Case 5:17-cv-04467-BLF Document 347-11 Filed 01/21/21 Page 1 of 13
`Case 5:17-cv-04467-BLF Document 347-11 Filed 01/21/21 Page 1 of 13
`
`
`
`EXHIBIT 9
`
`EXHIBIT 9
`
`
`
`
`
`

`

`Case 5:17-cv-04467-BLF Document 347-11 Filed 01/21/21 Page 2 of 13
`
`exhibitsticker.com
`
`Exhibit #
`
`Striegel 6
`
`11/03/20 - CS
`
`

`

`Case 5:17-cv-04467-BLF Document 347-11 Filed 01/21/21 Page 3 of 13
`Case 5:17-cv-04467-BLF Document 347-11 Filed 01/21/21 Page 3 of 13
`
`Series lineup
`
`The SonicWall SuperMassive 9000 Series features 4 x lO—GbE SFP+, up to 12 x i-GbE SFP, 8 x ‘l—GbE copper and 1 GbE
`management interfaces, with an expansion port for an additional 2 x10- GbE SFP+ interfaces (future release). The 9000 Series
`features hot—swappable fan modules and power supplies.
`
`SuperMassive 9000 Series
`LCD
`SDcard For
`EXBOGb
`
`‘le‘erE Bxl-GbE
`
`LCD
`
`Dual
`
`4x10-GbE Bx l-GbE Exi-GbE
`
`future use
`controls
`
`
`S-SD
`
`SFP ports
`
`ports
`
`controfs USB ports SFP+ ports
`
`SFP- ports
`
`ports
`
`
`
`Console
`port
`
`‘| GbE management
`interface
`
`Console Dual USB
`LCD
`display port
`ports
`
`1 GbE management
`interface
`
`4 x 'IO-GbE
`SFP+ ports
`
`LCD
`display
`
`Two hot-ss-uappable,
`Expansron bay
`Dual hot—
`swappable fans
`for future use
`redundant power supplies
`ExpanSIon bay
`-
`
`for Future use
`
`_
`Dual hot— Two not-swappable.
`
`swappable fans
`redundant power supplies
`
`Capt-1min}.-
`
`Processmg cores
`
`Firewall throughput
`
`Application inspection throughput
`Intrusion prevention sys:ern UPS) throughput
`
`Antz-malware inspection throughput
`Maximum DPI connections
`
`_
`
`.
`
`:
`
`24
`
`15 Gbps
`
`5 Gbps
`5 Gbps
`
`3.5 Gbps
`1.5 M
`
`__
`
`.
`
`.
`_
`
`.
`
`32
`
`20 Gbps
`
`‘IO Gbps
`‘ICI Gbps
`
`4.5 Gbps
`”LS M
`
`.
`
`.
`
`.
`.
`
`.
`
`32
`
`20 Gbps
`
`‘|’|.5 Gbps
`11.5 Gbps
`
`5 Gbps
`2.0 M
`
`.
`
`.
`
`o4
`
`31.8 Gbps
`
`23 Gbps
`21.3 Gbps
`
`ii Gbps
`2.5 M
`
`Dem|o--;_.-rn::-n‘: modes
`I
`I
`I
`"
`I
`
`L2 bridge mode
`Yes
`Yes
`Yes
`.
`Yes
`
`Wire mode
`
`Gateway-INAT mode
`
`Tap mode
`
`Transparent mode
`
`.
`
`.
`
`=
`
`Yes
`
`Yes
`
`Yes
`
`Yes
`
`.
`
`.
`
`.
`
`_
`
`Yes
`
`Yes
`
`Yes
`
`Yes
`
`.
`
`.
`
`.
`
`_
`
`Yes
`
`Yes
`
`Yes
`
`Yes
`
`.
`
`.
`
`_
`
`Yes
`
`Yes
`
`Yes
`
`Yes
`
`SONICWALL‘
`
`SonicWal|-Finjan_00000656
`
`

