35
SonicOS Enhanced 4.0 Administrator Guide
CHAPTER 3
Chapter 3: Introduction

Introduction

SonicOS Enhanced 4.0 is the most powerful SonicOS operating system designed for the
SonicWALL PRO 4060, and the PRO 5060.

What’s New in SonicOS Enhanced 4.0

SonicOS Enhanced 4.0 introduces these new features:
Strong SSL and TLS Encryption - The internal SonicWALL Web server now only supports
SSL version 3.0 and TLS with strong ciphers (128 bits or greater) when negotiating HTTPS
management sessions. SSL implementations prior to version 3.0 and weak ciphers
(symmetric ciphers less than 128 bits) are not supported. This heightened level of HTTPS
security protects against potential SSLv2 roll-back vulnerabilities and ensures compliance
with the Payment Card Industry (PCI) and other security and risk-management standards.
Tip By default, Mozilla Firefox 2.0 and Microsoft Internet Explorer 7.0 enable SSL 3.0 and TLS,
and disable SSL 2.0. SonicWALL recommends using these most recent Web browser
releases. If you are using a previous release of these browsers, you should enable SSL 3.0
and TLS and disable SSL 2.0. In Internet Explorer, go to Tools > Internet Options, click on
the Advanced tab, and scroll to the bottom of the Settings menu. In Firefox, go to Tools >
Options, click on the Advanced tab, and then click on the Encryption tab.
Single Sign-On User Authentication - SonicOS Enhanced 4.0 introduces Single Sign-On
User Authentication, which provides privileged access to multiple network resources with a
single workstation login. Single Sign-On uses the SonicWALL SSO Agent to identify user
activity based on workstation IP addresses. Access to resources is based on policy for the
group to which the user belongs.
Stateful Hardware Failover - SonicOS Enhanced 4.0 introduces Stateful Hardware
Failover, which provides improved failover performance. With Stateful Hardware Failover,
the primary and backup security appliances are continuously synchronized so that the
backup can seamlessly assume all network responsibilities if the primary appliance fails,
with no interruptions to existing network connections. Once the primary and backup