SonicWALL Gateway Anti-Virus
9
SonicWALL TZ 180 TotalSecure
Stream Concurrency Limitations by SonicWALL Security Appliance
Because SonicWALL GAV does not have to perform reassembly, there are no file-size limitations
imposed by the scanning engine. Base64 decoding, ZIP, LHZ, and GZIP (LZ77) decompression are
also performed on a single-pass, per-packet basis. Stream-concurrency are platform dependent as
follows:
Disabling the SonicWALL GAV/IPS Engine
In the unlikely event that SonicWALL Gateway Anti-Virus/Intrusion Prevention Service is not
enabled on your SonicWALL security appliance, the SonicWALL GAV/IPS engine itself can be
disabled, and the resources can be reallocated to the SPI connection cache.
To disable the SonicWALL GAV/IPS engine, perform the following steps:
Step 1 Select the Firewall > Advanced page.
Step 2 Select the Disable Gateway AV and IPS Engine (increases maximum SPI connections)
checkbox. This presents an alert informing you that the SonicWALL security appliance must be
rebooted for the change to take effect.
Step 3 Restart your SonicWALL security appliance.
Protocol Handling
SonicWALL GAV functionality supports the following protocols: HTTP, SMTP, IMAP, POP3, FTP
and the scanning of generic TCP streams for viruses.
If malicious traffic is detected, appropriate actions are taken based on the protocol. For generic TCP
streams, the traffic is dropped and the connection is reset. If so configured, an encrypted and
hashed message explaining the action is sent to the user's Global Security Client (requires version
2.0 or higher) and to the user's 'Security Action Notification Applet', and displayed to the user if
either application is active. Application level awareness of the type of protocol that was transporting
the violation allows for very specific actions to be taken to gracefully handle the rejection of the
payload:
Platform
GAV-Disabled
Connections
Cache Size
GAV-Enabled
Connections
Cache Size
(Concurrent
File Downloads)
Concurrent
Compressed
File Downloads
with GAV GAV Signatures
TZ 150
Series
2,048 2,048 100 4,500
TZ 170
Series
6,144 6,144 100 4,500
PRO 1260 6,144 6,144 100 4,500
PRO 2040 32,768 16,384 300 25,000
PRO 3060 131,072 65,536 1,000 25,000
PRO 4060 524,288 131,072 1,500 25,000
PRO 5060 750,000 393,216 3,000 25,000