`

`Case 5:17-cv-04467-BLF Document 347-11 Filed 01/21/21 Page 4 of 13
`Case 5:17-cv-04467-BLF Document 347-11 Filed 01/21/21 Page 4 of 13
`
`Reassembly- Free Deep Packet
`Inspection engine
`
`RFDPI is a single-pass, low latency
`inspection system that performs
`stream-based, bi-directional traffic
`
`analysis at high speed without proxying
`or buffering to effectively uncover
`intrusion attempts, malware and identify
`application traffic regardless of port and
`protocol. This proprietary engine relies
`on streaming traffic payload inspection
`in order to detect threats at Layers
`3-7. The RFDF’I engine takes network
`streams through extensive and repeated
`
`normalization and decryption in order
`to neutralize advanced obfuscation and
`
`position of the stream relative to these
`databases until it encounters a state of
`
`evasion techniques that seek to confuse
`detection engines and sneak malicious
`code into the network.
`
`Once a packet undergoes the necessary
`pre-processing, including TLS/SSL
`decryption, it is analyzed against a single
`proprietary memory re presentation
`of multiple signature databases:
`intrusion attacks, malware, botnet and
`
`applications. The connection state
`is then advanced to represent the
`
`attack, or other "match" event, at which
`
`pointa preset action is taken. In most
`cases, the connection is terminated
`
`and proper logging and notification
`events are created. However, the engine
`can also be configured 1for inspection
`only or, in the case of application
`detection, to provide Layer 7 bandwidth
`management services for the remainder
`of the application stream as soon as the
`application is identified.
`
`Packet assem bly-based process
`
`Reassembly-free Deep Packet inspection (RFDP!)
`
`P
`
`roxy
`
`S
`
`_
`canning
`
`d' PacketbI
`Isassern y
`
`55L
`
`Tmffic'infig"
`
`E
`:..‘ICOI.-IOIOIIOOQII-OUIIIICWI“.
`
`Traffic In 6
`Trafficout
`fl @-—‘O l
`
`i
`
`n=1024
`
`Traffic out
`
`H
`
`Inspection capacity
`Min
`Max
`
`inspection time
`IIIIIIIIIIIIIIIIIII
`More
`
`When proxy
`becomes full or
`content too large.
`files bypass
`scanning.
`
`Inspection capacity
`IIIIIIIIIIIIIIIIIII
`Min
`Max
`
`Competitive proxy-based architecture
`
`lnc paction time
`IIIIIIIIIIIIIIIIIII
`Less
`More
`
`Reassembiy-free packet
`scanning eliminates proxy
`and content Size limitations.
`
`SonicWall stream-based architecture
`
`
`
`
`
`Extensible architecture for extreme
`
`scalability and performance
`
`The RFDPI engine is purposely designed
`with a keen focus on providing security
`scanning at a high level of performance,
`to match both the inherently parallel
`and ever growing nature of network
`traffic. When combined with multi—core
`
`processor systems, this parallelism-
`centric software architecture scales up
`perfectly to address the demands of
`deep packet inspection {DPI} at high
`traffic loads. The SuperMassive platform
`relies on processors that, unlike x86,
`are optimized for packet, crypto and
`network processing while retaining
`flexibility and programmability in the
`field — a weak point for ASICs systems.
`
`This flexibility is essential when new code
`and behavior updates are necessary
`to protect against new attacks that
`require updated and more sophisticated
`detection techniques. Another aspect
`
`of the platform design is the unique
`ability to establish new connections
`on any core in the system, providing
`ultimate scalability and the ability to
`deal with traffic spikes. This approach
`
`delivers extremely high new session
`establishment rates (new conn/sec) while
`
`deep packet inspection is enabled — a
`key metric that is often a bottleneck for
`data center deployments.
`
`
`
`1? ‘4. 1 Eli; JFP
`
`multi—core
`
`SONICWéLL'
`
`SonicWal|-Finjan_00000657
`
`

`

`Case 5:17-cv-04467-BLF Document 347-11 Filed 01/21/21 Page 5 of 13
`Case 5:17-cv-04467-BLF Document 347-11 Filed 01/21/21 Page 5 of 13
`
`Capture Labs
`The dedicated, in—house SonicWall
`
`Capture Labs threats research
`team researches and develops
`countermeasures to deploy to customer
`firewalls for up—to—date protection. The
`team gathers data on potential threat
`data from several sources including our
`award~winning network sandboxing
`service, Capture Advanced Threat
`Protection, as well as more than 1 million
`SonicWall sensors located around the
`
`globe that monitor traffic for emerging
`threats. It is analyzed via machine
`learning using SonicWall's Deep
`Learning Algorithms to extract the DNA
`from the code to see if it is related to any
`known forms of malicious code.
`
`SonicWall NGFW customers with the
`
`latest security capabilities are provided
`continuously updated threat protection
`around the clock. New updates take
`
`Requrres added subscription
`
`Advanced threat protection
`
`SonicWall Capture Advanced Threat
`Protection Service is a cloud—based
`
`multi-engine sandbox that extends
`firewall threat protection to detect and
`prevent zero—day threats. Suspicious files
`are sent to the cloud for analysis with
`the option to hold them at the gateway
`until a verdict is determined. The
`
`multi-engine sandbox platform, which
`includes virtualized sandboxing, full
`system emulation and hypervisor level
`analysis technology, executes suspicious
`code and analyzes behavior. When a
`file is identified as malicious, a hash is
`
`immediately created within Capture and
`later a signature is sent to firewalls to
`prevent follow—on attacks.
`
`The service analyzes a broad range
`of operating systems and file types,
`including executable programs, DLL,
`PDFs, MS Office documents, archives,
`JAR and APK.
`
`Capture provides an at—a~glance threat
`analysis dashboard and reports, which
`detail the analysis results for files sent to
`
` |:I.'Ill|."l".'ll'll'1
`
`C“.PTURE
`LABS
`
`-|,.‘...-ri. .nI.-.|-
`
`effect immediately without reboots
`or interruptions. The signatures on
`the appliances protect against wide
`classes of attacks, covering up to tens
`of thousands of individual threats with a
`
`single signature.
`
`In addition to the countermeasures on
`
`the appliance, SuperMassive firewalls
`also have access to the SonicWall
`
`CloudAV', which extends the onboard
`signature intelligence with tens of
`millions of signatures, and growing
`by millions annually. This CloudAV
`database is accessed by the firewall via
`a proprietary, lightweight protocol to
`augment the inspection done on the
`appliance. With Capture Advanced
`Threat Protection', 3 cloud-based multi—
`engine sandbox, organizations can
`examine suspicious files and code in an
`isolated environment to stop advanced
`threats such as zero-day attacks.
`
`the service, including source, destination
`and a summary plus details of malware
`action once detonated.
`
`luunmmwlfllflfl
`
`uni-glut" um
`...._-.. _ 53.4,;
`
`_ sun-m
`_ an”...
`_ bun-m-
`_ mm...
`
`
`
`mu
`
`
`
`‘r-Il‘vdfi.
`
`n
`num
`:1an
`‘rmu
`snout
`
`in
`alum
`III“!
`vii-m
`1mm
`
`x.-
`5......
`"nu.
`m...
`
`»
`
`-—H—w-_
`
`no...
`-.-
`--
`hr“.—
`
`n
`
`..
`
`'
`
`SONICWALL‘
`
`SonicWal|-Finjan_00000658
`
`

