Ngfw overview


Published on

Ngfw overview

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Ngfw overview

  1. 1. Dell SonicWALL Next Generation Firewall Workshop
  2. 2. 2 SonicWALLConfidential Dell SonicWALL’s legacy 1991 1996 2005 2007 2010 2011 2012 Founded Became leading provider of subscription services on optimized appliances Became the leader in unit share for Unified Threat Management Firewall appliances Shipped one million appliances worldwide Named to Visionaries Quadrant, Gartner Magic Quadrant for SSL VPN Thoma Bravo and SonicWall entered into a partnership Positioned as “Leader” in Gartner UTM Magic Quadrant Positioned as “Visionary” in Gartner SSL VPN Magic Quadrant Announced SuperMassive™ E10000 Series SNWL Earns NNSLabs Recommended Rating for NGFW SVM Shipped two million appliances worldwide 5/9: Joined the Dell family
  3. 3. 3 SonicWALLConfidential Magic Quadrant Unified Threat Management Dell SonicWALL in Leaders Quadrant By John Pescatore, Greg Young challengers leaders niche players visionaries abilitytoexecute completeness of vision as of March 5, 2012 Dell SonicWALL Fortinet Check Point Software Technologies WatchGuard Sophos (Astaro) Cyberoam Netasq Cisco Juniper Networks Netgear Trustwave gateProtect Clavister Kerio Technologies Dell Vendor Profile Excerpted from MQ: Strengths •Dell has strong global partner and MSSP support. •Dell SonicWALL is well-known in the UTM space and appears frequently on Gartner client shortlists. •The graphical elements of SonicWALL's management interface are consistently highly rated. •SonicWALL's release of new features has kept up with midmarket needs, and has been matched by usability enhancements. Cautions •SonicWALL's push into the high end with SuperMassive may divert resources and focus from the UTM market. •SonicWALL does not offer a virtual appliance for the UTM space.
  4. 4. 4 SonicWALLConfidential 2013 The NSSSecurity Value Map
  5. 5. 5 SonicWALLConfidential Dell Connected Security 38B security events analyzed daily 1m devices WW reporting on 40m users 638B intrusions prevented in 2011 $14 trillion in assets protected daily 40,000 new malware samples analyzed every day 4.2B malware attacks blocked in 2011 Data encrypted and protected on 7m devices Dell SonicWALL Dell Dell Secureworks Dell Credant Dell KaceDell Quest Dell is firmly committed to providing end-to-end IT solutions that enable customers to grow and thrive. This includes continuous protection of customers data, applications, systems and networks.
  6. 6. Secure remote access Email security Policy & management Hosted Network security Dell SonicWALL product portfolio Clean wireless – SonicPoint-N Series WAN acceleration Application Intelligence and Control GAV/ Anti- Spyware Intrusion Prevention Comprehensive Anti- Spam Service Enforced Client Anti- Virus Content Filtering Service Global VPN Client SSL VPN For Network Security Secure Virtual Assist Mobile Connect End Point Control Connect Mobile Spike License Pack Advanced Reporting Native Access Module Secure Virtual Assist Secure Virtual Access Secure Virtual Meeting Mobile Connect Web Application Firewall Email Protection Email Anti- Virus Email Compliance Global Management System Analyzer Scrutinizer
  7. 7. 7 SonicWALLConfidential Dell SonicWALL Next-Gen Firewalls SuperMassive E10000 & 9000 Series Data centers, ISPs E-Class NSA Series Medium to large organizations NSA Series Branch offices and medium sized organizations TZ Series Small and remote offices E10200E10400E10800 NSA E8500 NSA E6500 NSA E5500NSA E8510 NSA 4600 NSA 3600 NSA 2400 NSA 250M NSA 220 TZ 205 TZ 105TZ 215 9600 9400 9200 NSA 5600 NSA 6600
  8. 8. Dell SonicWALL Next Generation Firewalls SuperMassive E10800 SuperMassive E10400 SMB/Campus/Branch Enterprise, Data Center SuperMassive Series TZ 215/W TZ 205/W TZ 105/W SuperMassive 9600 SuperMassive 9400 SuperMassive 9200 TZ Series NSA 4600 NSA 3600 NSA 2600 NSA 220/250M NSA 6600 NSA 5600 NSA Series
  9. 9. 9 SonicWALLConfidential E-Class Series Certifications FIPS140-2 Common Criteria EAL4+ ICSA Firewall ICSA Enterprise Firewall (IPv6, High Availability, VoIP) IPv6 Phase 1 IPv6 Phase 2 NSSRecommended NGFW (E10800 based on the same security engine)
  10. 10. 10 SonicWALLConfidential Dell SonicWALL Next Generation Firewall Architecture Scan Everything – Every bit, every protocol, every user & application
  11. 11. 11 SonicWALLConfidential NGFW Orientation – SPI vs. DPI Stateful Packet Inspection
  12. 12. 12 SonicWALLConfidential NGFW Orientation – SPI vs. DPI Deep Packet Inspection
