1. SonicWALL Security

Best Practices for Combining Dell Networking with
Dell SonicWALL Security Solutions
Mark Stuart
SE, Dell SonicWALL
Greg Fraser
SE, Dell Networks
Notices & Disclaimers
These features are representative of feature areas under
development. Nothing in this presentation constitutes a
commitment that these features will be available in future products.
Feature commitments must not be included in contracts, purchase
orders, sales agreements of any kind. Technical feasibility and market
demand will affect final delivery.
THIS PRESENTATION REQUIRES A DELL NDA AND MAY NOT BE
PROVIDED ELECTRONICALLY OR AS HARDCOPY TO CUSTOMERS
OR PARTNERS.
2
Agenda
• Introducing Dell Networking and Dell SonicWALL
• 10Gbe and beyond
• Building a Network for BYOD
3
• Dell Networking is the #3 Ethernet supplier worldwide*
• Dell ranks #2 inDell
40 GbE
switch revenue
Introducing
Networking
• Dell #3 in 10GbE switch revenue
2002
Dell first 1
gigabit
ethernet
switch
2004
Dell launches
first stackable
family of
switches
2007
Dell launches 1st L3
stackable switch
SonicWALL SSL VPN
Visioniary, 1m units
2001 2002 2003 2004
2008
Dell adds PoE
ethernet and
fiber stackable
switches
2011
Dell launches 40 GbE
distributed core fabric
SonicWALL
SuperMassive E10000
Series announced
2005 2006 2007 2008 2009
2010
2011
2013
first 1RU Modular
LAN/SAN switch
Best of InterOp Finalist
2012
2013
Active
Fabric
2001
Dell enters
the switching
market
2005
SonicWALL
UTM leader in
FW unit share
2006
Dell launches
layer 3 routing
switches
Source: Q12013 Dell’Oro, Revenue market share
2009
Dell launches
10 GbE data
center switch
2010
Dell (F10) launches open
automation framework
SNWL Gartner UTM Ldr,
SSL VPN Visionary
2012
Dell delivers first 40Gb
blade for server chassis
SMWL joins Dell;
2 million appliances
Networking
Security
Introducing Dell SonicWALL
Founded in 1991, acquired in March 2012 by Dell for US$1.2 billion
Rated as leader by Gartner in UTM firewall solutions
Over 130 IP patents, including Re-assembly Free Deep Packet Inspection
Released their first “Next Generation”/UTM Firewall in 2004 (Gen 4)
Released their second generation based on Cavium technology in 2007
(Gen 5)
• Released their SuperMassive platform in 2010 with up to 96 CPU Cores per
appliance, with the ability to cluster up to 384 CPU cores
• In 2013 started rolling out their Gen 6 platform
•
•
•
•
•
5
Reference Architectures: Dell SonicWALL & Force10
Interoperability for High Availability Deployments
S55
S60
S4810
10Gbe and beyond for the Firewall
Why do I need 10Gbe on my firewall?
• 10Gbe solutions are dropping rapidly in price, as are optics
• 10Gbe allows us to consolidate cabling (10:1 ratio)
• The firewall is consolidating into the network to provide far more internal
visibility and functionality
SPI Firewall
Deep Packet Inspection
Firewall
CISCO ASA 5540 series
Adaptive Security Appliance
POWER
VPN Aggregator
STATUS
ACTIVE
VPN
FLASH
Intrusion Prevention
Web Filtering
AntiMalware
VPN Aggregation
Application Management
Bandwidth management
User Identity
1GbE
Web Filter
SYSTEM
VPN 3005
Core Switch
WS-X4624-SFP-E
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
STATUS
1GbE
ACT
LINK
100Mbps
ACT
100Mbps
ACT
LINK
100Mbps
ACT
OK
50/60 Hz
IDS 4215
LINK
100-240V ~ 1.5/0.75a
10GbE
50/60 Hz
IDS 4215
100Mbps
100-240V ~ 1.5/0.75a
IDS Appliances
AC1
LINK
STACK ID
10/100 ETHERNET 0
10/100 ETHERNET 1
USB
CONSOLE
10/100 ETHERNET 0
10/100 ETHERNET 1
USB
S50N-01-GE-48T-V
ALARM
XFP27
XFP26
XFP28
Console
Speed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Speed
25
26
27
28
29
30
31
32
33
34
35
36
1GbE
MODE
STAT
DUPLX
SPEED
STACK
SYST
ACTV
XPS
S-PWR
AC1
12X13X
24X25X
36X37X
STAT
DUPLX
SPEED
STACK
SYST
ACTV
XPS
S-PWR
Catalyst 3850 48
39
40
41
42
43
44
45
46
47 LNK/ACT
48
LNK
LNK
LNK
ACT
ACT
ACT
ACT
45
46
47
48
STACK ID
S50N-01-GE-48T-V
ALARM
LNK
LNK
LNK
LNK
ACT
ACT
ACT
ACT
AC2
XFP25
XFP27
XFP26
XFP28
CONSOLE
48X
Console
01X
7
37
38
10GbE
OK
Catalyst 3850 48
CONSOLE
MODE
01X
LNK
AC2
XFP25
CONSOLE
12X13X
24X25X
36X37X
48X
Speed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Speed
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47 LNK/ACT
48
45
46
47
48
Take advantage of the Power of Ten
Increase bandwidth 10x for your applications
MXL blades
S4810/20T
Reduce capital
expenses by up to 30%
in chassis deployments
simplifying cabling &
management in a blade
infrastructure
FTOS-powered 10Gb
top of rack switches
deliver integrated
support for SDN,
virtualization,
automation & storage
networks
S5000
