SonicWall Products Update

1

Dmitriy Ayrapetov

Suroop Chandran

Product Management

Product Update

• Firewalls

• SonicOS

• SD-WAN

• Virtual Firewalls

• WAF

• Capture Client

• Email Security

• Wireless

• SD-WAN

• Distributed Enterprise FocusSD-WANZero Touch DeploymentPoE Enabled TZ

• SonicOS 6.5.3• SD-WAN• API 2.0• DNS Security• 2FA

• Zero Touch , Management & Reporting

• Datacenter & IaaS Security

• End Point Update

• Email & Remote Access

• Preview Q1’CY19 Launches

SonicOS Install BaseMind the lifecycle, move customers to newer versions

SonicOS 6.2.4 & older

SonicOS 6.2.5.x

SonicOS 6.2.6.x

SonicOS 6.2.7.1

SonicOS 6.2.9

SonicOS 6.5.0

SonicOS 6.5.1

SonicOS 6.5.2

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

SonicOS Lifecycle Page (found under Firmware Lifecycle)

https://www.sonicwall.com/en-us/support/product-lifecycle-tables?product=sonicwall-tz-series&type=firmware

SonicWall Next-Generation Firewall Portfolio – CY19 ViewM

axim

um

DP

I C

on

ne

ctio

ns

4K

–2

00

K37

5K

–3.5

M4M

–1

0M

Mid-sized Network / Distributed Enterprise / Data Center

Large Enterprise/

Data Center/

Service Provider

SMB /

Remote and Branch

Networks

50 – 750 Mbps 2,500 - 5,000 Mbps

TZ Series

30

M+

10,000 – 50,000+ Mbps

Deep Packet Inspection Throughput Performance

NSa 2650-6650 NSa 9250-9650

NSsp 12000 Series

SM 9800

1,000 - 2,000 Mbps

Q3’17

Q1’18

Q1’18

Q1’18

Q2’18

Q2’18

Q2’18

Q2’18

Q2’18

Virtual NSv NGFW Series

Q1’18 Q3’18 Q4’18Q4’18

SonicOS & Network Security focus through 2018

1H’18

• API – Firewall, AWS

• Wireless Features

• Fast Roaming

• Power Management

• Radio Management

• DPI SSL Enhancements

• Networking, Security & Usability

2H’18

• DNS Security

• SD-WAN for Distributed Enterprise

• DPI SSL Enhancements

• API - Security Services

• Zero Touch

• 2FA

• Wireless

Distributed Enterprise – Illustrative map

6

Additional security products not pictured in

the diagram

- WAF for e-commerce in the cloud or in

the private data center

- Virtual Firewall for DC Segmentation &

Protection

- Email security for office operations

- Endpoint Protection

- Secure remote access

7

Gartner - Market adoption and forecast

Growth at 59% CAGR to become

$1.3 billion market by 2020

WHY SD-WAN IS IMPORTANT

• Mandatory requirement for new branch offices

• All-in-one early mainstream branch office technology for

• Connectivity

• Security

• Availability

• Predictability of app performance

• Visibility and Analytics

• North American-based retail and financial service organizations have been the most aggressive early adopters

• As of July 2017,• Over 6,000 paying SD-WAN customers with more than

4,000 production implementations

• 80% of those in production

• More than 100,000 total branches.

Introducing SonicWall Secure SD-WAN

Build, operate and manage secure, high-performance networks using low-cost Internet access

8

• Feature in SonicOS 6.5.3

• Replace MPLS with lower-cost public Internet access

• Overlay on existing VPN connections

• Predictable, MPLS-like application performance

• Increase agility to support SaaS and cloud applications

• Bring up sites quickly with Zero-Touch Deployment

• Single-pane-of-glass orchestration & management with

CSC or GMS

• Enterprise-class security across the network

• Lower costs - no separate licensing

9

SonicWall Secure SD-WAN

• SonicOS 6.5.2 (Q2)• Application Based Routing

• SonicOS 6.5.3 (Q4 SD-WAN Release)• SD-WAN Interface Groups

• WAN and VPN • Scalable from 1 to n interfaces

• Path Performance Probes for metrics• Dynamic Path Selection

• Based on Latency, Jitter, Packet Loss• User defined thresholds for Quality assessment

