Scrutinizer | NetFlow Traffic Analyzer
IP data-flow monitoring, visualization, analytics & reporting for any network appliance.
Dell™ SonicWALL™ Scrutinizer is a multi-vendor, flow-based application traffic analytics, visualization and reporting tool to measure and troubleshoot network performance and utilization while increasing productivity for enterprises and service providers. Scrutinizer supports a wide range of routers, switches, firewalls, and data-flow reporting protocols, providing unparalleled insight into application traffic analysis from IPFIX/NetFlow data exported by Dell SonicWALL firewalls, as well as support for a wide range of routers, switches, firewalls, and data-flow reporting protocols. IT administrators in charge of high throughput networks can deploy Scrutinizer as a virtual appliance for high performance environments.
Real Time Network Utilization & Bandwidth Monitoring.
Dell SonicWALL Scrutinizer enables organizations to achieve uniquely granular, flexible and powerful insight into network and application traffic, and it’s compatible with Dell SonicWALL Next-Generation Firewall and third party product exports of IPFIX data. Scrutinizer is also useful for reducing troubleshooting time for network performance issues. In addition, Scrutinizer users, especially service providers, can take advantage of Scrutinizer to proactively monitor Quality of Service (QoS) and generate invoicing data and Service Level Agreement (SLA) metrics reports.
Eliminating wasteful network usage.
Dell SonicWALL Scrutinizer increases employee productivity using application traffic analytics to eliminate wasteful network usage while enhancing network optimization. Scrutinizer gives administrators immediate insight into network application traffic and user activity reporting (web surfing, VPN usage, VoIP traffic, and application usage) across Dell SonicWALL security appliances, in addition to virtually all third-party routers and switches. At the same time, you obtain greater security awareness by watching for and alerting on suspicious or potentially hazardous network events.
Granular analytics and reporting.
Shorten root-cause analysis with granular analytics and reporting. Scrutinizer provides easy visualization of network traffic, VPN traffic, VoIP traffic, top hosts, protocols, ports, applications, traffic and conversations across all network realms and devices. Flexible analysis options can display trend data in bits, bytes, packets or percent of total bandwidth consumed. Scrutinizer offers support for both IPFIX and Flexible NetFlow for fully customizable report templates, and can save all flow records indefinitely.
Network topology and flow path insight.
Quickly pinpoint the source of jitter, packet loss, latency, or a misconfigured network by lighting up the end-to-end path (including asymmetrical connection paths) of a flow across a multi-vendor network topology with Flow Hopper (patent pending)
Speed troubleshooting of capacity bottlenecks, latency, jigger, Active Timeout, top conversations, top host flows, host volume, pair volume, MAC addresses, VLANs, and domains by leveraging IPFIX and other flow based protocols for deeper insight. Track latency and round-trip time (RTT) in flexible increments with the Flowalyzer NetFlow and sFlow Tool Kit™.
Powerful visualization tools.
Intuitive visualization tools list top interfaces across all routers, switches and firewalls to display real time or archived application traffic data using interactive charts, tables and Google® Maps, with an innovative matrix view to show flow fields, and network topology maps showing relevant flow data.
Enhanced forensics capabilities.
Simplify forensic analysis through enhanced detection capabilities and alerts. Scrutinizer captures unauthorized applications, malicious traffic, known-compromised Internet hosts, Flow Sequence Number violations, DNS cache poisoning, rogue IP addresses, DHCP and mail servers, port scanning, excessive multicast traffic, HTTP hijacking and DDOS attacks.
High-performance traffic analysis with our virtual appliance.
Analyze traffic in high throughput environments by deploying Scrutinizer as a virtual appliance, which is capable of receiving over 40,000 flows-per-second for hundreds of flow exporting devices, and easily accommodate high-performance requirements. In addition, the virtual appliance also eases migration and reduces deployment costs by allowing administrators to move a snapshot of a virtual environment to new physical server infrastructure. By running multiple operating systems and applications on a single computer, virtual appliances reduce associated capital expenditures, administrative overhead and power consumption.
Detailed NetFlow and IPFIX analysis.
Administrators can gain more granular, detailed NetFlow and IPFIX analysis using Dell SonicWALL Application Traffic Analysis, a unique application flow analytics solution that combines Dell SonicWALL Next-Generation Firewall and Dell SonicWALL Scrutinizer. The firewall transmits IPFIX data in real-time to the traffic analyzer collector application, where the administrator can examine usage data by application or user, look at data over different time periods and much more. While some firewall vendors do support NetFlow or IPFIX, only Dell SonicWALL offers this level of application traffic detail.
