Day after day, the number of users is growing on the web, and so is the number of connections. At the same time, so is the number of cyberattacks hidden by encryption. SonicWall continues to tackle the encrypted threat problem by expanding the number of SSL/TLS connections that it can inspect for ransomware.
Today, a typical web browser keeps 3-5 connections open per tab, even if the window is not the active browser tab. The number of connections can easily increase to 15 or 20 if the tab runs an online app like Microsoft SharePoint, Office web apps, or Google Docs. In addition, actions such as loading or refreshing the browser page may temporarily spike another 10-50 connections to retrieve various parts of the page. A good example this scenario is an advertisement heavy webpage that can really add connections if the user has not installed an ad blocker plugin. Also keep in mind that many ad banners in web pages embed a code to auto-refresh every few seconds, even if the current tab is inactive or minimized. That said, it makes a lot of difference how many browser tabs your users typically keep open continuously during the day and how refresh-intensive those pages are.
We can make some assumptions on the average number of connections for different types of users. For example, light web users may use an average of 30-50 connections, with peak connection count of 120-250. On the other hand, heavy consumers may use twice that, for up to 500 simultaneous connections.
If a client is using BitTorrent on a regular basis that alone will allocate at least 500 connections for that user (with the possibility to consume 2,000+ connections). For a mainstream organization it is safe to assume that on average 80% of the users are considered as light consumers, whereas the remaining 20 percent are heavy consumers. The above numbers will provide a ballpark of a few hundred thousand connections for a company of 1,000 employees – 3 to 5 times higher than the number of connections for the same organization a decade ago.
With all the changes in browser content delivery and presentation, as well as users’ advanced manipulation of the web and its content, it’s necessary for SonicWall to address the forever increasing demand in the number of connections to satisfy the customer need and provide them with a better user experience. In the recently released SonicOS 6.2.9 for SonicWall next-gen firewalls, our engineering team has increased the number of stateful packet inspection (SPI) and deep packet inspection (DPI) connections to better serve this need.
Below is the new connection count for Stateful Packet Inspection connections for SonicWall Gen6 Network Security Appliance (NSA) and SuperMassive Series firewalls in the new SonicOS 6.2.9 when compared to the same count in the previous 22.214.171.124:
In addition, the number of DPI connections has increased up to 150 percent on some platforms. Below is a comparison of the new connection count in SonicOS 6.2.9 against SonicOS 126.96.36.199.
Finally, for security-savvy network administrators we have provided a lever to increase the maximum number of DPI-SSL connections by foregoing a number of DPI connections. Below is a comparison of the default and maximum number of DPI-SSL connection by taking advantage of this lever.
We also enhanced our award winning Capture ATP, a cloud sandbox service by improving the user experience of the “Block Until Verdict” feature, which prevents suspicious files from entering the network until the sandboxing technology finishes evaluation.
In addition, SonicOS 6.2.9 enables Active/Active clustering (on NSA 3600 and NSA 4600 firewalls), as well as enhanced HTTP/HTTPS redirection.
Whether your organization is a startup of 50 users or an enterprise of few thousand employees, SonicWall is always considering its customers’ needs and strives to better serve you by constantly improving our feature set and offerings.
For all of the feature updates in SonicOS 6.2.9, please see the latest SonicOS 6.2.9 data sheet (s). Upgrade today.