Application Control; Unified Policy Configuration And Management; Multiple Instances / High Availability; System Architecture - SonicWALL SonicOSX 7 Getting Started Manual

Application Control

The NSsp 15700 catalogs thousands of applications through App Control and monitors their traffic for
anomalous behavior through the on-board Application Firewall.

Unified Policy Configuration and Management

The NSsp 15700 enables organizations to intuitively configure and enforce policies by combining network,
application and web filtering security in one place.

Multiple Instances / High Availability

NSsp 15700 architecture allows multiple independent firewalls to share hardware resources to support
MSSPs, or provide flexible resources for evolving organizations. These independent firewalls may also be
configured as high-availability (HA) pairs, either within one NSsp, or across multiple NSsp. Unlike other high
performance firewall systems, the NSsp operates through containers rather than shared hardware
resources. Software containers along with NUMA architecture assure identical operation for all instances on
the NSsp 15700.
The NSsp 15700 supports three kinds of High Availability:
Standalone HA — Instances on one NSsp from high availability pairs. See Instance HA Pair on a
l
Standalone NSsp Node.
Multi-appliance instance-level HA — Instances on different NSsp 15700 appliances form HA pairs.
l
See Configuring Multi-Appliance Instance-Level HA.
Appliance-level HA — Two NSsp appliances ,are paired as Primary Active and Secondary Standby.
l
See Setting Up Unit-to-Unit HA.

System Architecture

The NSsp 15700 centers on four Intel Xeon processors on two cards, or physical blades, linked by a 3.2
Terabits per second switch fabric. This enables the support of multiple independent firewalls with direct
access to the NSsp's high-performance hardware. Non-Unified Memory Access architecture combined with
software containers maximizes security and performance.
There are two logical blades, or CPUs, per physical blade. These logical blades are allocated to a Root
Instance firewall, or to tenant instances. Each logical blade offers the nine cores available on each Xeon
minus one devoted to system software. At the time of this writing, the Root Instance requires a minimum
two logical blades, and a maximum of two logical blades are available to support virtual firewalls.
Virtual firewall instances are confined to software containers, consequently providing the highest security
and predictable performance.
Virtual firewalls require an allocation of at least two CPU cores: one Control Plane (CP) and one Data Plane
(DP). Up to two CP cores and seven DP cores can support a virtual firewall. Cores supporting a virtual
firewall must reside on one logical blade.
SonicOSX 7 Getting Started Guide for the NSsp Series 6
Product Overview