`

`Case 5:17-cv-04467-BLF Document 347-11 Filed 01/21/21 Page 6 of 13
`Case 5:17-cv-04467-BLF Document 347-11 Filed 01/21/21 Page 6 of 13
`
`Application intelligence and control
`
`Application intelligence informs
`administrators of application traffic
`traversing their network so they can
`schedule application controls based on
`business priority, throttle unproductive
`applications and block potentially
`dangerous applications. Real-time
`visualization identifies traffic anomalies
`
`as they happen, enabling immediate
`countermeasures against potential
`inbound or outbound attacks or
`
`performance bottlenecks.
`
`SonicWall Application Traffic Analytics
`provide granular insight into application
`traffic, bandwidth utilization and
`
`security threats, as well as powerful
`troubleshooting and forensics
`capabilities. Additionally, secure single
`sign-on (SSO) capabilities ease the user
`experience, increase productivity and
`reduce support calls. Management of
`application intelligence and control
`is simplified by the intuitive web—
`based interface.
`
`Global management and
`reporting
`
`For highly regulated organizations
`wanting to achieve a fully coordinated
`
`security governance, compliance
`and risk management strategy,
`the optional SonicWall Global
`Management System' lGMS'”)
`provides administrators a unified,
`secure and extensible platform to
`manage SonicWall firewalls, wireless
`access points and switches through a
`correlated and auditable workstream
`
`process. GMS enables enterprises to
`easily consolidate the management
`of security appliances, reduce
`administrative and troubleshooting
`complexities, and govern all
`operational aspects of the security
`infrastructure, including centralized
`policy management and enforcement;
`real—time event monitoring; user
`activities; application identifications;
`flow analytics and forensics;
`compliance and audit reporting; and
`more. GMS also meets the firewall
`
`Requires added subscription
`
`Real-11m mar
`.dn-n 9.».
`i
`
`inn-v4... yaw».- “mm. :‘wlh‘grmlir eta-.93"
`
`
`
`
`
`ll“
`
`.‘hm-I.»
`.unam .u‘nndm
`.ssuuu
`.‘mum .nuoeuflil
`
`I:::"::“' I warn “er:
`.m'rur’
`.hih'm I'm-”m gut-awn:
`
`x m;- cm
`- amp-1‘1
`
`illlr‘l1l'
`-. man-o:- vim
`
`(nan-uni
`had-a
`
`(firm :0... .m
`- s-usw was
`a as an
`I 5-13- «m
`I ’W me I «J m I inn-4:9
`I an... N,
`.. 33'3““
`..... ....
`.. m u an
`I mun-w Ix" ______Q a mi
`I mu. m a a”... m. g is...“ ”u
`. durum
`(mu
`0 firm”
`I Human; I sum-m.-
`Inns-mi I m ' :1“
`$2,122, mi“;
`- mm . 23:32:31:
`:33?“-
`Izm IiijI" I Ian-urn
`.(r—hlil
`um...“
`I 21":“"'""
`:- man:
`a :3".._.,
`f"::,,
`I mi”
`I :IZ'I" I Ae- tar-mu I if.“
`I k‘w'rn-‘lh I and KER-1’.
`
`Inwm'vI seem i I :2?“ t.
`
`
`change management requirements
`of enterprises through a workflow
`automation feature. With GMS workflow
`
`automation, all enterprises will gain
`agility and confidence in deploying the
`right firewall policies, at the right time
`and in conformance to compliance
`regulations. GMS provides a coherent
`
`way to manage network security by
`business processes and service levels,
`dramatically simplifying lifecycle
`management of your overall security
`environments as compared to managing
`on a device-by-device basis.
`
`SonidWall GMS Secure Compliance Enforcement
`
`_
`Benefits
`
`Single
`Management
`Console
`
`_,'-‘
`I- :
`
`—
`Reporting
`
`C onverged
`Infrastructure
`
` 3 SonicWall Firewall
`
`(—I—I—']
`
`SonicWall WAN
`Acceleration
`
`X-Series Switch
`with PoE
`
`Son i cWa ||
`Sonic‘a'hbve AP
`
`EEEE
`
`l—l—I
`rl-—I—\
`fl—1
`fl—w—1
`
`Port Expansion Scalability
`
`SONICWéLL‘
`
`SonicWai|-Finjan_00000659
`
`

