SonicWALL 5.8.1 Manuale Utente
Introduction
40
SonicOS 5.8.1 Administrator Guide
•
DHCP Scalability Enhancements - The DHCP server in SonicWALL appliances has been
enhanced to provide between 2 to 4 times the number of leases previously supported. To
enhance the security of the DHCP infrastructure, the SonicOS DHCP server now provides
server side conflict detection to ensure that no other device on the network is using the
assigned IP address. Conflict detection is performed asynchronously to avoid delays when
obtaining an address.
enhanced to provide between 2 to 4 times the number of leases previously supported. To
enhance the security of the DHCP infrastructure, the SonicOS DHCP server now provides
server side conflict detection to ensure that no other device on the network is using the
assigned IP address. Conflict detection is performed asynchronously to avoid delays when
obtaining an address.
•
SIP Application Layer Gateway Enhancements - SonicOS 5.8.0.0 provides SIP
operational and scalability enhancements. The SIP feature-set remains equivalent to
previous SonicOS releases, but provides drastically improved reliability and performance.
The SIP Settings section under the VoIP > Settings page is unchanged.
operational and scalability enhancements. The SIP feature-set remains equivalent to
previous SonicOS releases, but provides drastically improved reliability and performance.
The SIP Settings section under the VoIP > Settings page is unchanged.
SIP ALG support has existed within SonicOS firmware since very early versions on legacy
platforms. Changes to SIP ALG have been added over time to support optimized media
between phones, SIP Back-to-Back User Agent (B2BUA), additional equipment vendors,
and operation on a multi-core system.
platforms. Changes to SIP ALG have been added over time to support optimized media
between phones, SIP Back-to-Back User Agent (B2BUA), additional equipment vendors,
and operation on a multi-core system.
The SIP protocol is now in a position of business critical importance - protecting the voice
infrastructure, including VoIP. To accommodate the demands of this modern voice
infrastructure, SIP ALG enhancements include the following:
infrastructure, including VoIP. To accommodate the demands of this modern voice
infrastructure, SIP ALG enhancements include the following:
–
SIP Endpoint Information Database - The algorithm for maintaining the state
information for known endpoints is redesigned to use a database for improved
performance and scalability. Endpoint information is no longer tied to the user ID,
allowing multiple user IDs to be associated with a single endpoint. Endpoint database
access is flexible and efficient, with indexing by NAT policy as well as by endpoint IP
address and port.
information for known endpoints is redesigned to use a database for improved
performance and scalability. Endpoint information is no longer tied to the user ID,
allowing multiple user IDs to be associated with a single endpoint. Endpoint database
access is flexible and efficient, with indexing by NAT policy as well as by endpoint IP
address and port.
–
Automatically Added SIP Endpoints - User-configured endpoints are automatically
added to the database based on user-configured NAT policies, providing improved
performance and ensuring correct mappings, as these endpoints are pre-populated
rather than "learnt."
added to the database based on user-configured NAT policies, providing improved
performance and ensuring correct mappings, as these endpoints are pre-populated
rather than "learnt."
–
SIP Call Database - A call database for maintaining information about calls in progress
is implemented, providing improved performance and scalability to allow SonicOS to
handle a much greater number of simultaneous calls. Call database entries can be
associated with multiple calls.
is implemented, providing improved performance and scalability to allow SonicOS to
handle a much greater number of simultaneous calls. Call database entries can be
associated with multiple calls.
–
B2BUA Support Enhancements - SIP Back-to-Back User Agent support is more
efficient with various algorithm improvements.
efficient with various algorithm improvements.
–
Connection Cache Improvements - Much of the data previously held in the
connection cache is offloaded to either the endpoint database or the call database,
resulting in more efficient data access and corollary performance increase.
connection cache is offloaded to either the endpoint database or the call database,
resulting in more efficient data access and corollary performance increase.
–
Graceful Shutdown - Allows SIP Transformations to be disabled without requiring the
firewall to be restarted or waiting for existing SIP endpoint and call state information to
time out.
firewall to be restarted or waiting for existing SIP endpoint and call state information to
time out.
Key Features in SonicOS Enhanced 5.6
SonicOS Enhanced 5.6 and higher releases include the following key features:
•
Deep Packet Inspection of SSL encrypted data (DPI-SSL) - Provides the ability to
transparently decrypt HTTPS and other SSL-based traffic, scan it for threats and non-
threats using SonicWALL's Deep Packet Inspection technology, then re-encrypt (or
optionally SSL-offload) the traffic and send it to its destination if no threats or vulnerabilities
are found. This feature works for both client and server deployments. It provides additional
security, application control, and data leakage prevention functionality for analyzing
encrypted HTTPS and other SSL-based traffic. The following security services and
transparently decrypt HTTPS and other SSL-based traffic, scan it for threats and non-
threats using SonicWALL's Deep Packet Inspection technology, then re-encrypt (or
optionally SSL-offload) the traffic and send it to its destination if no threats or vulnerabilities
are found. This feature works for both client and server deployments. It provides additional
security, application control, and data leakage prevention functionality for analyzing
encrypted HTTPS and other SSL-based traffic. The following security services and