• SonicWALL
  • Astaro
  • Barracuda
  • Ruckus
  • Kaspersky
  • Iron Key
  • Paessler

Fonctionnalités SonicOS pour Firewalls SonicWALL

SonicOS 5.8.1:

  • WAN Acceleration Support: support for the SonicWALL WXA series appliances, which employ techniques such as TCP acceleration and Windows File Sharing (WFS) acceleration to optimize WAN traffic between multiple locations connected by VPN or dedicated links.
  • Bandwidth management Enhancements: Simple bandwidth management on all interfaces, specifying bandwidth management priority per firewall rules and application control.
  • Geo-IP Filtering and Botnet Command & Control Filtering: Allows to block connections coming to or from a geographic location or country. Helpful for botnet blocking.
  • Wire Mode: Provides a least-intrusive way to deploy the appliance in a network. Wire Mode is a simplified form of Layer 2 Bridge Mode.
  • Customizable Login Page: customize the language of the login authentication pages that are presented to users.
  • LDAP Primary Group Attribute: provides a new attribute setting in the LDAP schema configuration to look up membership of the Domain Users group via an LDAP "Primary group" attribute.

SonicOS 5.8:

  • Real-Time Visualization Dashboard: Administrators can see what websites their employees are accessing, what applications and services are being used in their networks and to what extent, in order to police content transmitted in and out of their organizations.
  • Application Intelligence + Control: Identify applications and track user network behaviors in real-time. Allow/deny application and user traffic based on bandwidth limiting policies.
  • Deep Packet Inspection of SSL encrypted data (DPI-SSL): Provides the ability to transparently decrypt HTTPS and other SSL-based traffic, scan it for threats using SonicWALL‘s Deep Packet Inspection technology.
  • Gateway Anti-Virus Enhancements (Cloud GAV): The Cloud Gateway Anti-Virus feature introduces an advanced malware scanning solution that compliments and extends the existing Gateway AV.
  • Link Aggregation: provides the ability to group multiple Ethernet interfaces to form a trunk which looks and acts like a single physical interface.
  • Port Redundancy : provides the ability to configure a redundant physical interface for any Ethernet interface in order to provide a failover path in case a link goes down. Port Redundancy is available on all NSA E-Class platforms.
  • Content Filtering Enhancements: The CFS now provide policy management of network traffic based on Application usage, User activity, and Content type. Administrators are now able to create multiple CFS policies per user group and set restrictive Bandwidth Management Policies based on CFS categories.
  • IPFIX and NetFlow Reporting: This feature enables administrators to gain visibility into traffic flows and volume through their networks.
  • VLAN Support for TZ Series: SonicOS 5.8 provides VLAN support for SonicWALL TZ 210/200/100 Series
  • SonicPoint Virtual Access Point Support for TZ Series: Virtual Access Points (VAPs) are now supported when one or more SonicWALL SonicPoints are connected to a SonicWALL TZ 210/200/100 Series appliance.
  • Dynamic WAN Scheduling: SonicOS 5.8 supports scheduling to control when Dynamic WAN clients can connect.
  • NTLM Authentication with Mozilla Browsers: As an enhancement to Single Sign-On, SonicOS can now use NTLM authentication to identify users who are browsing using Mozilla-based browsers (including Internet Explorer, Firefox, Chrome and Safari)
  • Accept Multiple VPN Proposals for Clients Option: The new Accept Multiple Proposals for Clients checkbox allows multiple VPN or L2TP clients using different security policies to connect to a firewall running SonicOS 5.8.0.3.

SonicOS 5.6:

