SonicWALL TZ Series
Unified Threat Management Firewall
FIR E WALL
n Unified
Threat
Management
n SonicWALL
Reassembly-
Free Deep Packet
Inspection
nApplication intelligence and control
n Uncompromising
performance
n SonicWALL
Comprehensive Anti-Spam Service
n Modular
3G wireless
broadband and analog modem
n Secure
802.11b/g/n
Wireless LAN
n WAN
Acceleration
n Advanced
SSL VPN
IPSec and
n SonicWALL
PortShield
n Automated
failover and failback and multi-WAN
n Robust
over IP
Voice and Video n Intuitive
wizards
configuration n SonicWALL
Global Management System
Factors like Web 2.0 applications, streaming video, evolving threats and new threat delivery vectors
are overwhelming both the security and performance of traditional firewalls. The stateful packet
inspection firewalls installed over the years by many organizations are unable to detect malware
embedded in network traffic, nor are they able to identify and control applications being used on
the network.
By integrating gateway anti-virus, anti-spyware, intrusion prevention, content filtering, anti-spam
and application control, the SonicWALL® TZ Series of Unified Threat Management (UTM) Firewalls
shatters these limitations by offering high performance multi-layered network protection.
SonicWALL Application Intelligence and Control helps administrators control and manage both
business and non-business related applications to enable network and user productivity. Utilizing
SonicWALL’s patented Reassembly- Free Deep Packet Inspection® (RFDPI) technology,* the TZ Series
delivers in-depth protection at unparalleled performance. The TZ Series also provides secure IPSec
and SSL VPN remote access, VoIP, and 802.11b/g/n wireless, and 3G wireless multi-WAN connectivity.
Designed for the needs of small businesses, branch offices, distributed enterprise sites, retailers and
managed service providers, the TZ Series supports the highest speeds available from modern ISPs
while delivering full UTM protection. Each TZ appliance is available as a SonicWALL TotalSecure™
solution, conveniently bundling all hardware and services needed for comprehensive protection.
Features and Benefits
Unified Threat Management (UTM) delivers
real-time gateway protection against the latest viruses,
spyware, intrusions, software vulnerabilities and other
malicious code.
SonicWALL Reassembly-Free Deep Packet
Inspection provides enterprise-class protection for
any protocol including web traffic, email, compressed
file transfers, IM and P2P.
Application intelligence and control provides
granular control and real-time visualization of
applications to guarantee bandwidth prioritization and
ensure maximum network security and productivity.**
Uncompromising performance even while
providing comprehensive packet level inspection of
both inbound and outbound traffic for any file size,
while adding near zero latency.
SonicWALL Comprehensive Anti-Spam Service
utilizes real-time sender IP reputation analysis and
cloud-based Advanced Content Management
techniques to remove spam, phishing and virus-laden
messages from inbound SMTP-based emails before
they reach your network.
Modular 3G wireless broadband and analog
modem support can be used as either a primary or
secondary WAN connection for business continuity
or rapid deployment in remote locations.
Secure 802.11b/g/n Wireless LAN (WLAN)
technologies provide secure high-speed wireless
connectivity with SonicWALL’s wireless security
enforcement for multiple virtual SSIDs.
* U.S. Patents 7,310,815; 7,600,257; 7,738,380; 7,835,361
** Available as an option only on the TZ 210 Series
WAN Acceleration decreases latency and increases
transfer speeds between remote sites for even higher
network efficiency gains. (SonicWALL WXA Series required)
Advanced IPSec and SSL VPN connectivity
options provide secure, high-speed office-to-office
and individual user remote access including full networklevel access for Apple® iOS or Google® Android™ devices.
SonicWALL PortShield port-level security offers
flexible protection for traffic on the WAN, DMZ and
devices inside your network by easily grouping ports
into logical units.
Automated failover and failback and multiWAN capabilities ensure continuous uptime for WAN
connections including VPN tunnels by diverting traffic
over alternate 3G WWAN or Ethernet WAN connections
in the event of primary connection failure.
Robust Voice and Video over IP (VoIP) capabilities
offer secure, standards-based support for sending
voice (audio), streaming video and other media over
IP-based networks.