• Connection Based Traffic Distribution Automatic connection failover over VPN (“VPN HA”)

• “Two VPN tunnels, FTP connection can failover from one to the other”)

• Provisioning and Management• Configuration, Deployment, Analytics

• SonicOS 6.5.X (Q1 In Investigation)• Packet Based load balancing (WAN Multiplexing)• Dynamic VPN (“VPN on demand” between nodes)• Brownout monitoring• Duplication for sensitive apps (VoIP, Video)• LAN and DMZ for SD-WAN Interface Group

• Future – Integrated WAN Acceleration

• Q2’18• Application Based routing

• Q4’18• SD-WAN Features Phase

1 (on the firewall)

• Q1’19• SD-WAN Features Phase 2

with VPN Enhancements

Link Availability Graphs

10

© 2017 SonicWall™. All rights reserved. 11

Introducing the TZ300P and TZ600P

Integrated threat prevention and SD-WAN platform with PoE/PoE+

12

• Designed for SMBs and enterprises with distributed networks

• PoE/PoE+ ports

• Zero-Touch Deployment Ready

• Ships with SonicOS 6.5.3

• Monitor power consumption & budget

2x802.1af (PoE) or 1x802.1at (PoE+)

4x802.1af/at (PoE/PoE+)

TZ300P

TZ600P

Coming up - SonicOS 6.5.3

13

Wireless

• Auto channel assignment

• RF spectrum analysis

• SonicWave 432 DFS

WWAN Card Support Added

• Telstra 4GX

• Verizon U730

Networking

• Secure SD-WAN

• DDoS Protection at switch level

• HA link Encryption

• Firewall API 2.0 (Security Services)

Advanced Security

• DNS Security (Prevent Tunneling)

• CFS Policy Exclusion

• Capture Sender/Receiver email info

• Policy based HTTPS CFS

Authentication

• 2FA with Google/MS/Duo Apps

• First login password change

• User logon record

• TACACS+ accounting

© Copyright SonicWALL

4G/LTE SUPPORT ENHANCEMENTS

14

• Proxy for 4G/LTE configuration webpages through SonicOS

• Easier configuration and higher performance with new modem protocols supported (instead of PPP)

• RNDIS

• CDC/ECM (USB Standard)

• New Modem Support (USA)

• Verizon USB730L

• AT&T Velocity USB Stick

• Sprint Franklin U772

• T-Mobile Alcatel Linkzone Hotspot (in USB Tethering Mode)• Knowledge Base article on Linkzone setup will go live when 6.5.3

released

• New Modem Support – International

• Telstra 4GX (Huawei E8372 variant) (Australia)

• Huawei E3372h-510 and E3372h-153 (Various carriers)

2FA on the firewall for Administrators and Users

15

Duo Mobile Microsoft

Authenticator

16

Reports – Visibility into Threats & User Activity

Actionable Analytics

Many different use cases, but Top Three are:1. Perform threat hunting

and forensics2. Resolve network and

security trouble tickets3. Investigate web-activities,

threats, application usages

Capture Security Center

Capture Security Center

Three different methods to investigate:1. Groups2. Graphs3. Session Logs

GMS is now a ConnectWise certified Integrator

What’s ConnectWise?