Dell’s first fully modular
1RU switch for
LAN/SAN convergence
delivering 10Gb
Ethernet and 8Gb Fibre
Channel in a flexible
pay-as-you-grow
design
S6000
High performance &
high density 10/40Gb
switch to support
today’s virtualized &
cloud data centers
Take advantage of the Power of Ten
Increase bandwidth 10x for your applications
NSA 2600
NSA 3600, 4600
& 5600, 6600
8 x 1GbE Copper
Expansion slot for
additional ports*
Up to 700Mbps IPS
throughput
2 or 4 x 10GbE SFP+
4 or 8 x 1GbE SFP
4 or 8 x 1Gbe Copper
Up to 4.5Gbps IPS
throughput
SuperMassive
9000 Series
4 x 10GbE SFP+,
8 x 1GbE SFP, and
8 x 1GbE copper
Up to 9.7Gbps IPS
throughput
SuperMassive
10000 Series
6 x 10GbE SFP+ and
16 x 1 GbE SFP
Up to 30Gbps IPS
throughput
Benefits of Consolidation and 10Gbe
 Reduction of points in failure, and easier to build redundancy
 Lowers CAPEX costs
 Lowest OPEX costs in training, support and maintenance
 Extension of features within the network (e.g. user identity)
Consolidated reporting
 Cabling simplification
 Less devices across the wire, lower latency better performance
10
40Gbe and beyond
80+ Gbps full mesh active/active DPI cluster
(IPS, Malware/Threat Prevention, Application Management)
11
40Gbe and beyond
Spine & Leaf Architecture
•
40 GbE Interconnect
•
All paths Active
•
VLT
12
Dell Force10 Z9000
Dell Force10 S4810
•
Fully-featured FTOSpowered top-of-rack
switch
•
48 x 1/10G
•
4 x 40G fabric uplinks (or
16 x 10G)
•
2.5Tbps in 2RU footprint
•
High-density networking
– 32 line rate 40GbE
or
– 128 line rate 10GbE
•
Low power consumption
– 800 Watts Max
(6.25W per 10GbE)
– 600 Watts Typical
(4.68W per 10GbE)
Building a Network for BYOD : Goals
 Segregate corporate data from BYOD devices
 Inspect traffic from BYOD networks for threats (Intrusions, Virus’s, Malware)
 Identify users
 Classify application traffic and apply corporate policy (e.g. DropBox)
 Restrict access by user identity
 Provide full visibility and reporting of network use
13
Building a Network for BYOD : Components
Clients Authenticate via RADIUS
Authentication with network
username and password
(802.1x / WPA2-EAP)
Internet Access Granted By User
Web Filters Applied By User
Application Policies Appled By User
Traffic Allocated By User
Dell Wireless Controller
Forwards User ID/IP to Dell SonicWALL
Network Security Appliance
Internal Access Granted By User
Intrusion and Threat Prevention
Applied to all traffic
User Group Membership
Query to Directory Services
Internal Resources
14
Directory Services
RADIUS Authentication
Server
Building a Network for BYOD : Outcomes
Internal Resources
15
Building a Network for BYOD : Take it too the next level
POLICY MANAGER, BYOD, GUEST and NAC solution
combining ease of use with vertical integration
• ClearPass v6.0 integrated
solution – scales across business
feature need and size
Policy Manager
Includes Profile for
Device identification,
categorization
16
• Solution for BYOD and
associated policy management
along with WLAN
• Transition installed base to new
ClearPass after v6.1 is available
(Plan in development)
Q&A
17
17
Notices & Disclaimers
Copyright © 2013 by Dell, Inc.
No part of this document may be reproduced or transmitted in any form without the written permission from Dell, Inc.
This document could include technical inaccuracies or typographical errors. Dell may make improvements or changes in the product(s) or
program(s) described herein at any time without notice. Any statements regarding Dell’s future direction and intent are subject to change or
withdrawal without notice, and represent goals and objectives only.
References in this document to Dell products, programs, or services does not imply that Dell intends to make such products, programs or
services available in all countries in which Dell operates or does business. Any reference to an Dell Program Product in this document is not
intended to state or imply that only that program product may be used. Any functionality equivalent program, that does not infringe Dell’s
intellectual property rights, may be used.
The information provided in this document is distributed “AS IS” without any warranty, either expressed or implied. Dell EXPRESSLY DISCLAIMS
any warranties of merchantability, fitness for a particular purpose OR INFRINGEMENT. Dell shall have no responsibility to update this
information.
The provision of the information contained herein is not intended to, and does not, grant any right or license under any Dell patents or
copyrights.
Dell, Inc.
300 Innovative Way
Nashua, NH 03063 USA
18