution tuned to the specific needs of the more than 500,000 global businesses in over 150 countries, so you can do more business with less fear.。