  • Deep Packet Inspection Secure Socket Layer (DPI-SSL): DPI-SSL enables scanning of encrypted HTTPS traffic for threats and vulnerabilities across clients and servers.  Additionally, this technology can be used for SonicWALL Content Filtering Service (CFS) to enhance the effectiveness against HTTPS sites.
  • Terminal Services Authentication and Citrix Support: Terminal Services Authentication and Citrix Support allows transparent user authentication to enable Application Firewall and Content Filtering policy enforcement in those environments running Terminal Services or Citrix.
  • Route-based VPN with Dynamic Routing Support: Route-based VPN with Dynamic Routing Support allows network administrators to simplify complex VPN deployments by using dynamic routing to dynamically update VPN networks.
  • Multi-WAN Enhancements (USB 3G/Analog Support): These enhancements provide support for USB 3G/Analog failover on all NSA and E-Class NSA Series appliances.
  • Bookmarks for SSH and RDP: Bookmarks for SSH and RDP provides a method to allow configuration of bookmarks for SSH and RDP services.
  • Granular User Controls: Granular User Controls provides a method to enforce different levels of policy access based on user ID.
  • One-Time Password: SonicWALL onboard SSL-VPN One-Time Password provides greater security than single, static passwords alone. Using a one-time password in addition to regular login credentials effectively adds a second layer of user authentication.
  • Virtual Assist: Virtual Assist provides a method for IT administrators to offer remote assistance when customers may not be at that local site by enabling a technician to assume control of a customer’s PC or laptop for the purpose of providing remote technical assistance.
  • Enhancement to Increase UTM Connections: This enhancement offers the ability to increase the concurrent number of UTM connections on an appliance.
  • Packet Mirror: Packet Mirror allows configuration of one of the ports on an NSA or E-Class NSA firewall as a Mirror Port, for use in capturing traffic flows from other ports.
  • Virtual Access Points: Available on TZ Series appliances, Virtual Access Points provides a method to segment different wireless groups by providing logical segmentation on a single wireless radio.
  • Wireless Bridging: Available on wireless TZ Series appliances, Wireless Bridging offers a method by which the wireless radio on the TZ Series appliance can be used to connect to other wireless access points, allowing users to bridge the wired interfaces on the TZ Series appliances.
  • FairNet Support for SonicPoint-N Dual-Band: FairNet Support for SonicPoint-N Dual-Band provides administrators with the ability to control bandwidth for all wireless users connected to a SonicPoint-N Dual-Band by creating policies that equally distribute bandwidth for all wireless users connected to the access point.

SonicOS 5.5:

  • Multi-WAN: Multi-WAN allows up to four WAN interfaces to be configured on any TZ 210, NSA or E-Class NSA appliance to provide additional Internet redundancies along with outgoing load balancing over the four WAN interfaces.
  • Active/Active Unified Threat Management (UTM): Active/Active UTM provides increased UTM performance when E-Class NSA appliances are running in a High Availability configuration mode.
  • Authenticated User Increase (SSO Scalability): Single Sign-On enhancements increase the number of authenticated users supported on E-Class NSA appliances.
  • Route-based VPN: Route-based VPN allows administrators to configure and treat VPN tunnels as a tunnel interface. This configuration then allows route look-ups to determine the proper path to use for VPN traffic.
  • Solera Networks Deep Forensic Analysis: Solera Networks Deep Forensic Analysis provides a method by which a SonicWALL NSA or E-Class NSA appliance can send log information to the Solera Networks Network Packet Capture System (NPCS) for event replay. The Solera NPCS is a passive capture appliance used to collect and store all network traffic to be used at a later date for forensic analysis.
  • DNS Rebinding Attack Protection: Provides DNS Rebinding Attack detection and prevention.
  • IP Helper Enhancements: These enhancements increase the IP Helper support to include Time Service, DNS, DHCP, Net-Bios DNS, Net-Bios Dataram, Wake on LAN and mDNS.
  • DHCP Enhancements: These enhancements allow administrators to configure a DHCP range that is not currently assigned to one of the interfaces on a SonicWALL UTM appliance. This allows one DHCP server to manage different scopes for subnets.
  • Layer 2 Wireless Bridging: Layer 2 Wireless Bridging allows the LAN and WLAN to be on the same broadcast domain.
  • Policy-based Route Probing: Policy-based Route Probing provides a method to allow the configuration of probing for policy-based routes.
  • Asymmetric Network Support for Layer 2 Bridge Mode (NSA 240-E7500): This is a description of the requirements for a SonicWALL firewall to function in a network in which asymmetric routing is taking place. Asymmetric routing refers to a network topology wherein outbound and inbound network traffic traversing a local network may take different paths.
  • Guest Services for non-Wireless Zones: Guest Services for non-Wireless Zones allows non-WLAN zones to be configured to support Guest Services configuration.
  • Simple Certificate Enrollment Protocol (SCEP): This protocol is designed to make the issuing and revocation of digital certificates as scalable as possible. The idea is that any standard network user should be able to request his/her digital certificate electronically and as simply as possible. These processes have typically required intensive input from network administrators, and therefore have not been suited to large scale deployments.
  • USB 3G and Analog Modem Support: Provides USB-based 3G and analog modem failover for the TZ 200 and TZ 210 Series appliances.