Intuitive configuration wizards simplify even the
most complicated tasks, including VPN set-up, NAT
configuration and public server configuration.
SonicWALL Global Management System (GMS®)
provides comprehensive global management
and reporting tools for simplified configuration,
enforcement and management from a central location.
SonicWALL TZ Series - Wired and Wireless Security for Mission-critical Networks
Network security and control is accomplished through a robust and flexible platform
Emerging
Blended Threats
Viruses
Eliminated Threats &
Non-business Traffic
1
Clean VPN
Content Filtering
Application Intelligence
Traffic
IN
Anti-Spyware
3
Firewall
Automatic Threat
Database Updates
Intrusion Prevention
SonicWALL Real-time
Unified Threat
Management
Gateway Anti-Virus
SonicWALL Deep Packet Inspection Architecture
Clean Traffic
Traffic
OUT
Forwarding
Engine
Network
I/O Engine
Routing
L7
L3
PROT
Exploits
L2
Bandwidth
Management
L4
Spyware
Bandwidth
Management
Defrag
Stateful Classification and Transformation
Normal
Flow Order
Presentation
2
SonicWALL’s
Update Engine
TZ Series is the
ultimate security
platform for
distributed
and small
networks,
including remote
and branch
offices and
retail/POS
deployments
Best-in-Class Threat Protection
1 SonicWALL deep packet inspection protects against
network risks such as viruses, worms, Trojans, spyware,
phishing attacks, emerging threats and Internet misuse.
Application Intelligence and Control adds highlyconfigurable controls to prevent data leakage and
manage bandwidth at the application level and
real-time application visualization.
packets in real-time without stalling traffic in memory.
This functionality allows threats to be identified and
eliminated over unlimited file sizes and unrestricted
concurrent connections, without interruption.
3 The TZ Series provides dynamic network protection
through continuous, automated security updates,
protecting against emerging and evolving threats
without requiring any administrator intervention.
2 The SonicWALL Reassembly-Free Deep Packet
Inspection engine comprehensively scans entire
SonicWALL Clean VPN™
Suppliers
The TZ Series includes innovative Clean VPN™ that
secures the integrity of VPN access for remote devices
including iOS and Android devices by establishing
trust for remote users and these endpoint devices
and applying anti-malware security services,
intrusion prevention and application intelligence
and control to eliminate the transport of malicious
threats into the corporate network.
Eliminated
Threats
Internet
Clean Traffic
Next-Generation
Firewall Engine
Telecommuters
Internal
Network
Mobile Users
Advanced
Content
Management
Advanced
Reputation
Management
Comprehensive Anti-Spam Service
Dropped
Email
Server
TZ Series Appliance
SonicWALL Comprehensive Anti-Spam Service (CASS)
Centralized Policy Management
offers small- to medium-sized businesses comprehensive protection
from spam and viruses, with instant deployment over existing
SonicWALL firewalls. CASS speeds deployment, eases administration
and reduces overhead by consolidating solutions, providing
one-click anti-spam services, with advanced configuration in just ten
minutes. CASS features complete inbound anti-spam, anti-phishing,
anti-malware, GRID Network IP Reputation, Advanced Content
Management, Denial of Service prevention, full quarantine and
customizable per-user junk summaries. Outperforming RBL filtering,
CASS offers >98% effectiveness against spam, dropping >80% of spam
at the gateway, and advanced anti-spam techniques like Adversarial
Bayesian™ filtering on remaining email.
The TZ Series can be managed using the
SonicWALL Global Management System, which
provides flexible, powerful and intuitive tools to
manage configurations, view real-time monitoring
metrics and integrate policy and compliance
reporting and application traffic analytics, all from
a central location.
Home Office
Deployments
Home Office/Small Office
Designed as a complete Unified Threat Management (UTM) platform
delivering business-class protection to home office networks, the
TZ Series features PortShield technology, which provides secure
segmentation of the home network from “work” equipment.