• Business process automation platform that provides:

• Automation, Help Desk, Managed Services, CRM, Project Management, Billing, Quoting, Quote and proposals, and RMM

• 60% MSP partners use ConnectWise

GMS 8.7 will include

• Asset Synchronization: Easier monitoring of SonicWall resources

• Automated Ticketing: Faster response to incidents through service tickets

18

19

The SonicWall Network Security Virtual Firewall

Supported Platforms Private cloud - VMware ESXi, Microsoft Hyper-V

Public cloud - Amazon AWS, Microsoft Azure

Azure & AWS Supported Models

• NSv 200/400/800/1600 (Unlimited Node Models)

VMware ESXi & Hyper-V Supported Models

• NSv 10/25/50/100 (Limited Node Models)

• NSv 200/300/400/800/1600 (Unlimited Node Models)

Introducing the NSv Virtual Firewall Subscription Licensing

20

Perpetual Licensing

(1/3/5 years)

Non-Perpetual Licensing

(1 year)

Three NSv Subscription Offerings Services included in the offer

IPS/App Control SubscriptionNSv Virtual Machine + IPS + App Control +

Support

TotalSecure SubscriptionNSv Virtual Machine + CGSS + Support +

CSC

TotalSecure Advanced

Subscription

NSv Virtual Machine + AGSS + Support +

CSC

NEW

*1 Month Pending approvals and implementation

New Features in WAF 2.2

• Capture ATP Integration

• Seamess Authentication with MFA

• API Support for MSPs/MSSPs

21

SonicWall WAF Licensing Options

• Utility-based Pricing - Per website, NOT per appliance

• Subscription licensing - Buy what you need, pay as you grow

• Scale for growth – appliance throughput is in your hands

• Capacity sharing – enable seasonal or occasional bursts

• All features included – no add-ons, no feature tiers

22

Website

Type

Data Transfer

PRO 10 GB per Month

SMALL 50 GB per Month

MEDIUM 200 GB per Month

LARGE 500 GB per month

Available in 1-Yr and 3-Yr terms

SONICWALL CAPTURE CLIENT

Threat

ProtectionNGAV, ATP, Rollback

etc.

Secure AccessNAC, DPI-SSL

Enablement etc.

Risk

IntelligenceThreat Intel, EP

Telemetry etc.

Vision for SonicWall Capture ClientDelivering Endpoint Visibility & Control in a unified client

23

SonicOS Platforms

NSa, NSv, NSsp, WiFi

CAPTURE ATP CLOUD APP SECURITY MANAGEMENT, REPORTING & ANALYTICS

WiFi

Remote Access

Integrating with Capture ATP

Malware attack on

endpoint protected

by Capture Client

On-Write, Malware

is detected as

“Suspicious” by

Static AI engine &

virtually quarantined

Malware Hash Value

is queried against

Capture ATP

Database

If hash wasn’t seen

before, upload file to

Capture ATP

Based on conviction

from Capture ATP,

remediate threat

Attack Visualization –EDR-like Intelligence

• See entire storyline of threat execution with event statistics, files, processes, registry keys and actions with detailed indicator intelligence

• Advanced detailed visualization for SOCs/threat hunters with per process/file detailed analysis

• Only with Advanced Offering

• Shipping early in 1.0.16!

• Screenshot(s)

25

Protect Windows Servers

• Introducing official support for Windows Servers 2012 and upwards

• Use exclusions & blacklists to minimize impact and reduce attacks surface

• Leverage policies to manage update (auto/managed)

26

• Screenshot(s)

SonicWall Solution

Key Benefits

• Stop ransomware before it reaches your inbox

• Prevent email fraud and phishing attacks

• Secure On-Prem Exchange, O365 & Gmail

• Enable email DLP & compliance

• Easy management and reportingWinner: Web, Email

Security

Winner: Email Security

A multi-layered solution that protects against

advanced email threats

Advanced URL Protection - New In Email Security 9.2

• Feature: Real-time dynamic scanning of embedded URLs by Capture ATP

• Benefit: Block and quarantine messages with malicious URLs before they reach the inbox, so users never click on them and become compromised

What’s new in SMA - Always On VPN

29

Available in both SMA OS 12.2 and 9.0

Benefits:

• Gain traffic visibility

• Enforce security and

compliance

• Deliver “In-office” experience

New in Q4: SonicWall Risk Meters