`

`Case 5:17-cv-04467-BLF Document 347-11 Filed 01/21/21 Page 7 of 13
`Case 5:17-cv-04467-BLF Document 347-11 Filed 01/21/21 Page 7 of 13
`
`Featu res
`
`l
`
`RFDP! engine
`
`Descri ption
`Feature
`Reassembly-Fres Deep Packet
`This high-performance. proprietary and patented inspection engine performs stream-based, lei-directional traffic
`Inspection (RFDPI)
`analysis. without prOxying or buffering, to uncover intrusion attempts and malware and to identify application traffic
`regardless after!-
`Scans for threats in both inbound and outbound traffic simultaneously to ensure that the network is not used to distribute
`Bidirectional inspection
`malware and does not become a launch platform for attacks in case an infected machine is brought inside.
`Stre am— based inspection
`Proxy—less and non—buffering inspection technology provides ultra—iow latency performance for DPI of millions of
`simultaneous network streams without introducing file and stream size limitations, and can be applied on common protocols
`as well as raw TCP streams.
`
`The unique design of the RFDPI engine works with the multi-core architecture to provide high DPI throughput and extremely
`I Highly parallel and scalable
`high new session establishment rates to deal with traffic spikes in demanding networks.
`Single—pass inspection
`A single—pass DPI architecture simultaneously scans for malware, intrusions and application identification. drastically reducing
`
`Fire-tile“ and net'-.~.-'i::-rI-r..ir!g
`
`Feature
`Description
`I Threat API
`All the firewall to receive and leverage any and all proprietary, original equipment manufacturer and third—party Intelligence
`feeds to combat advanced threats such as zero—clay. malicious insider, compromised credentials, ransomwere and
`advanced persistent threats.
`Stateful packet inspection
`All network traffic is inspected, analyzed and brought into compliance with firewall access policies.
`High availabilityfclustering
`The SuperMassive Series supports Activer’F'assive LAIP] with state synchronization, ActivefActive (AKA) DPI and Active!
`Active clustering high availability modes. ActivefActive DPI ofiloads the deep packet inspection load to cores on the passive
`appliance to boost throughput.
`DDoS/DoS attack protection
`SYN flood protection provides a defense against DOS attacks using both Layer 3 SYN proxy and Layer 2 SYN blacklisting
`.
`technologies. Additionally, it protects against DOSIDDoS through UDPIICMF’flood protection and connection rate limiting:
`ino support
`Internet Protocol version 6 “Fuel is in its early stages to replace IPvii. With the latest SonicOS «5.2, the hardware will support
`filtering and wire mode Implementations.
`
`Flexible deployment options The SuperMassive Series can be deployed in traditional NAT, Layer2 bridge, wire and network tap modes.
`WAN load balancing
`Load-baiances multipie WAN interfaces using Round Robin, Spillover or Percentage methods. Policy-based routing Creates
`routes based on protocol to direct traffic to a preferred WAN connection with the ability to fall back to a secondary WAN in
`the event of an outage.
`
`Advanced quality of service {005) Guarantees critical communications with 802 .1 pr DSC P tagging, and remapping of Vol P traffic on the network.
`Blocks spam calls by requiring that all incoming calls are authorized and authenticated by H.323 gatekeeper or SIP proxy.
`I H.323 gatekeepsrend SIP
`
`proxy support
`
`Manage security settings of additional ports, including Pottshield, HA, POE and POE+‘ under a single pane of glass using the
`Single and cascaded Dell X—Ser‘ies
`
`network switch management firewall management dashboard for Dell's X—Series network switch.
`Biometric authentication
`Supports mobile device authentication such as fingerprint recognition that cannot be easily duplicated or shared to securely
`authenticate the user identity for network access.
`Open authentication and social login Enable guest users to use their credential from social networking service such as Facebook, Twitter, or (300ng to sign in and
`access the internet and other guest services through a host's wireless, LAN or DMZ zones using pass—through authentication.
`Muiti-domain authentication
`Enables simple and fast way to administer security polices across all network domains. Manage individual policy to a single
`domain orgroup of domains.
`
`
`
`
`
`
`
` l'v'lariageme Fit and reporting
`Feature
`Description
`Global Management System (EMS)
`SonicWali GMS monitors. configures and reports on multiple SonicWall appliances through a single management console with
`an intuitive interface, reducing management costs and complexity.
`Powerful single d evice management
`
`L An intuitive web~based interface allows quick and convenient configuration, in addition to a comprehensive command—line
`
`inter-face and support for SNMPv2r3_
`
`l I
`
`Exports application traffic analytics and usage data through IPFIX or NetFiow protocols for real-time and historical monitoring
`IPFIXINetFIow application
`
`flow reporting
`and reporting with tools such as SonicWall Scrutinizer or other tools that support lF’FlX and NetFlow with extensions.
`
`
`
`SONICWérLL'
`
`SonicWall—Finjan_00000660
`
`

