SonicWALL 5.8.1 Manuale Utente
Introduction
36
SonicOS 5.8.1 Administrator Guide
•
Wire/Tap Mode - Wire Mode is a deployment option where the SonicWALL appliance can
be deployed as a "Bump in the Wire." It provides a least-intrusive way to deploy the
appliance in a network. Wire Mode is very well suited for deploying behind a pre-existing
Stateful Packet Inspection (SPI) Firewall.
be deployed as a "Bump in the Wire." It provides a least-intrusive way to deploy the
appliance in a network. Wire Mode is very well suited for deploying behind a pre-existing
Stateful Packet Inspection (SPI) Firewall.
Wire Mode is a simplified form of Layer 2 Bridge Mode. A Wire Mode interface does not
take any IP address and it is typically configured as a bridge between a pair of interfaces.
None of the packets received on a Wire Mode interface are destined to the firewall, but are
only bridged to the other interface.
take any IP address and it is typically configured as a bridge between a pair of interfaces.
None of the packets received on a Wire Mode interface are destined to the firewall, but are
only bridged to the other interface.
Wire Mode operates in any one these 4 different modes:
–
Bypass Mode - Bypass Mode can be configured between a pair of interfaces. All traffic
received is bridged to the paired interface. There is no SPI or Deep Packet Inspection
(DPI) processing of traffic in this mode. There is no Application Visibility or Control in
Bypass Mode.
received is bridged to the paired interface. There is no SPI or Deep Packet Inspection
(DPI) processing of traffic in this mode. There is no Application Visibility or Control in
Bypass Mode.
–
Inspect Mode - Inspect Mode can be configured between a pair of interfaces. All traffic
received is bridged to the paired interface; in addition, the firewall does SPI and DPI
processing of traffic. There is full Application Visibility, but no Application Control in
Inspect Mode.
received is bridged to the paired interface; in addition, the firewall does SPI and DPI
processing of traffic. There is full Application Visibility, but no Application Control in
Inspect Mode.
–
Secure Mode - Secure Mode can be configured between a pair of interfaces. All traffic
received is fully processed by the firewall. There is full Application Visibility and Control
in Secure Mode.
received is fully processed by the firewall. There is full Application Visibility and Control
in Secure Mode.
–
Tap Mode - Tap Mode can be configured for a single interface. All traffic received is
never sent out of the firewall, but the firewall performs full SPI and DPI processing.
There is full Application Visibility, but no Application Control in Tap Mode. Typically, a
mirror port is set up on the switch to mirror the network traffic to the firewall.
never sent out of the firewall, but the firewall performs full SPI and DPI processing.
There is full Application Visibility, but no Application Control in Tap Mode. Typically, a
mirror port is set up on the switch to mirror the network traffic to the firewall.
Wire Mode is supported on the following SonicWALL appliance models:
–
NSA E8500
–
NSA E7500
–
NSA E6500
–
NSA E5500
–
NSA 5000
–
NSA 4500
–
NSA 3500
Key Features in SonicOS Enhanced 5.8
SonicOS Enhanced 5.8 and higher releases include the following key features:
•
Real-Time Visualization Dashboard - With the new visualization dashboard monitoring
improvements, administrators are able to respond more quickly to network security
vulnerabilities and network bandwidth issues. Administrators can see what websites their
employees are accessing, what applications and services are being used in their networks
and to what extent, in order to police content transmitted in and out of their organizations.
improvements, administrators are able to respond more quickly to network security
vulnerabilities and network bandwidth issues. Administrators can see what websites their
employees are accessing, what applications and services are being used in their networks
and to what extent, in order to police content transmitted in and out of their organizations.
SonicWALL appliances running SonicOS 5.8.0.0 or higher and already licensed for GAV/
IPS/AS, Total Secure, or Comprehensive Gateway Security Suite (CGSS) will receive a
complimentary license for the Real-Time Visualization Dashboard (App Visualization). Note
that appliances running earlier versions of SonicOS and/or appliances not licensed for
GAV/IPS/AS, Total Secure, or CGSS will receive a 30-day free trial
IPS/AS, Total Secure, or Comprehensive Gateway Security Suite (CGSS) will receive a
complimentary license for the Real-Time Visualization Dashboard (App Visualization). Note
that appliances running earlier versions of SonicOS and/or appliances not licensed for
GAV/IPS/AS, Total Secure, or CGSS will receive a 30-day free trial