Comprehensive/Advanced Gateway Security Suite , without it is my firewall just a router???
I maintain around 200 Sonicwalls of various models. Most of the remotes are of the TZ models.
Most of my remotes I have not purchased any of the licensing for any of the Security Services. My question is: on the remotes that I am NOT licensed for any of the security services should I turn UNCHECK these services in my ZONES for these services?? When checked it displays a Green checkmark for the service. Here is WHY I am asking. If I uncheck say DPI on all zones the users say the internet is 10 times faster, LIGHT SPEED. So I know it is doing something. So I called Sonicwall support and asked them if this is a good idea and since I am not licensed why did it make a difference. THE First support rep said that even though I am not Licensed Sonicwall does have a Default free database that it uses to prevent BAD things from happening and to keep them checked even without licensing.
NOT sure about that answer I called again and asked a different support rep from Ireland and he said when you check the boxes in the ZONES it does DPI, but since you are not licensed it then does Nothing and I am unprotected and if I do not purchase licensing then I should UN-CHECK the boxes in the ZONES because as I know it is just slowing down my firewall for no reason. So now I have conflicting statements both from Sonicwall support. Can someone who really knows give me the correct answer? I don't want theories. This way on the sites where I have a large office I may purchase the Security Suite, and the other where there is only two computers I may not license the firewall but then UN-Check DPI, IPS etc. to get all the throughput I can from those sites. But if there is limited free protection by having the boxes checked at the zone lever then I may leave them checked to keep the remotes safer and realize I am taking a performance HIT. Thank you for Reading this long Question.
TKWITS Community Legend ✭✭✭✭✭
Without licensing, the processes that provide IPS, GAV/GAS, etc. are not allowed to be enabled, and thus are not running on the CPU. Leaving a checkbox checked in the Zone settings should have no effect since the underlying process is not running.
Speed differences between DPI and SPI are noted elsewhere.0
DPI is not a function of the security services, but helps them perform their function by inspecting the entire packet. Read more here: https://community.sonicwall.com/technology-and-support/discussion/1528/dpi-vs-spi
Without a security services subscription your firewall is a firewall.
Thank you, I read the entire link you provided. and I understand dpi vs spi. My question is if I do NOT have any of the extra Soincwall licensing and I have DPI , IPS, Gateway AntiV selected for my WAN Zone, are they doing anything. I know they are slowing things down.
I just feel maybe they are inspecting each packet which comes at a performance cost, but then sonicwall says Oh you have no licenses so let that packet go on. So then I am taking the performance hit and not getting anything for it. Now if I check those boxes in my WAN zone and it is really doing something even though I have no licensing for anything I will keep them checked so I least get whatever protections it provides for Free. So my question is IF I have no licensing is SPI all I can get for protection. Thank You. And any Capital letters does not mean I am screaming. I just like to emphasize things now and them. Thank you again for your quick reply.