SonicOS 7.1 Firewall

Advanced > Connections
Table of Contents

Connections

Any change to the Connections setting requires the SonicWall security appliance be restarted for the change to be implemented.

The Connections section provides the ability to fine-tune the firewall to prioritize for either optimal throughput or an increased number of simultaneous connections that are inspected by Deep-Packet Inspection (DPI) services.

A hardware platform may differ from another in the amount of memory available, which corresponds to the number of connections.

For specific SPI and DPI connection count maximums, refer to the latest SonicWall datasheet for your firewall platform:

  • NSa Series - Datasheet at SonicWall NSa Series
  • TZ Series - Datasheet at SonicWall TZ Series
  • SuperMassive Series - Datasheet at SonicWall SuperMassive Series

Refer to the SonicWall resources page for more information about our Product Series. Search for high-end, mid-range, entry level, and virtual firewall details, such as Maximum connections (DPI SSL), from the By Product Series drop-down menu.

The maximum number of connections depends on the physical capabilities of the particular model of SonicWall security appliance. Flow Reporting does not reduce the connection count on NSa Series, NSA Series, and SuperMassive Series firewalls.

A table with the maximum number of connections for your specific SonicWall security appliance for the various configuration permutations is displayed below the Connections group.

To configure connection services:

  1. Navigate to Network > Firewall > Advanced.

  2. Scroll to Connections.

  3. Choose the type services to be enabled/disabled. There is no change in the level of security protection provided by the DPI Connections settings.

    • Maximum SPI Connections (DPI services disabled) - This option (Stateful Packet Inspection) does not provide SonicWall DPI Security Services protection and optimizes the firewall for maximum number of connections with only stateful packet inspection enabled. This option should be used by networks that require only stateful packet inspection, which is not recommended for most SonicWall network security appliance deployments.

    • Maximum DPI Connections (DPI services enabled) - This is the recommended setting for most SonicWall network security appliance deployments. This option is selected by default.

    • DPI Connections (DPI services enabled with additional performance optimization) - This option is intended for performance critical deployments. This option trades off the number of maximum DPI connections for an increased firewall DPI inspection throughput.

    If either DPI Connections option is chosen and the DPI connection count is greater than 250,000, you can have the firewall resize the DPI connection and DPI-SSL counts dynamically.