`

`Case 5:17-cv-04467-BLF Document 347-11 Filed 01/21/21 Page 8 of 13
`Case 5:17-cv-04467-BLF Document 347-11 Filed 01/21/21 Page 8 of 13
`
`Featu res
`
` Virtual private networking [\.-"F‘Ni
`
`Feature
`J
`Description
`Auto-provision VPN
`Simplifies and reduces complex distributed firewall deployment down to a trivial effort by automating the initial site-to-slte VPN
`_: gateway provisioning between SonicWall firewalls while security and connectivity occurs instantly and automatically.
`VPN for site-to-site connectivity High—performance lPSec VF’N allows the Superiv'lassive Series to act as a VPN concentrator for thousands of other large sites,
`branch offices or home offices.
`
` SSL VPN or iPSec client I Utilizes clientiess 33L W‘N technology or an easy—to—rnanage IPSec client Jfor easy access to email, files, computers. intranet sites
`
`.__
`_
`.,
`_..
`_ _
`__ _
`__
`remote access
`__ and applications from a variety of platforms.
`Redundant VPN gateway
`When using multiple WANs. a primary and secondary v'PN can be configured to allow seamless. automatic failover and fallback
`of all VPN sessions.
`
`‘ The ability to perform dynamic routing over VPN links ensures continuous uptime in the event of a temporary VPN tunnel failure,
`Route—based VPN
`
`_ by seamlessly rerouting traffic between endpoints through alternate routes.
` Content -"'C.Ol‘llli-?)it awareness
`
`Feature
`l
`Description
`
`User activity tracking
`I User identification and activity are made available through seamless ADHLDAPi’Citrix‘l {Terminal Servicesi 550 integration
`
`combined with extensive information obtained through DPI.
`identifies and controls network traffic going to or coming from specific countries to either protect against attacks from known
`GeolP country traffic
`or suspected origins of threat activity. or to Investigate suspicious traffic originating from the network. Ability to create custom
`identification
`
`_ country and Botnet lists to override an incorrect country or Botnet tag associated with an IP address.
`
`Regular expression DPI filtering _ Prevents data leakage by identifying and controlling content crossing the network through regular expression matching.
`
`
`
`
`
` Capture advanced throat protection”
`
`Feature
`I
`Description
`MultivEngine Sandboxing
`The multi—engine sandbox platform, which includes virtualized sandboxing. full system emulation, and hypervisor level analysis
`. technology, executes suspicious code and analyzes behavior, providing comprehensive visibility to malicious activity
`Block Until Verdict
`Provides the ability to create custom country and Botnet lists to override an incorrect country or Botnet tag associated with an IP
`
`address.
`.
`
`I
`
`Broad File Type Analysis
`
`Supports analysis of a broad range of file types, including executable programs (PE), DLL, PDFs, MS Office documents, archives, JAR,
`and APK plus multiple operating systems including Windows. Android, Mac OS and multi-browser environments.
`
`Rapid Deployment of Signatures When a file ls identified as malicious, a signature is Immediately deployed to firewalls with SonicWail Capture subscriptions and
`_ GRID Gateway Anti—Virus and IPS signature databases and the URL, IP and domain reputation databases within 43 hours.
`
` Encrypted threat prevention
`
`Feature
`1
`Description
`
`TLSJ’SSL decryption and
`Decrypts and inspects SSLJ'TLS traffic on the fly, without proxying, for malware, intrusions and data leakage, and applies
`inspection
`application, URL and content control policies in order to protect against threats hidden In TLSi’SSL encrypted traffic. Included with
`
`_ security subscriptions for all models.
`Deep packet inspection of SSH fDPI-SSHJ decrypts and inspect data traversing over SSH tunnel to prevent attacks that
`leverage SSH.
`
`SSH inspection
`
`.
`
`Intrusion prevention
`
`Feature
`l
`Description
`Countermeasure-based
`Tightly Integrated Intrusion prevention system (IP51 leverages signatures and other countermeasures to scan packet payloads for
`
`I protection
`.. vulnerabilities and exploits, covering a broad spectrum of attacks and vulnerabilities.
`
`Automatic signature upd ates
`I The SonicWail Threat Research Team continuously researches and deploys updates to an extensive list of IPS countermeasures that
`
`covers more than 50 attack categories. The new updates take effect immediatelyr without any reboot or service Interruption required.
`Intro—zone IPS protection
`Bolsters Internal security by segmenting the network into multiple security zones with intrusion prevention, preventing threats
`
`from propagating across the zone boundaries.
`Botnet command and control
`Identifies and blocks command and control traffic originating from bots on the local network to IPs and domains that are identified
`
`(CnCi detection and blocking
`_ as propagating malware or are known CnC points.
`Protocol abuse/anomaly
`identifies and blocks attacks that abuse protocols in an attempt to sneak past the lPS.
`1
`detection and prevention
`Protects the network against zero-day attacks with constant updates against the latest exploit methods and techniques that cover
`Zero—day protection
`
`thousands of individual exploits.
`Extensive stream normalization, decoding and other techniques ensure that threats do not enter the network undetected by
`Anti-evasion technology
`
`, utilizing evasion techniques in Layers 2-1
`
`.
`
`
`
`SONICWérLL'
`
`SonicWali—Finjan_00000661
`
`

