SonicWALL 2.5 User Manual
S
ONIC
WALL S
ONIC
OS E
NHANCED
2.5 A
DMINISTRATOR
’
S
G
UIDE
253
Security Services > Intrusion Prevention
C
H A P T E R
41
Chapter 41:
Activating Intrusion Prevention
Service
Security Services > Intrusion Prevention
SonicWALL Intrusion Prevention Service (SonicWALL IPS) delivers a configurable, high performance
Deep Packet Inspection engine for extended protection of key network services such as Web, e-mail,
file transfer, Windows services and DNS. SonicWALL IPS is designed to protect against application
vulnerabilities as well as worms, Trojans, and peer-to-peer, spyware and backdoor exploits. The
extensible signature language used in SonicWALL’s Deep Packet Inspection engine also provides
proactive defense against newly discovered application and protocol vulnerabilities. SonicWALL IPS
offloads the costly and time-consuming burden of maintaining and updating signatures for new hacker
attacks through SonicWALL’s industry-leading Distributed Enforcement Architecture (DEA). Signature
granularity allows SonicWALL IPS to detect and prevent attacks based on a global, attack group, or
per-signature basis to provide maximum flexibility and control false positives.
Deep Packet Inspection engine for extended protection of key network services such as Web, e-mail,
file transfer, Windows services and DNS. SonicWALL IPS is designed to protect against application
vulnerabilities as well as worms, Trojans, and peer-to-peer, spyware and backdoor exploits. The
extensible signature language used in SonicWALL’s Deep Packet Inspection engine also provides
proactive defense against newly discovered application and protocol vulnerabilities. SonicWALL IPS
offloads the costly and time-consuming burden of maintaining and updating signatures for new hacker
attacks through SonicWALL’s industry-leading Distributed Enforcement Architecture (DEA). Signature
granularity allows SonicWALL IPS to detect and prevent attacks based on a global, attack group, or
per-signature basis to provide maximum flexibility and control false positives.
Note: SonicWALL Intrusion Prevention Service is available for the SonicWALL TZ 170 and PRO
Series (PRO 2040, PRO 3060, PRO 4060, and PRO 5060) SonicWALL Internet Security Appliances
running SonicOS Standard or Enhanced 2.2 (or higher).
Series (PRO 2040, PRO 3060, PRO 4060, and PRO 5060) SonicWALL Internet Security Appliances
running SonicOS Standard or Enhanced 2.2 (or higher).
SonicWALL IPS Features
• High Performance Deep Packet Inspection Technology - SonicWALL’s Intrusion Prevention
Service features a configurable, high-performance Deep Packet Inspection engine that uses
parallel searching algorithms on incoming packets through the application layer to deliver
increased attack prevention capabilities over those supplied by traditional stateful packet
inspection firewall. By performing all of the matching on packets, SonicWALL IPS eliminates the
overhead of having to reassemble the data stream. Parallel processing reduces the impact on the
processor and maximizes available memory for exceptional performance on SonicWALL
appliances.
parallel searching algorithms on incoming packets through the application layer to deliver
increased attack prevention capabilities over those supplied by traditional stateful packet
inspection firewall. By performing all of the matching on packets, SonicWALL IPS eliminates the
overhead of having to reassemble the data stream. Parallel processing reduces the impact on the
processor and maximizes available memory for exceptional performance on SonicWALL
appliances.
• Inter-Zone Intrusion Prevention - SonicWALL IPS provides an additional layer of protection
against malicious threats by allowing administrator’s to enforce intrusion prevention not only
between each network zone and the Internet, but also between internal network zones. This is
performed by enabling intrusion prevention on inbound and outbound traffic between trusted
zones (SonicOS Enhanced).
between each network zone and the Internet, but also between internal network zones. This is
performed by enabling intrusion prevention on inbound and outbound traffic between trusted
zones (SonicOS Enhanced).
• Extensive Signature Database - SonicWALL IPS utilizes an extensive database of over 1,700
attack and vulnerability signatures written to detect and prevent intrusions, worms, application
exploits, as well as peer-to-peer and instant messaging traffic. The SonicWALL Deep Packet
exploits, as well as peer-to-peer and instant messaging traffic. The SonicWALL Deep Packet