User's Manual
Introduction
36
SonicOS Enhanced 4.0 Administrator Guide
appliances have been associated as a hardware failover pair on mysonicwall.com, you can
enable this feature by selecting Enable Stateful Synchronization in the Hardware Failover
> Advanced page.
• Application Firewall - SonicOS Enhanced 4.0 introduces Application Firewall, which
provides a way to create application-specific policies to regulate Web browsing, file
transfer, email, and email attachments. Application Firewall enables application layer
bandwidth management, and also allows you to create custom policies for any protocol. It
gives you granular control over network traffic on the level of users, email users, and IP
subnets.
• HTTPS Filtering - SonicOS Enhanced 4.0 uses HTTPS Filtering to allow administrators to
control user access to Web sites when using the encrypted HTTPS protocol. HTTPS
Filtering is based on the ratings of Web sites, such as Gambling, Online Banking, Online
Brokerage and Trading, Shopping, and Hacking/Proxy Avoidance.
Note HTTPS Filtering is IP-based, so IP addresses must be used rather than domain
names in the Allowed or Forbidden lists. You can use the nslookup command in a
DOS cmd window to convert a domain name to its IP address(es). There may be
more than one IP address associated with a domain, and if so, all must be added to
the Allowed or Forbidden list.
• SSL Control - SonicOS Enhanced 4.0 introduces SSL Control, which is a system that
provides visibility into the handshake of Secure Socket Layer (SSL) sessions, and a method
for configuring policies to control the establishment of SSL sessions.
• Certificate Blocking - SonicOS Enhanced 4.0 provides a way to specify which HTTPS
certificates to block. This feature is closely integrated with SSL Control.
• Inbound NAT Load Balancing with Server Monitoring - SonicOS Enhanced 4.0
introduces Inbound NAT Load Balancing with Server Monitoring, which detects when a
server is unavailable and stops forwarding requests to it. Inbound NAT Load Balancing
spreads the load across two or more servers. When Stateful High Availability (Stateful
Hardware Failover) is configured, during a failover, SonicOS forwards all requests to the
alternate server(s) until it detects that the offline server is back online. Inbound NAT Load
Balancing also works with SonicWALL SSL-VPN appliances.
• Security Dashboard Web Page - SonicOS Enhanced 4.0 includes the Security Dashboard
page in the user interface, which displays a summary of threats stopped by the SonicWALL
security appliance. The Security Dashboard shows two types of reports:
–
A Global Report that displays a summary of threat data received from all SonicWALL
security appliances worldwide.
–
An Individual Appliance Report that displays a summary of attacks detected by the local
SonicWALL security appliance.
• Registration & License Wizard - As part of the new Security Dashboard, SonicOS
Enhanced 4.0 provides a License Wizard for both firewall registration and the purchase of
security service licenses. The available security services are the same as those that enable
Global Reports by providing threat data from SonicWALL devices around the world.
• Multiple SSH Support - SonicOS Enhanced 4.0 provides support for multiple concurrent
SSH sessions on the SonicWALL security appliance. When connected over SSH, you can
run command line interface (CLI) commands to monitor and manage the device. The
number of concurrent SSH sessions is determined by device capacity. Note that only one
session at a time can configure the SonicWALL, whether the session is on the GUI or the