- Quality of Service (QoS)
- Adds the ability to recognize, map, modify and generate the industry-standard 802.1p and Differentiated Services Code Points (DSCP) Class of Service (COS) designators. When used in combination with a QoS capable network infrastructure, SonicOS QoS features provide predictability that is vital for certain types of applications, such as Voice over IP (VoIP), multimedia content and business-critical applications such as credit-card processing. Note: 802.1p tagging is not supported on the PRO 1260.
- SYN Flood Protection
- SYN Floods are a common form of denial of service attack launched against IP-based hosts. They are designed to incapacitate the target by exhausting its resources with illegitimate TCP connections. SonicOS Enhanced provides improved SYN Flood protection to safeguard protected systems from such attacks.
- Source-Destination IP Persistence for WAN Load Balancing
- Provides persistent WAN load balancing based on the source and destination IP for connectionless protocols. The SonicWALL appliance selects a WAN interface to use for communication between one source and destination IP address pair, and keeps subsequent communications bound to the same WAN interface to ensure persistent source addressing. The SonicWALL security appliance determines which WAN link to utilize based on previous and current traffic patterns.
- SonicPoint Dynamic Subnet Addressing
- Allows more flexible IP subnet masking by specifying the number of SonicPoints that will be connected to an interface assigned to the WLAN. This declaration will then dynamically determine the maximum allowable subnet mask size.
- SonicPoint Enforcement Configurability
- Enables SonicPoint enforcement to be disabled on a Wireless Zone providing simpler integration of SonicPoints into existing networks. This allows SonicPoints to be installed on the same physical segment as existing wired nodes. It also allows Guest Services to be extended to wired users.
- Online Certificate Status Protocol (OCSP) Support
- Allows the SonicWALL appliance to use RFC2560's real-time scheme for maintaining digital certificate status.
- SonicWALL® PortShield Architecture
- Allows 24 ports on the SonicWALL PRO 1260 security appliance's switch to be independently and easily configured into custom security zones, each with its own "virtual firewall." This ensures the ports are secured from the Internet as well as other devices on the LAN. (Supported on PRO 1260 only)
- 802.1q Virtual LANs (VLANs)
- Provides support for 802.1q VLANs using virtual interfaces with VLAN ID tag assignments. Virtual interfaces provide many of the same features as physical interfaces, including Zone assignment, DHCP Server, and NAT and Access Rule controls. (Support on PRO 4060 and PRO 5060 only)
- Advanced Routing Services OSPF/RIP
- Provides full support for OSPF (Open Shortest First Path) and RIP (Router Information Protocol) dynamic routing protocols. (Available on PRO 4060 and PRO 5060 Only)
- AD (Active Directory)/LDAP (Lightweight Directory Access Protocol) Authentication
- Provides user identification against LDAP and Microsoft Active Directory servers along with support for RFC 2798 and user defined schemas, and LDAP over TLS.
- SYN Cookie and Other TCP Enhancements
- Provides SYN Flood denial of service attack protection based on reliable and resource efficient SYN cookies. Scrutinizing evaluation of all TCP parameters to ensure validity of packets, and to provide an additional layer of protection against malicious network activity.
- Connection Limiting
- Provides the ability to prevent resource exhaustion by defining a percentage of the total number of allowable connections through the firewall, which may be allocated to a particular type of connection, as defined by Access Rules.
Unified Threat Management
- SMTP RBL Spam Filtering
- Provides the ability to use DNS to query Real-Time Black List (RBL) services that track well-known spam and open-relay SMTP servers, and to deny SMTP connections from servers that appear on the lists.
- Wireless IDS Scheduled Scan
- Provides the ability to create a schedule to control the Intrusion Detection Services scanning function of the wireless radios.
- FQDN and MAC Address Objects
- Provides support for FQDN (Fully Qualified Domain Name) and MAC Address objects for use in policy construction, based on a new Dynamic Address Object infrastructure.
- Group Address Object for Policy-based Routing
- Provides support for Group Address Objects as source or destination selectors in Policy-based Routing.
- Separate CCK (Complementary Code Keying) and OFDM (Orthogonal Frequency Division Multiplexing) 2.4GHz Tuning
- Provides separate controls for 802.11b and 802.11g power levels on the 2.4GHz radio on SonicPoints.
- VPN Auto-added Access Rule Control
- It is now possible to control the creation of auto-added Access Rules when creating VPN policies.
- User Interface Changes
- The System>Status' page now shows 'Last Modified by' information. 'Schedules', 'Local Certificates', and 'CA Certificates' have been relocated to the 'System' tab.
- Additional Features
Added 'Don't Send ICMP Redirect for outbound packets larger than this Interface's MTU' to 'WAN>Advanced' tab
GroupVPN auto-creation only applies to Untrusted and Wireless Zone types - other Zone types are optional
Site-to-Site and GroupVPN policy counts are tracked separately
Connection cache size changes
Bandwidth Management rule limit changes
The SIP signaling inactivity timeout maximum has been increased from 3600 seconds to 100,000 seconds
Gateway Anti-Virus, Anti-Spyware & Instrusion Prevention Service for PRO 3060 (1 Year)
Content Filtering Service for PRO 1260/2040/3060/4060
Content Filtering Service Premium Business Edition for PRO 100/200 Series/300 Series/GX Series/1260/
S/Content Filter/Premium Business Editio
SonicWALL PRO 2040 SonicOS Enhanced Firmware Upgrade (Includes 1 year 8x5 Support)
Windows Server 2012 - 1 Device Client Access License
Windows Server 2012 - 1 User Client Access License