TZ Series
Technologies utilized:
n Unified Threat Management (Gateway Anti-Virus, Anti-Spyware,
Intrusion Prevention, Application Intelligence and Control, Anti-Spam,
Content Filtering, and Enforced Client Anti-Virus and Anti-Spyware)
Home Office/Small Office LAN
nPortShield
n SSL
VPN and IPSec VPN
n Optional
Comprehensive Gateway Security Suite includes
gateway anti-virus, anti-spyware, intrusion
prevention, application intelligence and control,
content filtering and 24x7 support.
802.11n Clean Wireless
ail/Small TZ
Office
100
TZ 200
Home/Family LAN
TZ 210
Small Office/Retail
The TZ Series is a high-performance security platform
for small professional offices and retail deployments
with mission-critical needs. The TZ 200 and TZ 210
Series feature 3G connectivity through an integrated
USB slot for use as either the primary or backup WAN
connection.
Site-to-Site
VPN
Corporate
3G/Analog Failover
Global
Management
System
Technologies utilized:
n Unified Threat Management (Gateway Anti-Virus,
Anti-Spyware, Intrusion Prevention, Application
Intelligence and Control, Anti-Spam, Content
Filtering, and Enforced Client Anti-Virus and AntiSpyware)
Secure Wireless Zone
Office LAN
Point-of-Sale Systems
Comprehensive Gateway Security Suite includes
gateway anti-virus, anti-spyware, intrusion
prevention, application intelligence and control,
content filtering and 24x7 support.
Secure wireless zone
with ReassemblyFree Deep Packet
Inspection scanning.
n 3G
failover
n WAN
Clean VPN to
encrypt and
decontaminate
traffic.
and VPN failover
nPortShield
Remote Branch Office
n 802.11n
Clean Wireless
n Global
Management System
n Virtual
Access Points (VAPs)
TZ 100
Remote/Branch Office
The TZ 200 and TZ 210 Series are the fastest multilayered network security solutions in their class, giving
remote and branch offices unparalleled Unified Threat
Management protection against continually evolving
threats. PortShield offers network segmentation, while
Application Intelligence Service on the TZ 210 provides
application classification and policy management to
control applications. Get security and segmentation,
along with performance and reliability.
Technologies utilized:
n Unified Threat Management (Gateway Anti-Virus,
Anti-Spyware, Intrusion Prevention, Application
Intelligence and Control, Anti-Spam, Content
Filtering, and Enforced Client Anti-Virus and
Anti-Spyware)
n Comprehensive
n SSL
Anti-Spam Service
VPN and IPSec VPN
n 802.11n
Clean Wireless
n Optional
n Global
hardware failover
Management System
TZ 100
TZ 200
Clean VPN to
encrypt and
decontaminate
traffic.
TZ 210
TZ 200
TZ 210
Site-to-Site
VPN
3G/Analog Failover
Corporate
Global
Management
System
Secure Wireless Zone
Sales Network
Comprehensive Gateway Security Suite includes
gateway anti-virus, anti-spyware, intrusion
prevention, application intelligence and control,
content filtering and 24x7 support.
Protected Server Network
Secure wireless zone
with ReassemblyFree Deep Packet
Inspection scanning.
Clean VPN to
encrypt and
decontaminate
traffic.
Specifications
SonicWALL TZ 100 01-SSC-8734
SonicWALL TZ 100 Wireless-N 01-SSC-8736
(International)
SonicWALL TZ 100 TotalSecure* 01-SSC-8739
SonicWALL TZ 100 Wireless-N
TotalSecure* 01-SSC-8728 (International)
SonicWALL TZ 200 01-SSC-8741
SonicWALL TZ 200 Wireless-N
01-SSC-8743 (International)
SonicWALL TZ 200 TotalSecure* 01-SSC-8746
SonicWALL TZ 200 Wireless-N
TotalSecure* 01-SSC-8729 (International)
SonicWALL TZ 210 01-SSC-8753
SonicWALL TZ 210 Wireless-N
01-SSC-8755 (International)
SonicWALL TZ 210 TotalSecure* 01-SSC-8769
SonicWALL TZ 210 Wireless-N
TotalSecure* 01-SSC-8782 (International)
*Includes one-year of Gateway Anti-Virus,
Anti-Spyware, Intrusion Prevention,
Application Intelligence (TZ 210 Series)
Service, Content Filtering Service and
Dynamic Support 24x7.
Firewall
TZ 100 Series
TZ 200 Series TZ 210 Series
SonicOS Version
SonicOS 5.6 and later
1
Stateful Throughput 100 Mbps
100 Mbps
200 Mbps
GAV Throughput 2
35 Mbps
50 Mbps
70 Mbps
IPS Throughput 2
50 Mbps
70 Mbps
110 Mbps
2
UTM Throughput 25 Mbps
35 Mbps
50 Mbps
IMIX Throughput 2
40 Mbps
50 Mbps
110 Mbps
Maximum Connections 3
6,000 12,00030,000
Maximum UTM Connections
6,000 12,00020,000
New Connections/Sec
1,000 1,0001,500
Nodes Supported
Unrestricted
Denial of Service Attack Protection
22 classes of DoS, DDoS and scanning attacks
SonicPoints Supported
1 216
VPN
3DES/AES Throughput 4
75 Mbps
Site-to-Site VPN Tunnels
5 1015
Bundled GVC Licenses
0 (5)
2 (10)
2 (25)
(Maximum)
Bundled SSL VPN Licenses (Maximum)
1 (5)
1 (10)
2 (10)
Encryption/Authentication/DH Group
DES, 3DES, AES (128, 142, 256-bit), MD5, SHA-1/DH Group 1, 2, 5, 14
Virtual Assist Bundled (Maximum)
—
30-day trial (1)
30-day trial (2)
Key Exchange IKE, Manual Key, Certificates (X.509), L2TP over IPSec
Certificate Support
Verisign, Thawte, Cybertrust, RSA Keon, Entrust and Microsoft CA for SonicWALL-to-SonicWALL VPN, SCEP
VPN Features
Dead Peer Detection, DHCP Over VPN, IPSec NAT Traversal, Redundant VPN Gateway, Route-based VPN
Global VPN Client Platforms Supported
Microsoft® Windows 2000, Windows XP, Vista 32/64-bit, Windows 7 32/64-bit
SSL VPN Platforms
Microsoft Windows 2000/XP/Vista 32/64-bit/Windows 7, Mac OSX 10.4+, Linux FC3+/Ubuntu 7+/OpenSUSE
Mobile Connect Platform Supported
iOS 4.2 and higher, Android™ 4.0 and higher
Security Services
Deep Packet Inspection Services
Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention
Content Filtering Service (CFS)
HTTP URL, HTTPS IP, keyword and content scanning, ActiveX, Java Applet, and cookie blocking,
bandwidth management on filtering categories, allow/forbid lists
Gateway-enforced Client Anti-Virus and Anti-Spyware
McAfee® or Kaspersky® Comprehensive Anti-Spam Service 8
Supported
Application Intelligence and Control
—
—Supported
Networking IP Address Assignment Static, (DHCP, PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP relay
NAT Modes
1:1, 1:many, many:1, many:many, flexible NAT (overlapping IPs), PAT, transparent mode
VLANS
5, PortShield
10, PortShield
10, PortShield
DHCP
Internal server, relay
Routing
RIPv1/v2 advertisement, OSPF, RIP v1/v2, static routes, static routes
policy-based routing, multicast
Authentication
XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database
Local User Database
25 users
100 users
150 users
VoIP
Full H.323v1-5, SIP, gatekeeper support, outbound bandwidth management, VoIP over WLAN,
deep inspection security, full interoperability with most VoIP gateway and communications devices
System
Zone Security
Schedules
Object-based/Group-based Management
DDNS
Management and Monitoring
Logging and Reporting
Hardware Failover
Anti-Spam
Load Balancing
Standards
WAN Acceleration Support10
Yes YesYes
YesYes
Yes
YesYes
Yes
Dynamic DNS providers include: dyndns.org, yi.org, no-ip.com and changeip.com
Local CLI, Web GUI (HTTP, HTTPS), SNMP v2; Global management with SonicWALL GMS
Analyzer, Scrutinizer, GMS, Local Log, Syslog, Solera Networks, NetFlow v5/v9, IPFIX with Extensions, Real-time Visualization9
–
Active/PassiveActive/Passive
RBL support, Allowed/Blocked Lists, Optional SonicWALL Comprehensive Anti-Spam Service8
Yes, Outgoing and Incoming6
TCP/IP, UDP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3
Yes Built-in Wireless LAN
Standards
802.11b/g/n (WEP, WPA, WPA2, 802.11i, TKIP, PSK,02.1x, EAP-PEAP, EAP-TTLS)
Virtual Access Points (VAPs)5
Up to 8 for all appliances
Antennas (5 dBi Diversity)
Dual, detachable, external
Triple, detachable, external
Radio Power
802.11b
18 dBm maximum
802.11g
18 dBM @ 6~48 Mbps
14 dBm @ 54 Mbps
802.11n
19 dBm MCS 0, 12 dBm MCS 15
Radio Receive Sensitivity
802.11b
-90 dBm @ 11Mbps
802.11g
-91 dBm @ 6Mbps, -74 dBm @ 54 Mbps
802.11n
-89 dBm MCS 0, -70 dBm MCS 15
Hardware Certifications
Interfaces
(5) 10/100
(5) 10/100
(2) 10/100/1000, (5) 10/100
Flash Memory/RAM
16 MB/128 MB
16 MB/256 MB
32 MB/256 MB
7
3G Wireless/Modem –
Supported with approved adaptors Supported with approved adaptors
USB Ports
–12
Power Input
100 to 240 VAC, 50-60 Hz, 1 A
Max Power Consumption
7.5 W/9.5 W (TZ 100 W)
8.6 W/10.6 W (TZ 200 W)
9.4 W/11.7 W (TZ 210 W)
Total Heat Dissipation
26 BTU/33 BTU (TZ 100 W)
30 BTU/37 BTU (TZ 200 W)
32 BTU/40 BTU (TZ 210 W)
Certifications
Common Criteria EAL4+, VPNC, FIPS 140-2, ICSA Firewall 4.1
Form Factor and Dimensions
6.30 x 5.63 x 1.46 in
6.30 x 5.63 x 1.46 in
8.9 x 5.9 x 1.9 in
(16 x 14.3 x 3.7 cm)
(16 x 14.3 x 3.7 cm)
(22.5 x 14.9 x 3.6 cm)
Weight
2.0 lbs/0.91 kg
2.0 lbs/0.91 kg
2.0 lbs/0.91 kg
2.5 lbs/1.1 kg (TZ 100 W)
2.5 lbs/1.1 kg (TZ 200 W)
2.8 lbs/1.3 kg (TZ 210 W)
Major Regulatory Compliance
FCC Class B, ICES Class B, CE, C-Tick, VCCI Class B, MIC, NOM, UL, cUL, TUV/GS, CB, WEEE, RoHS
Environment/Humidity
32-105° F, 0-40° C/ 5-95% non-condensing
MTBF
8 Years Minimum
Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services. 2 UTM/Gateway AV/Anti-Spyware/IPS throughput
measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs. 3 Actual maximum connection counts are lower when UTM
services are enabled. 4 VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544. 5 Supported on the Internal Radio for the TZ 100 W, TZ 200 W and TZ 210 W only. 6 With SonicOS Enhanced.
7
3G card and modem are not included. See http://www.sonicwall.com/us/products/cardsupport.html for supported USB devices. 8 The Comprehensive Anti-Spam Service supports an unrestricted number of users but is
recommended for 250 users or less. 9 TZ 100/200 not supported. 10 With SonicWALL WXA Series Appliances.
1
SonicWALL’s line-up of dynamic security solutions
SonicWALL, Inc.
2001 Logic Drive, San Jose, CA 95124
T +1 408.745.9600 F +1 408.745.9300
www.sonicwall.com
NETWORK
SECURITY
SECURE
REMOTE ACCESS
WEB AND E-MAIL
SECURITY
BACKUP
AND RECOVERY
POLICY AND
MANAGEMENT
© 2012 SonicWALL, Inc. All rights reserved. SonicWALL® is a registered trademark of SonicWALL, Inc. and all other SonicWALL product and service names and slogans are trademarks or registered trademarks of SonicWALL, Inc. Other product and company
names mentioned herein may be trademarks and/or registered trademarks of their respective owners. 02/12 SW 1571