`

`Case 5:17-cv-04467-BLF Document 347-11 Filed 01/21/21 Page 9 of 13
`Case 5:17-cv-04467-BLF Document 347-11 Filed 01/21/21 Page 9 of 13
`
`Features
`
`-.
`
`Threat prevention
`
`Feature
`l
`Description
`Gateway anti-malware
`The RFDPi engine scans all inbound, outbound and intra-zone traffic for viruses, Trojans, key loggers and other malware in files of
`
`.eBE'lmi_tf‘-T‘1l?f§i}h 351??? Eff??? Ell PQT‘SE‘EEEP SHEETS-
`CloudAV malware protection
`A continuously updated database of tens of millions of threat signatures resides in the SonicWall cloud servers and is referenced to
`
`augment the capabilities of the onboard signature database, providing RFDF'I with extensive coverage of threats.
`
`Around—the-clock security
`- New threat updates are automatically pushed to firewalls in the field with active security services, and take effect immediately
`
`_
`.‘_
`_
`_
`_ _
`updates
`__ without reboots or interruptions.
`
`.
`
`Bl-dlrectional raw TCP
`' The RFDPi engine is capable of scanning raw TCP streams on any port bi-directionally preventing attacks that they to sneak by
`
`inspection
`outdated security systems that focus on securing a few well-known ports.
`Extensive protocol support
`identifies common protocols such as HTTPJS, FTP, SMTF’, SMElvUvZ and others, which do not send data In raw TCP, and decodes
`. payloads for malware inspection, even lfthey do not run on standard, well—known ports.
`
` application intelligence and control
`
`Feature
`l
`Description
`
`- Application controi
`I Control applications. or individual application features. that are identified by the RFDPI engine against a continuously expanding
`
`. database of over thousands of application signatures, to increase network security and enhance network productivity.
`Custom application
`Control custom applications by creating signatures based on specific parameters or patterns unique to an application in Its
`
`identification
`network corn municati ons, in order to gain further control over the network.
`
`Application bandwidth
`-Granularly allocate and regulate available bandwidth for critical applications or application categorieswhile inhibiting nonessential
`
`management
`application traffic.
`Granular control
`Control applications. orspecific components of an application, based on schedules, user groups, exclusion lists and a range of
`
`actions with full 550 user identification through LDAPIADITerrninaI Servicesi'Citrix integration.
`
`
`
`
`
`Description
`Feature
`Enforce acceptable use policies and block access to websites containing information or lm ages that are objectionable or
`lnsidefoutside content filtering
`unproductive with Content Filtering Service.
`Enforced content filtering client
`Extend policy enforcement to block internet content for Windows, Mac OS, Android and Chrome devices located outside the
`firewall perimeter.
`
`l
`
`l
`
`Content filtering
`
`'
`
`Granular controls
`
`Block content using the predefined categories or any combination ofcategories. Filtering can be scheduled by time of day, such
`as during school or business hours, and applied to individual users or groups.
`
`Web caching
`
`I URL ratings are cached locally on the SonicWall firewall so that the response time forsubsequent access to frequently visited sites
`lis only-a fraction of a second.
` Enforced anti-virus and anti-s lair-rare:
`P‘i
`Feature Description |
`
`
`Multi-layered protection
`Utilize the firewall capabilities as the first layer of defense at the perimeter, coupled with endpoint protection to block, viruses
`. entering network through laptops, thumb drives and other unprotected systems.
`Automated enforcement option
`Ensure every computer accessing the network has the most recent version of anti-virus and antl-spyware signatures installed and
`active. eliminating the costs commonly associated with desktop anti-virus and anti-spyware management.
`Automated deployment and
`Machine-by—machine deployment and installation of anti—virus and anti—spyware clients is automatic across the network,
`
`installation option
`_ minimizing administrative overhead.
`
`Always on, automatic virus
`Frequent anti-virus and anti-spyware updates are delivered transparently to all desktops and file servers to improve end user
`
`protection
`productivity and decrease security management.
`
`Powerful spyware protection scans and blocks the installation of a comprehensive array of spyware programs on desktops and
`Spyware protection
`
`‘ laptops before they transmit confidential data, providing greater desktop security and performance.
`
`' Requires added subscription
`
`SONICWérLL'
`
`SonicWall-Finjan_00000662
`
`