  13. 13. 13 SonicWALLConfidential Next Generation Firewall Technology 1. Stateful Packet Inspection 2. Intrusion Prevention – The front- line network defense against application attacks 3. Application Identification & Visualization – Can’t control what you can’t see 4. User Identification through Single Sign On (SSO) – Correlate network traffic with users 5. Application Control – Granular control (Allow Facebook, Block Social Gaming) 6. SSL Decryption – Don’t allow threats to tunnel through encrypted channels 7. Threat Prevention – Anti- X (Virus/Trojan/Malware) DeepPacketInspection
  14. 14. 14 SonicWALLConfidential Application Intelligence, Control and Visualization Application Chaos So many on Port 80 Critical Apps Prioritized Bandwidth Acceptable Apps Managed Bandwidth Unacceptable Apps Blocked Identify By Application - Not by Port & Protocol By User/Group -Not by IP By Content Inspection -Not by Filename Categorize By Application By Application Category By Destination By Content By User/Group Users/Groups Ingress Control Prioritize Apps by Policy Manage Apps by Policy Block Apps by Policy Detect and Block Malware Detect & Prevent Intrusion Attempts Policy Visualize & Manage Policy Cloud-Based Extra-Firewall Intelligence Egress Malware Blocked Massively Scalable Next-Generation Security Platform High Performance Multi-Core Re-Assembly Free DPI Visualization
  15. 15. Policy Application intelligence, control and visualization Identify Categorize Control ?? ?? ?? ? Process Visualization
  16. 16. 16 SonicWALLConfidential Network Traffic Visualization Real-time Traffic Breakdown User Traffic Consumption Identify P2P Traffic Bandwidth BreakdownApp Traffic Drilldown
  17. 17. 17 SonicWALLConfidential Identify and Control Applications Application Library with over 3800 unique Application Uses Granular Control Allow Facebook, Block Farmville Allow Chat, Block File Transfer - Group/User Based - Schedule Based - Exceptions
  18. 18. 18 SonicWALLConfidential Dashboard->Real-Time monitor
  19. 19. 19 SonicWALLConfidential (SonicOS5.9) Enhaned Logging  New to view, categorize and filter
  20. 20. 20 SonicWALLConfidential Application Control
  21. 21. 21 SonicWALLConfidential NGFW Features - DPI-SSL
  22. 22. 22 SonicWALLConfidential RFDPI Engine with DPI-SSL RFDPI Engine Incoming SSL Session Handling Ultra-Scalable TCP Stack Decryption Re-Encryption Outgoing SSL Session Handling SSL Stream out SSL Stream in
  23. 23. 23 SonicWALLConfidential SSL Decryption (DPI SSL) Details • Does not rely on a proxy configuration • Can inspect all SSL sessions on all ports independently of the protocol (HTTPS, IM SSL, POP3 over SSL, etc…) • Scans both SSL encrypted and decrypted data • Can inject content such as block pages • Client Side DPI-SSL Security Services – Gateway Anti- Virus, Gateway Anti- Spyware, Intrusion Prevention, Application Firewall, Content Filtering • Server Side DPI-SSL Security Services – Gateway Anti- Virus, Gateway Anti- Spyware, Intrusion Prevention, Application Firewall • Optional: decrypted traffic can be sent directly to the server after DPI inspection. Benefit: SSL Offloading
  24. 24. 24 SonicWALLConfidential NGFW Features - SSO 2
  25. 25. 25 SonicWALLConfidential Single Sign-On Overview • SSO is a transparent user authentication that provides access to network resources with a single login. User Workstation Authorized passwrd123 No need for additional authentication! Access Rules Security Services
  26. 26. 26 SonicWALLConfidential SonicWALL SSO Agent
  27. 27. 27 SonicWALLConfidential Security Services 2
  28. 28. 28 SonicWALLConfidential SonicWALL On-Board DPI Security Services Intrusion Prevention Gateway Anti-Virus Gateway Anti-Spyware Cloud-AV Content/URL Filtering DPI SSL (SSL Inspection) Application Intelligence & Control Application Visualization Comprehensive Anti-Spam
  29. 29. 29 SonicWALLConfidential RFDPI based Gateway Anti-Virus HTTP SMTP TCP Stream Reassembly- free Base64 decoding Reassembly-free deflate decompression Reassembly-free ZIP decompression Reassembly-free GZIP decompression Reassembly- free Gateway Anti-Virus scanning based on Deep Packet Inspection technology Anti-Virus Prevention Response POP3 IMAP FTP Packet Start stage Protocol State Machine E-Mail Format Decoding Decompression Scanning Prevention Copyright 2010 SonicWALL Inc. All Rights Reserved 29
  30. 30. 30 SonicWALLConfidential Content Filtering Service Overview • Database in the cloud (millions of URLs rated) • Hardware- and OS-independent • Simple implementation • Granular control: 64 categories • GMSand Analyzer integration (reporting)
  31. 31. 31 SonicWALLConfidential VPN 3
  32. 32. 32 SonicWALLConfidential Route Based IPSec VPN • Tunnel Interface: A Tunnel Interface can be defined between the two end- points of the tunnel. Static routes will be used to route traffic through the tunnel interface. • Note: The Tunnel Interface must be bound to a physical interface and the IP address of that physical interface is used as the source address of the tunneled packet.
