Firewall Settings > Advanced
714
SonicOS 5.8.1 Administrator Guide
Connections
The Connections section provides the ability to fine-tune the performance of the appliance to
prioritize either optimal performance or support for an increased number of simultaneous
connections that are inspected by UTM services. There is no change in the level of security
protection provided by either of the DPI Connections settings below. The following connection
options are available:
• Maximum SPI Connections (DPI services disabled) - This option does not provide
SonicWALL DPI Security Services protection and optimizes the firewall for maximum
number of connections with only stateful packet inspection enabled.
• Maximum DPI Connections (DPI services enabled) - This is the default and
recommended setting for most SonicWALL deployments.
• DPI Connections (DPI services enabled with additional performance optimization) - This
option is intended for performance critical deployments. This option trades off the number of
maximum DPI connections for an increased firewall DPI inspection throughput.
Note When changing the Connections setting, the SonicWALL security appliance must be
restarted for the change to be implemented.
The maximum number of connections also depends on whether App Flow is enabled and if an
external collector is configured, as well as the physical capabilities of the particular model of
SonicWALL security appliance. Mousing over the question mark icon next to the
Connections heading displays a pop-up table of the maximum number of connections for your
specific SonicWALL security appliance for the various configuration permutations. The table
entry for your current configuration is indicated in the table, as shown in the example below.
Access Rule Service Options
Force inbound and outbound FTP data connections to use default port 20 - The default
configuration allows FTP connections from port 20 but remaps outbound traffic to a port such
as 1024. If the check box is selected, any FTP data connection through the security appliance
must come from port 20 or the connection is dropped. The event is then logged as a log event
on the security appliance.