SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account...
-
Upload
curtis-hood -
Category
Documents
-
view
221 -
download
1
Transcript of SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account...
![Page 1: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/1.jpg)
SonicWALL WXA – WAN Acceleration
Dennis Bergström, CISSPSonicWALL NordicTechnical Account Manager/SE
![Page 2: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/2.jpg)
SonicWALL, Inc. Dynamic Security for the Global Network
2
![Page 3: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/3.jpg)
SonicWALL, Inc. Dynamic Security for the Global Network
3
![Page 4: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/4.jpg)
SonicWALL’s Legacy
4
![Page 5: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/5.jpg)
Not only Next-Generation Firewalls – although they rock of course
SuperMassive™ E10000 Series
E-Class NSA Series
NSA Series
TZ Series
E10100 E10200 E10400 E10800
NSA E8500 NSA E7500 NSA E6500 NSA E5500
NSA 4500 NSA 3500 NSA 2400MX NSA 2400 NSA 240
TZ 210 Series TZ 200 Series TZ 100 Series
5
NSA E8510
Data centers, ISPs
Medium to largeorganizations
Branch offices andmedium sized organizations
Small and remote offices
![Page 6: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/6.jpg)
Network Security
WAN Acceleration
Secure Remote Access
Email Security
Backup and Recovery
Policy & Management
SonicWALL Product Line-up
App Intell &Control
Virtual Access
Web App Firewall
Connect Mobile
Spike Access
Virtual Assist
Advanced Reporting
Native Access Modules
Spike Access
SSL VPNClient
Clean Wireless – SonicPoint-N Series
![Page 7: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/7.jpg)
SonicWALL WXA Series
Copyright 2011 SonicWALL Inc. All Right Reserved7
WXA 5000WXA 2000WXA 4000
WXA 500 Live CD
![Page 8: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/8.jpg)
What Does WAN Acceleration Do?
Improve Performance of Business Applications
Optimize Response Times for Critical Applications
Reduce Bandwidth Consumption
Reduce associated Bandwidth Costs
… Make the network appear faster!
Copyright 2011 SonicWALL Inc. All Right Reserved8
![Page 9: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/9.jpg)
Have you ever…
…Collaborated with someone on a huge PowerPoint document with
• 10-15 revisions and passed the document back and forth?
• Did the collaboration over a slow internet connection?
…Accessed a large document on a shared site multiple times and downloaded the whole file every time?
Redundant data sent back and forth results in waiting, wasting bandwidth and productivity loss.
SonicWALL CONFIDENTIAL All Rights Reserved9
![Page 10: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/10.jpg)
There is a need for WAN Acceleration
Copyright 2011 SonicWALL Inc. All Right Reserved10
![Page 11: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/11.jpg)
Two front assault – the SonicWALL way
SonicWALL CONFIDENTIAL All Rights Reserved11
![Page 12: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/12.jpg)
WAN Acceleration Step 1 – Shape!
Bandwidth manage and control applications
SonicWALL Application Intelligence, Control and Visualization
1550+ Applications (3600+ signatures)
Identify Applications
• Prioritize important traffic
• Block or restrict unimportant traffic
SonicWALL CONFIDENTIAL All Rights Reserved12
Goal:“Good Traffic” at the gateway with Application Intelligence & Control
![Page 13: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/13.jpg)
Shape! – Choose your traffic
Unimportant AppsUnimportant AppsImportant AppsImportant Apps
13
![Page 14: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/14.jpg)
Shape! - Application Intelligence
Unacceptable Apps
Acceptable Apps
Critical Apps
Malware Blocked
Application Chaos
Identify
Identify
Ingress
Reassembly-FreeDeep Packet Inspection
Categorize
Categorize ControlControl
Egress
Cloud-BasedExtra-FirewallIntelligence
Users/Groups Policy
![Page 15: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/15.jpg)
Shape! – Get immediate insight for decisions
15
![Page 16: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/16.jpg)
Shape! – Get your users to love you….
16
![Page 17: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/17.jpg)
WAN Acceleration Step 2 – Accelerate!
Extremely Effective on:
Email, PowerPoint, Excel spreadsheets, Word docs, PDF
SharePoint, Collaboration sites
Files between 20Kb-20MB+
Small Localized Changes
Benefits:
Eliminate redundant traffic
Increase responsiveness
Improve user experience
SonicWALL CONFIDENTIAL All Rights Reserved17
![Page 18: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/18.jpg)
How does it really work?Protocol Optimization
Reduce the chattiness of certain protocols like (WFS)
Optimizes protocols like Windows File Sharing (WFS), FTP, email
Makes an intelligent decision about the nature of the traffic to eliminate latency
Decreases round-trips and chattiness of certain protocols
SonicWALL CONFIDENTIAL All Rights Reserved18
With: WAN Acceleration
Before: WAN Acceleration
![Page 19: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/19.jpg)
How does it really work?WFS Acceleration
Decrease the amount of data to be sent across the WAN =
Improves response times and transfer speeds when transfer files between remote locations.
File caching/de-duplication
Metadata caching (File directory information)
Active Directory Integration (The WXA becomes part of the domain)
SonicWALL CONFIDENTIAL All Rights Reserved19
![Page 20: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/20.jpg)
How does it really work?Understanding Byte-Caching
SonicWALL CONFIDENTIAL All Rights Reserved20
Work.pptx8MB
VPN(1 Mbps)
8 MB / 1 Mbps = 62.5 Sec* 8 MB / 1 Mbps = 62.5 Sec
Total: 125 Sec = 2 Min, 5 Sec
Without Byte Caching: 1 MB Change, Transfer Everything
Work.pptx8MB
Work.pptx8MB
Work.pptx8MB
(1 Mbps = 1024 Kbps; 1024 Kbps / ( 8 Bits/Byte) = 128 Kbytes/Sec.; 8 MB = 8192 Kbytes; 8192/128 = 62.5 Sec.)
![Page 21: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/21.jpg)
How does it really work?Understanding Byte-Caching
SonicWALL CONFIDENTIAL All Rights Reserved21
Work.pptx8MB
VPN(1 Mbps)
8 MB / 1 Mbps = 62.5 Sec
Work.pptx8MB
1 MB / 1 Mbps = 8 Sec
Total: 70.5 Sec = 1 min, 10.5 Sec50.5 Second Saving = 40% Savings
WITH Byte Caching: 1 MB Change, Transfer only the Change
(1 Mbps = 1024 Kbps; 1024 Kbps / ( 8 Bits/Byte) = 128 Kbytes/Sec.; 8 MB = 8192 Kbytes; 8192/128 = 62.5 Sec.)
![Page 22: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/22.jpg)
How does it really work?Byte Caching
1. The WXA appliance builds and maintains dictionaries based on most commonly passed traffic
2. Data is replaced with tokens that the remote WXA can use to recognize and reconstruct data
3. WXA Series CONVEYS data across the WAN link.
SonicWALL CONFIDENTIAL All Rights Reserved22
![Page 23: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/23.jpg)
How does it really work?What cannot be accelerated…
SonicWALL CONFIDENTIAL All Rights Reserved23
De-duplication/Byte-Caching Acceleration relies on detecting repetition
1) Within a single file/stream 2) Within a networkB A A A G Z A Web Page A Web Page A Web Page B Web Page A
File 1 File 2 File 1
Repetition signals an opportunity to optimize and accelerate.
However, some traffic cannot be accelerated Traffic that does not repeat High-entropy traffic
(Hint: These two types of traffic are connected)
![Page 24: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/24.jpg)
How does it really work? What cannot be accelerated…
High-Entropy Traffic Encrypted traffic
SSL, IPSec
Compressed traffic
GZIP, RAR, 7zip, bzip
Video, Audio
Already optimized traffic
RDP, Citrix
Non-Repeating Traffic Single file in one direction
sent once
Single web page access
(High-Entropy Traffic)
SonicWALL CONFIDENTIAL All Rights Reserved24
![Page 25: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/25.jpg)
This is how we do it!Simple Two-Site Deployment
Result
Traffic between two sites optimized with minimal configuration
SonicWALL CONFIDENTIAL All Rights Reserved25
![Page 26: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/26.jpg)
You already know this!....
WXA Management through host SNWL firewall interface.
Firewall Takes Care of
Auto provisioning of the WXA hardware or software solution (similar to SonicPoints)
WXA license management
Firmware and configuration managed of the WXA appliance
Health check probes of the WXA appliance
26
Consolidated management Application ControlDeep Packet InspectionWan Acceleration
![Page 27: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/27.jpg)
…and its really simple to get started!
Firewall decides what traffic needs to be accelerated
Default is “everything” that we can accelerate
Benefit: Decreases the amount of data sent over to the WXA for processing
SonicWALL CONFIDENTIAL All Rights Reserved27
![Page 28: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/28.jpg)
Show me the money!
Visualizes the benefits of using WAN Acceleration
SonicWALL CONFIDENTIAL All Rights Reserved28
![Page 29: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/29.jpg)
SonicWALL WXA Series
Copyright 2011 SonicWALL Inc. All Right Reserved29
WXA 5000WXA 2000WXA 4000
WXA 500 Live CD
![Page 30: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/30.jpg)
SonicWALL WXA Series Overview
WXA 500 WXA 2000 WXA 4000 WXA 5000
Min. SonicOS Version
5.8.1 5.8.1 5.8.1 5.8.1
Recommended Users1 20 120 240 360
Max WAN Accel Flows
100 600 1200 1,800
Byte Caching Yes Yes Yes Yes
TCP Acceleration
Yes Yes Yes Yes
Compression Yes Yes Yes Yes
WFS Acceleration
Yes2 Yes Yes Yes
Visualization TCP/WFS TCP/WFS TCP/WFS TCP/WFS
Copyright 2011 SonicWALL Inc. All Right Reserved30
![Page 31: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/31.jpg)
Choose anyone of these – they all speak WXA!
SuperMassive™ E10000 Series
E-Class NSA Series
NSA Series
TZ Series
E10100 E10200 E10400 E10800
NSA E8500 NSA E7500 NSA E6500 NSA E5500
NSA 4500 NSA 3500 NSA 2400MX NSA 2400 NSA 240
TZ 210 Series TZ 200 Series TZ 100 Series
31
NSA E8510
Data centers, ISPs
Medium to largeorganizations
Branch offices andmedium sized organizations
Small and remote offices
![Page 32: SonicWALL WXA – WAN Acceleration Dennis Bergström, CISSP SonicWALL Nordic Technical Account Manager/SE.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649dab5503460f94a99800/html5/thumbnails/32.jpg)
Thank you…
Dennis Bergström, CISSPSonicWALL NordicTechnical Account Manager/SE