  33. 33. 33 SonicWALLConfidential SSL VPN
  34. 34. 34 SonicWALLConfidential Using All The cores Increase SSL-VPN Sessions Model Old New NSA E8510 n/a 1,500/5000* NSA E8500 50 1,500/5000* NSA E7500 50 1,000/5000* NSA E6500 50 750 NSA E5500 50 500 NSA 5000 30 350 NSA 4500 30 350 NSA 3500 30 250 NSA 2400 25 125 NSA 250 15 50 NSA 220 15 50 TZ 215 10 25 TZ 210 / 210W 10 25 TZ 200 / 200W 10 10 TZ 100 / 100W 5 5
  35. 35. 35 SonicWALLConfidential Mobile Connect for iOS/ Android Dell Aventail E- Class SRA Appliances Dell SonicWALL SRA Appliances Dell SonicWALL Next- Generation Firewalls Step 1: Download Mobile Connect Step 2:Install Mobile Connect Step 3: Configure SSL VPN Connection
  36. 36. 36 SonicWALLConfidential Deployment Scenarios 3
  37. 37. 37 SonicWALLConfidential Top Deployments 1. Traditional NAT Gateway with Security & Remote Access 2. High Availability Modes – Active/Passive with State Synchronization – Active/Active DPI with State Synchronization – Active/Active Clustering 3. In-Line Deployments: Wire mode or Layer 2 Bridge Mode, Tap Mode – Easy Network Insertion, no network re- numbering 4. “Clean Wireless” Deployment – Firewall as a wireless controller – DPI on all wireless traffic 5. “CleanVPN” Deployment – Firewall as a VPN Concentrator – DPI on all incoming VPN traffic 6. VPN Concentrator for Distributed Enterprise – Global Management System (GMS) to provision and manage branch offices – Connectivity through central SuperMassive or E- Class NSA firewall – All security done at the central site 7. Network Segmentation (Security Zones) – Network Segmentation via VLAN & Security Zones – Different Security policies for each Security Zone
  38. 38. 38 SonicWALLConfidential Medium/Large Network Deployment with DPI Security • Requirements – Layered security – Levels of trust created via defining zones. – Gateway Firewalls between zones. – Context- aware security – Enforce global Policy based on context (user, location, access method, Device, etc) – Application- aware Security – Mitigate Advance persistent threats – Orchestrated Security management – Workload Virtualization introduces Virtual Access Layer – Need security functions like physical layer • Security Functions – ACLs, Firewalls, IDS/IPS – host- based security (HIPS, Vulnerability Scanning) – Email Security – Anti- Spyware – Secure Remote Access – SIEM/Log Monitoring Virtual Access Core WAN Aggregation Access Firewall, IDS/IPS, Gateway services, … • Security required at each layer to achieve global protection • Virtual Access layer requires security enforcement within virtual environment NSA Series 38
  39. 39. 39 SonicWALLConfidential NGFW Wire & L2 Bridge Mode Deployment NGFW insertion into a network with an existing gateway firewall Layer 2 Bridge or Wire Mode Deployment Discover application usage & threats leaking through the traditional firewall Before After
  40. 40. 40 SonicWALLConfidential Flexible Wire Mode Deployment Bypass  Inspect  Secure  Allows for the quick and relatively non interruptive introduction of SuperMassive into a network (ie: between a core switch and a perimeter firewall, in front of a VM server farm, at a transition point between data classification domains).  Inspect Mode provides full visibility & low- risk, zero- latency packet path.  Secure Mode is the progression of Inspect Mode, actively interposing active control into the packet processing path.
  41. 41. 41 SonicWALLConfidential
  42. 42. 42 SonicWALLConfidential Application Visualization Report  Detailed application report for offline report generation  Visualization database uploaded to  Report provides risk assessment, applications, bandwidth, vulnerabilities, URLs, etc