SonicWALL Deep Packet Inspection
16
SonicWALL TZ 180 TotalSecure
SonicWALL Deep Packet Inspection
This section provides an overview to the SonicWALL Intrusion Prevention Service (DPI). This
section contains the following subsections:
• DPI Overview
• How Does DPI Work?
• Benefits
DPI Overview
Deep Packet Inspection (DPI) looks at the data portion of the packet. The Deep Packet Inspection
technology includes intrusion detection and intrusion prevention. Intrusion detection finds
anomalies in the traffic and alerts the administrator. Intrusion prevention finds the anomalies in the
traffic and reacts to it, preventing the traffic from passing through.
How Does DPI Work?
Deep Packet Inspection is a technology that allows a SonicWALL Security Appliance to classify
passing traffic based on rules. These rules include information about layer 3 and layer 4 content of
the packet as well as the information that describes the contents of the packet’s payload, including
the application data (for example, an FTP session, an HTTP Web browser session, or even a
middleware database connection). This technology allows the administrator to detect and log
intrusions that pass through the SonicWALL Security Appliance, as well as prevent them (i.e.
dropping the packet or resetting the TCP connection). SonicWALL’s Deep Packet Inspection
technology also correctly handles TCP fragmented byte stream inspection as if no TCP
fragmentation has occurred.
Benefits
Deep Packet Inspection technology enables the firewall to investigate farther into the protocol to
examine information at the application layer and defend against attacks targeting application
vulnerabilities. This is the technology behind SonicWALL Intrusion Prevention Service.
SonicWALL’s Deep Packet Inspection technology enables dynamic signature updates pushed from
the SonicWALL Distributed Enforcement Architecture.
