User's Manual Part 4
Security Services Page 79
from emerging threats and lowering total cost of ownership. Updates to the signature database are
dynamic for SonicWALL firewalls under an active subscription.
• Scalable - SonicWALL IPS is a scalable solution for SonicWALL TZ 170 and PRO Series Appliances
that secures small, medium and large networks with complete protection from application exploits,
worms and malicious traffic.
• Application Control - SonicWALL IPS provides the ability to prevent Instant Messaging and Peer-
to-Peer file sharing programs from operating through the firewall, closing a potential backdoor that
can be used to compromise the network while also improving employee productivity and conserving
Internet bandwidth.
• Simplified Deployment and Management - SonicWALL IPS allows network administrators to
quickly and easily manage the service within minutes. Administrator’s can create global policies
between security zones and interfaces as well as group attacks by priority, simplifying deployment
and management across a distributed network.
• Granular Policy Management - SonicWALL IPS provides administrators with a range of granular
policy tools to enforce IPS on a global, group, or individual signature level to enable more control and
reduce the number of false policies. SonicWALL IPS allows also allows administrators to choose
between detection, prevention, or both to tailor policies for their specific network environment.
• Logging and Reporting - SonicWALL IPS offers comprehensive logging of all intrusion attempts with
the ability to filter logs based on priority level, enabling administrator’s to highlight high priority attacks.
Granular reporting based on attack source, destination and type of intrusion is available through
SonicWALL ViewPoint and Global Management System. A hyperlink of the intrusion brings up the
signature window for further information from the SonicWALL appliance log.
• Management by Risk Category - SonicWALL IPS allows you to enable/disable detection or
prevention based on the priority level of attack through High, Medium, or Low predefined priority
groups.
• Detection Accuracy - SonicWALL IPS detection and prevention accuracy is achieved minimizing
both false positives and false negatives. Signatures are written around applications, such as Internet
Explorer or SQL Server rather than ports or protocols to ensure that malicious code targeting them
are correctly identified and prevented.
SonicWALL Deep Packet Inspection
Deep Packet Inspection looks at the data portion of the packet. The Deep Packet Inspection technology
includes intrusion detection and intrusion prevention. Intrusion detection finds anomalies in the traffic and
alerts the administrator. Intrusion prevention finds the anomalies in the traffic and reacts to it, preventing
the traffic from passing through.
Deep Packet Inspection is a technology that allows a SonicWALL Security Appliance to classify passing
traffic based on rules. These rules include information about layer 3 and layer 4 content of the packet as
well as the information that describes the contents of the packet’s payload, including the application data
(for example, an FTP session, an HTTP Web browser session, or even a middleware database
connection). This technology allows the administrator to detect and log intrusions that pass through the
SonicWALL Security Appliance, as well as prevent them (i.e. dropping the packet or resetting the TCP
connection). SonicWALL’s Deep Packet Inspection technology also correctly handles TCP fragmented
byte stream inspection as if no TCP fragmentation has occurred.
How SonicWALL’s Deep Packet Inspection Architecture Works
Deep Packet Inspection technology enables the firewall to investigate farther into the protocol to examine
information at the application layer and defend against attacks targeting application vulnerabilities. This
is the technology behind SonicWALL Intrusion Prevention Service. SonicWALL’s Deep Packet Inspection
technology enables dynamic signature updates pushed from the SonicWALL Distributed Enforcement
Architecture.
The following steps describe how the SonicWALL Deep Packet Inspection Architecture works: