SonicWALL WXA – WAN Acceleration

Dennis Bergström, CISSPSonicWALL NordicTechnical Account Manager/SE

SonicWALL, Inc. Dynamic Security for the Global Network

2

SonicWALL, Inc. Dynamic Security for the Global Network

3

SonicWALL’s Legacy

4

Not only Next-Generation Firewalls – although they rock of course

SuperMassive™ E10000 Series

E-Class NSA Series

NSA Series

TZ Series

E10100 E10200 E10400 E10800

NSA E8500 NSA E7500 NSA E6500 NSA E5500

NSA 4500 NSA 3500 NSA 2400MX NSA 2400 NSA 240

TZ 210 Series TZ 200 Series TZ 100 Series

5

NSA E8510

Data centers, ISPs

Medium to largeorganizations

Branch offices andmedium sized organizations

Small and remote offices

Network Security

WAN Acceleration

Secure Remote Access

Email Security

Backup and Recovery

Policy & Management

SonicWALL Product Line-up

App Intell &Control

Virtual Access

Web App Firewall

Connect Mobile

Spike Access

Virtual Assist

Advanced Reporting

Native Access Modules

Spike Access

SSL VPNClient

Clean Wireless – SonicPoint-N Series

SonicWALL WXA Series

Copyright 2011 SonicWALL Inc. All Right Reserved7

WXA 5000WXA 2000WXA 4000

WXA 500 Live CD

What Does WAN Acceleration Do?

Improve Performance of Business Applications

Optimize Response Times for Critical Applications

Reduce Bandwidth Consumption

Reduce associated Bandwidth Costs

… Make the network appear faster!

Copyright 2011 SonicWALL Inc. All Right Reserved8

Have you ever…

…Collaborated with someone on a huge PowerPoint document with

• 10-15 revisions and passed the document back and forth?

• Did the collaboration over a slow internet connection?

…Accessed a large document on a shared site multiple times and downloaded the whole file every time?

Redundant data sent back and forth results in waiting, wasting bandwidth and productivity loss.

SonicWALL CONFIDENTIAL All Rights Reserved9

There is a need for WAN Acceleration

Copyright 2011 SonicWALL Inc. All Right Reserved10

Two front assault – the SonicWALL way

SonicWALL CONFIDENTIAL All Rights Reserved11

WAN Acceleration Step 1 – Shape!

Bandwidth manage and control applications

SonicWALL Application Intelligence, Control and Visualization

1550+ Applications (3600+ signatures)

Identify Applications

• Prioritize important traffic

• Block or restrict unimportant traffic

SonicWALL CONFIDENTIAL All Rights Reserved12

Goal:“Good Traffic” at the gateway with Application Intelligence & Control

Shape! – Choose your traffic

Unimportant AppsUnimportant AppsImportant AppsImportant Apps

13

Shape! - Application Intelligence

Unacceptable Apps

Acceptable Apps

Critical Apps

Malware Blocked

Application Chaos

Identify

Identify

Ingress

Reassembly-FreeDeep Packet Inspection

Categorize

Categorize ControlControl

Egress

Cloud-BasedExtra-FirewallIntelligence

Users/Groups Policy

Shape! – Get immediate insight for decisions

15

Shape! – Get your users to love you….

16

WAN Acceleration Step 2 – Accelerate!

Extremely Effective on:

Email, PowerPoint, Excel spreadsheets, Word docs, PDF

SharePoint, Collaboration sites

Files between 20Kb-20MB+

Small Localized Changes

Benefits:

Eliminate redundant traffic

Increase responsiveness

Improve user experience

SonicWALL CONFIDENTIAL All Rights Reserved17

How does it really work?Protocol Optimization

Reduce the chattiness of certain protocols like (WFS)

Optimizes protocols like Windows File Sharing (WFS), FTP, email

Makes an intelligent decision about the nature of the traffic to eliminate latency

Decreases round-trips and chattiness of certain protocols

SonicWALL CONFIDENTIAL All Rights Reserved18

With: WAN Acceleration

Before: WAN Acceleration

How does it really work?WFS Acceleration

Decrease the amount of data to be sent across the WAN =

Improves response times and transfer speeds when transfer files between remote locations.

File caching/de-duplication

Metadata caching (File directory information)

Active Directory Integration (The WXA becomes part of the domain)

SonicWALL CONFIDENTIAL All Rights Reserved19

How does it really work?Understanding Byte-Caching

SonicWALL CONFIDENTIAL All Rights Reserved20

Work.pptx8MB

VPN(1 Mbps)

8 MB / 1 Mbps = 62.5 Sec* 8 MB / 1 Mbps = 62.5 Sec

Total: 125 Sec = 2 Min, 5 Sec

Without Byte Caching: 1 MB Change, Transfer Everything

Work.pptx8MB

Work.pptx8MB

Work.pptx8MB

(1 Mbps = 1024 Kbps; 1024 Kbps / ( 8 Bits/Byte) = 128 Kbytes/Sec.; 8 MB = 8192 Kbytes; 8192/128 = 62.5 Sec.)

How does it really work?Understanding Byte-Caching

SonicWALL CONFIDENTIAL All Rights Reserved21

Work.pptx8MB

VPN(1 Mbps)

8 MB / 1 Mbps = 62.5 Sec

Work.pptx8MB

1 MB / 1 Mbps = 8 Sec

Total: 70.5 Sec = 1 min, 10.5 Sec50.5 Second Saving = 40% Savings

WITH Byte Caching: 1 MB Change, Transfer only the Change

(1 Mbps = 1024 Kbps; 1024 Kbps / ( 8 Bits/Byte) = 128 Kbytes/Sec.; 8 MB = 8192 Kbytes; 8192/128 = 62.5 Sec.)

How does it really work?Byte Caching

1. The WXA appliance builds and maintains dictionaries based on most commonly passed traffic

2. Data is replaced with tokens that the remote WXA can use to recognize and reconstruct data

3. WXA Series CONVEYS data across the WAN link.

SonicWALL CONFIDENTIAL All Rights Reserved22

How does it really work?What cannot be accelerated…

SonicWALL CONFIDENTIAL All Rights Reserved23

De-duplication/Byte-Caching Acceleration relies on detecting repetition

1) Within a single file/stream 2) Within a networkB A A A G Z A Web Page A Web Page A Web Page B Web Page A

File 1 File 2 File 1

Repetition signals an opportunity to optimize and accelerate.

However, some traffic cannot be accelerated Traffic that does not repeat High-entropy traffic

(Hint: These two types of traffic are connected)

How does it really work? What cannot be accelerated…

High-Entropy Traffic Encrypted traffic

SSL, IPSec

Compressed traffic

GZIP, RAR, 7zip, bzip

Video, Audio

Already optimized traffic

RDP, Citrix

Non-Repeating Traffic Single file in one direction

sent once

Single web page access

(High-Entropy Traffic)

SonicWALL CONFIDENTIAL All Rights Reserved24

This is how we do it!Simple Two-Site Deployment

Result

Traffic between two sites optimized with minimal configuration

SonicWALL CONFIDENTIAL All Rights Reserved25

You already know this!....

WXA Management through host SNWL firewall interface.

Firewall Takes Care of

Auto provisioning of the WXA hardware or software solution (similar to SonicPoints)

WXA license management

Firmware and configuration managed of the WXA appliance

Health check probes of the WXA appliance

26

Consolidated management Application ControlDeep Packet InspectionWan Acceleration

…and its really simple to get started!

Firewall decides what traffic needs to be accelerated

Default is “everything” that we can accelerate

Benefit: Decreases the amount of data sent over to the WXA for processing

SonicWALL CONFIDENTIAL All Rights Reserved27

Show me the money!

Visualizes the benefits of using WAN Acceleration

SonicWALL CONFIDENTIAL All Rights Reserved28

SonicWALL WXA Series

Copyright 2011 SonicWALL Inc. All Right Reserved29

WXA 5000WXA 2000WXA 4000

WXA 500 Live CD

SonicWALL WXA Series Overview

WXA 500 WXA 2000 WXA 4000 WXA 5000

Min. SonicOS Version

5.8.1 5.8.1 5.8.1 5.8.1

Recommended Users1 20 120 240 360

Max WAN Accel Flows

100 600 1200 1,800

Byte Caching Yes Yes Yes Yes

TCP Acceleration

Yes Yes Yes Yes

Compression Yes Yes Yes Yes

WFS Acceleration

Yes2 Yes Yes Yes

Visualization TCP/WFS TCP/WFS TCP/WFS TCP/WFS

Copyright 2011 SonicWALL Inc. All Right Reserved30

Choose anyone of these – they all speak WXA!

SuperMassive™ E10000 Series

E-Class NSA Series

NSA Series

TZ Series

E10100 E10200 E10400 E10800

NSA E8500 NSA E7500 NSA E6500 NSA E5500

NSA 4500 NSA 3500 NSA 2400MX NSA 2400 NSA 240

TZ 210 Series TZ 200 Series TZ 100 Series

31

NSA E8510

Data centers, ISPs

Medium to largeorganizations

Branch offices andmedium sized organizations

Small and remote offices

Thank you…

Dennis Bergström, CISSPSonicWALL NordicTechnical Account Manager/SE