`

`Case 5:17-cv-04467-BLF Document 347-11 Filed 01/21/21 Page 10 of 13
`Case 5:17-cv-04467-BLF Document 347-11 Filed 01/21/21 Page 10 of 13
`
`F E" «Fit Li f'E" S U m fT'iEi i')’
`NAT
`Firewall
`
`Application identification“
`
`I Stateful packet inspection
`
`I Application control
`
`I Application traffic visualization
`
`I Application component blocking
`
`DHCP server
`
`Bandwidth management
`
`Link aggregation {static and dynamic)
`
`I Application bandwidth management
`
`Port redundancy
`
`I Custom application signature creation
`
`A/P high availability with state sync
`
`I Data leakage prevention
`
`I Application reporting over
`NetFlow/IPFIX
`
`I User activity tracking ($80)
`
`I Comprehensive application
`signature database
`
`Web content filtering“
`I URL filtering
`
`I Anti-proxy technology
`
`I Keyword blocking
`
`I Unified policy model with app control
`I Content Filtering Client
`
`VPN
`
`I Auto—provision VPN
`
`A/A clustering
`
`Inbound/outbound load balancing
`
`L2 bridge, wire/virtual wire mode, tap
`mode, NAT mode
`
`36/46 WAN failover (not on
`SuperMassive 9800}
`
`Asym m etric routing
`
`Com m on Access Ca rd (CAC) su pport
`
`Wireless
`MU-MIMO
`
`Wireless planning tool
`Band steering
`
`Beamforming
`AirTime fairness
`
`MiFi extender
`
`Guest cyclic quota
`
`I lPSec VPN for site-to—site connectivity
`I SSL VPN and lPSEC client remote access
`
`VolP
`Granular 005 control
`
`I Redundant VPN gateway
`I Mobile Connect for iOS, Mac OS
`X, Windows, Chrome, Android and
`Kindle Fire
`
`I Route—based VPN [OSPE RIP, BGP]
`
`Networking
`I Dynamic LAG using LACP
`I PortShield
`
`I Jumbo frames
`
`I Path MTU discovery
`
`I Enhanced logging
`
`I VLAN trunking
`
`I Port mirroring
`
`I Layer—2 005
`
`I Port security
`
`I Dynamic routing iRlPi’OSF‘F/BGP)
`I SonicWall wireless controller’
`
`I Policy—based routing
`{ToS/metric and ECMP)
`
`Bandwidth management
`DPI for VolP traffic
`
`H.323 gatekeeper and SIP proxy support
`
`Management and monitoring
`Web GUi
`
`Command—line interface (CLI)
`SNMPvE/v3
`
`Centralized management and reporting
`with SonicWall Global Management
`System iGMS)”
`
`Logging
`
`NetflOw/FPFix exporting
`
`Cloud—based configuration backup
`
`BlueCoat security analytics piatfom'i
`Application and bandwidth visualizer
`
`va4 and va6 Management
`
`LCD management screen
`
`Dell X~Series switch management‘
`
`Capture advanced threat protection:
`I Cloud—based multi—engine analysis
`
`I Bandwidth management for
`CFS categories
`
`I Reassembly- Free Deep
`Packet Inspection
`
`I DDoS attack protection
`(UDP/lCMP/SYN flood)
`
`I va4/va6 support
`I Biometric authentication for
`remote access
`
`I DNS proxy
`I Threat API
`
`SSLISSH decryption and inspection“
`
`I Deep packet inspection forTLSfSSL/SSH
`
`I
`
`Inclusion/exclusion of objects, groups
`or hostnames
`
`I SSL Control
`
`I Virtualized sandboxing
`
`I Hypervisor level analysis
`I Full system emulation
`
`I Broad file type examination
`I Automated and manual submission
`
`I Real-time threat Intelligence updates
`
`I Auto-block capability
`
`Intrusion i'aretiian‘ticin2
`I Signature-based scanning
`
`I Automatic signature updates
`
`I Bi-directional inspection engine
`I Granular [PS rule set
`
`I GeolP enforcement
`
`I Botnet filtering with dynamic list
`
`I Regular expression matching
`
`Airti-n-ialiliiare2
`
`I Stream-based malware scanning
`
`I Gateway anti—virus
`
`I Gateway anti—spyware
`
`I Bi—directional inspection
`I No file size limitation
`
`I Cloud malware database
`
`' Not supported on Serif-COS 6.2.1.7
`‘ Requires added subscription
`
`
`SONICWérLL'
`
`SonicWall—Finjan_00000663
`
`

