User's Manual Part 4
Page 78 SonicWALL SonicOS Standard Administrator’s Guide
Network Anti-Virus E-Mail Filter
The E-Mail Filter allows the administrator to selectively delete or disable inbound e-mail attachments as
they pass through the SonicWALL. This feature provides control over executable files and scripts, and
applications sent as e-mail attachments.
Note:
E-Mail Filter is included with Network Anti-Virus.
Intrusion Prevention Service
SonicWALL Intrusion Prevention Service (SonicWALL IPS) delivers a configurable, high performance
Deep Packet Inspection engine for extended protection of key network services such as Web, e-mail, file
transfer, Windows services and DNS. SonicWALL IPS is designed to protect against application
vulnerabilities as well as worms, Trojans, and peer-to-peer, spyware and backdoor exploits. The
extensible signature language used in SonicWALL’s Deep Packet Inspection engine also provides
proactive defense against newly discovered application and protocol vulnerabilities. SonicWALL IPS
offloads the costly and time-consuming burden of maintaining and updating signatures for new hacker
attacks through SonicWALL’s industry-leading Distributed Enforcement Architecture (DEA). Signature
granularity allows SonicWALL IPS to detect and prevent attacks based on a global, attack group, or per-
signature basis to provide maximum flexibility and control false positives.
Note:
SonicWALL Intrusion Prevention Service is available for the SonicWALL TZ 170 and PRO Series (PRO
2040, PRO 3060, PRO 4060, and PRO 5060) SonicWALL Internet Security Appliances running
SonicOS Standard or Enhanced 2.2 (or higher).
SonicWALL IPS Features
• High Performance Deep Packet Inspection Technology - SonicWALL’s Intrusion Prevention
Service features a configurable, high-performance Deep Packet Inspection engine that uses parallel
searching algorithms on incoming packets through the application layer to deliver increased attack
prevention capabilities over those supplied by traditional stateful packet inspection firewall. By
performing all of the matching on packets, SonicWALL IPS eliminates the overhead of having to
reassemble the data stream. Parallel processing reduces the impact on the processor and maximizes
available memory for exceptional performance on SonicWALL appliances.
• Inter-Zone Intrusion Prevention - SonicWALL IPS provides an additional layer of protection against
malicious threats by allowing administrator’s to enforce intrusion prevention not only between each
network zone and the Internet, but also between internal network zones. This is performed by
enabling intrusion prevention on inbound and outbound traffic between trusted zones (SonicOS
Enhanced).
• Extensive Signature Database - SonicWALL IPS utilizes an extensive database of over 1,700 attack
and vulnerability signatures written to detect and prevent intrusions, worms, application exploits, as
well as peer-to-peer and instant messaging traffic. The SonicWALL Deep Packet Inspection engine
can also read signatures written in the popular Snort format, allowing SonicWALL to easily
incorporate new signatures as they are published by third parties. SonicWALL maintains a current
and robust signature database by incorporating the latest available signatures from thousands of
open source developers and by continually developing new signatures for application vulnerabilities
that are not immediately available or provided by open source.
• Dynamically Updated Signature Database - SonicWALL IPS includes automatic signature updates
delivered through SonicWALL’s Distributed Enforcement Architecture (DEA), providing protection