Sonic OS 5.2

  • SonicWALL SSL VPN NetExtender Feature Support: SonicOS Enhanced 5.2 provides support for SonicWALL's SSL VPN NetExtender, which was previously available only on the SonicWALL SSL VPN platforms. SonicWALL NetExtender is a transparent software application for users that enables remote users to securely connect to the remote network.
  • Apple Bonjour Support: SonicOS Enhanced 5.2 introduces support for Apple's Bonjour protocol (also known as Rendevous or zero-configuration networking). Bonjour enables automatic discovery of computers, devices, and services on IP networks without the need to enter IP addresses or configure DNS servers.
  • Apple iPhone Support: SonicOS Enhanced 5.2 supports L2TP termination from the Apple iPhone.
  • Fully Customizable Block Page font: The web page that is displayed when a user attempts to access a blocked site can now be fully customized. This enables organizations to brand the block page and display any organization-specific information.
  • CFS Policy per IP Address: Appliances with SonicWALL CFS Premium can now assign specific CFS policies to ranges of IP address ranges. This provides the ability to segment CFS policies within a single zone.
  • Safe Search Enforcement: Safe Search Enforcement allows you to force Web search sites like Google and Yahoo that have content restriction options always to use their strictest settings.
  • Outbound Inspection for Gateway Anti-Virus: The SonicWALL Anti-Spyware and Gateway Anti-Virus security services now provide outbound inspection for HTTP, FTP, and TCP traffic.
  • Connection Cache Limiting: SonicOS 5.2 provides a way to limit the number of connections on a per-source or per-destination IP address basis. This feature protects against worms on the LAN side that initiate large numbers of connections in denial of service attacks.

Sonic OS 4.0

  • Application Firewall: Application firewall is a set of application-specific policies that gives you granular control over network traffic on the level of users, e-mail users, schedules, and IP-subnets. The primary functionality of this application layer access control feature is to regulate Web browsing, file transfer, e-mail, and e-mail attachments. Using the digital rights management component of application firewall, administrators have the ability to scan files and documents for content and keywords. Application firewall allows you to restrict file transfers of certain file names, file types, e-mail attachments, attachment types, e-mail with certain subjects, and e-mail or attachments with certain keywords or byte patterns.
  • Stateful Failover with Statesync HF: Stateful Failover is a high availability feature that dramatically improves network reliability by ensuring uninterrupted operation during hardware or software failures. When Stateful Hardware Failover is enabled between two SonicWALL appliances, the primary appliance actively communicates with the backup to update most network connection information. As a result, the backup appliance is always prepared to take over the active connections seamlessly with almost zero impact to networked users.
  • Single Sign-On: Single Sign-On (SSO) is a transparent user authentication mechanism that provides privileged access to multiple network resources with a single workstation login.
  • Inbound Load Balancing: Allows administrators to configure policies that will allow inbound load balancing to happen for similar network resources. The SonicWALL can support Round Robin, Random Distribution, Sticky IP, Block Remap and Symmetrical Remap load balancing algorithms.
  • HTTPS Content Filtering: This feature allows the SonicWALL to intercept and inspect IP based HTTPS sessions using the Content Filtering Service (CFS) to prevent network users from accessing HTTP proxy sites.
  • SSL Control: SSL Control provides administrators visibility into the handshake of SSL sessions and a method for constructing policies to control the establishment of SSL connections.
  • Services Dashboard: Services Dashboard provides a visible representation of the current global and applicant count of blocked network threats when using the SonicWALL Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention Service.
  • Packet Capture: Packet capture is a mechanism that allows administrators to capture and examine the contents of individual data packets that traverse SonicWALL firewall appliances. This information aids administrators in troubleshooting, diagnostics and general network activity, decreasing the time it take to investigate potential issues.
  • Virtual Access Points: Virtual Access Points enables SonicPoints to advertise up to eight SSIDs and allows each to be associated with a Security Zone.
  • Wireless IDS Rogue Detection: Wireless IDS Rogue Detection allows you to configure a set of authorized access points, defined by address object groups. If contact is attempted from an unauthorized access point, SonicOS generates an alert.
  • TCP Conformance: Added support for the TCP Window Scale option as defined in RFC 1323.
  • DHCP Server Persistence: DHCP Server Persistence is a solution where DHCP leases are saved in the flash memory of an appliance. Whereas in the case of an appliance reboot, the DHCP clients will receive the same lease before reboot.
  • DHCP options: Allows vendor specific DHCP options to be used in conjunction with DHCP leases.
  • MS-CHAP-V2 Support: Added support for MS-CHAP-V2 for L2TP over IPsec remote access connections.
  • Multiple SSH management sessions: Added support for multiple SSH management sessions.
  • Read-only administration login: Allows read only access to the SonicWALL management interface.

SonicOS 3.4

  • HTTPS Content Filtering: This feature allows the SonicWALL to intercept and inspect IP based HTTPS sessions using the Content Filtering Service (CFS) to prevent network users from accessing HTTP proxy sites.
  • Added Hacking and Proxy Avoidance Category for CFS: Allows administrators to configure the Hacking and Proxy Avoidance category when running SonicWALL Content Filtering Service to help block access to sites that may be used to bypass CFS.
  • Custom IP Protocol Support: Support for generic or custom IP protocol objects when configuring a new service object to set the protocol number.
  • PCI Compliance features: Provides the ability for the administrator to enforce certain password constraints to meet PCI requirements.