`

`Case 5:17-cv-04467-BLF Document 347-11 Filed 01/21/21 Page 11 of 13
`Case 5:17-cv-04467-BLF D0cument347-11 Filed 01/21/21
`Page 11 of 13
`
`SuperMassive 9000 Series system specifications
`
`(IF-erahmg sysr-rrr:
`'>7r|-.:I3$
`
`gaunt, IT-'
`3:1
`,
`3.3'
`'.':
`4x103 r SFP1, 1.“- IISt-E 'EFF'.
`Interface-r
` .1a1lll3bf- '.FFU SJIGhE '3
`
`
`i1: 1"]qu Irihf Mnrmgfi-menr.
`1
`I"-_-ms;_1|n
`P.r16b___
`3L1E Manage-mam '
`
`Cons/3|..-
`
`M-Z-mcn'v {F.‘AMI 64 GB WEB ] M-GB
`
`
`
`
`Hash
`2‘ 806813.
`-
`
`'.'xLI LRI’J'
` .‘S'
`
`
`||'|I;I,LI|_II'J nnrn‘nh
`
`(.c._. user?
`filling-J
`Mamnmn -
`
`Analh'Ter. L-e-
`
`Lc--'_:g|ru_:
`
`"I-gh a'raulanlllty
`Ar.'..w,~v'.= sine WIH'I Stale Syn-r.
`
`
`
`
`
`
`If- : rhl Gughpul
`
`Ar:..i‘.v1.3h.\.-are inane-c :ur-n thr-:-u-_:r~|:-ur'
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`mo '.IGn.
`]
`
`Ma:..rnum Itonrle'tltur.31$Pl3
`.= 0M
`1
`
`Manmm |;-_|r|.".=-\'|'l-'Ix:$ Him 1 ‘w. I '.M J
`
`
`
`
`
`E"?
`:u'.-2c1u;-r.5' [Mrmmuml
`3.00C‘l1E-.'.:'.IE"J
`
`
`
` Imam
`
`Site-Iodine VPN ham-nah
`2."')E’[t‘ UC'U.‘ 3 'Z‘GUE'I El 0'70]
`
`I‘—"'_u:-.: Wm fill-3M3; lMerInIJu'.)
`
`
`55L 'JP'I-i Nfilf cancer Iz‘uer-ts I'M a nnmrr.)
`2 [‘.u' )0]
`
`
`rue, IQ: J‘s-t-leirME-E _
`Ernt- fieh-yfixflheu II' 'J‘I-Ef'
`
`TPIFTE Hellman '31
`Pic-v ilkihll'rgi‘
`
`RIP u:--.=.r~=
`Secure-based V?"I
`
`IF' 3122': _ s: 335' :I-urn-z-nt Imam-3| EII-{lLF'sz-rwzl E!-in'_F"=a|J-.I' -; DH-LF' 5'F' .I
`
`
`
`.‘lf—fi'
`
`I [cm-g. IF's'r. PAT, rump-arena n Hie
`‘._ mafiy | human); Hank-Ia ‘w’LT [
`
`
`
`\" L A N am, r! act 'r
`
`
`FXjF" III‘E-F'F fi'lPufir’e‘? slat“; no: ms. poll-.v-
`
`3311-1 1-;u1|n.:'I rnul _=:'.
`
`HILLIIIIL'J prr-
`;
`'.'J 33'--‘1W|'1|h prI-Z-rlw. max ban-riwl'jth guarante- hma-fiwudih. L“J::.P rnarilng -‘.’!."." IF'
`
`
`r'e-.|'.h-_-nt.-_'ar:c-r. relll'lll'hl Sewn-=3" '.'1n-' :‘CI Haw-ell :1::-'_'r|.;|'IJ:-3'I."'s‘.a1;-39-d