Receive greater return on your technology investment through deep and broad compatibility with third-party systems that may already be embedded in your infrastructure, thereby extending long-term value. Scrutinizer supports third-party routers and switches, and is compatible with products of cross-industry vendors, thus providing you with the increased value and the flexibility of an all-in-one tool to monitor network utilization and visualize application traffic flows across your entire network. Scrutinizer offers enhanced support for many third party vendors, including Cisco®, Citrix®, NetScaler®, Riverbed®, and Enterasys®.
Administrators can set alerts based upon interface utilization, unfinished flows, nefarious activities, and degraded voice and video to display how many other alarms the host has violated. Scrutinizer alerting can also facilitate various automatic remediation options.
Ease administration with flexible, customizable dashboards per login, group-based and per login permissions to access flows for specific router, switch, and firewall interfaces. MSPs can easily modify style sheets to match branding. Create summary reports on Dell SonicWALL and third party devices and view them directly on your dashboard.
- These features require the Flow Analytics Module.
- Available in the Service Provider Module.
Bring your analytics solution to the next level with Scrutinizer Add-On Modules.
Flow Analytics Module.
The Dell™ SonicWALL™ Flow Analytics Module brings traffic flow diagnostics to the next level by adding valuable functionality to Dell SonicWALL Scrutinizer software, such as historical reporting for an unrestricted period of time, advanced alarming with the ability to set thresholds and facilitate automatic remediation, role-based administration, and in-depth traffic analysis algorithms. With the Flow Analytics Module, Scrutinizer can easily identify top applications, conversations, flows, protocols, domains, countries and subnets on the network, as well as watch for and alert on suspicious or potentially hazardous network behavior patterns, thereby providing administrators with greater network security awareness. Benefits include:
The Flow Analytics Module adds advanced reporting options such as flow volume, MPLS by subnet, Microsoft® Exchange log trending and NBAR support. Administrators have with a wealth of information right at their fingertips.
IT administrators can create custom reports by applying filters to granularly define the specific information desired. Once created, custom reports can be saved for later use. Custom reports allow the user to configure detailed reports by filtering on fields such as IP Addresses, ranges and subnets; port numbers and ranges; defined applications including ranges of protocols and groups of protocols; multiple interfaces from different routers and switches; any exported field available via NetFlow or IPFIX; dynamic Quality of Service (QoS) monitoring; and detailed security/forensic information.
Traffic analysis reports.
The Flow Analytics Module adds several additional flow based traffic analysis report types. Examples include granular IPFIX based application visualization reports for Dell SonicWALL products; flexible NetFlow NBAR based application reports (requires IOS v15 on Cisco routers); conversations to/from host pairs and applications used; flow reports with ToS field; host flow reports to show hosts sending or receiving the most flows; host volume reports to show the volume of unique hosts per second; and pair volume reports to show the volume of unique to/from address pairs per second.
Set It and Forget It alerting.
The Flow Analytics Module provides administrators with greater automation control, making routine advanced reporting a snap. Alerts can be configured based upon everything from unfinished flows to specific interface utilization. Administrators can configure QoS thresholds to proactively be alerted of RTSP latency and jitter before end users even reports a problem. Using saved Scrutinizer reports, the Flow Analytics Module can monitor and send out syslogs when traffic patterns violate specified thresholds. Scrutinizer facilitates automatic remediation via support for SNMP traps and script execution.
Enhanced security awareness.
The enhanced security functionality alone makes Scrutinizer with Flow Analytics an invaluable tool in an administrator’s arsenal. It shows exactly what is happening on the network—where traffic originated, where it is going and what type of traffic it is. Is someone planning an attack by scanning the corporate network? Did one of the servers get infected with malware and launch a DDoS attack? Scrutinizer can automatically detect nefarious activities and alert administrators immediately.
Valuable troubleshooting tools allow Scrutinizer to easily identify the volume of flows per hosts and peer into Voice over IP (VoIP) traffic. IT administrators can analyze VoIP traffic and determine the amount of voice traffic into and out of the network over time; what users are involved with the most VoIP traffic; the caller ID of destination and source; QoS statistics such as Latency/Jitter and packet loss of each call; what audio codec is being utilized; and whether the router is modifying DSCP values.
Network topology maps.
Network topology maps come to life in Scrutinizer as links change in color and thickness with variations in network utilization. Clicking on a link in a network topology map brings up useful traffic statistics such as top talkers and top conversations within the last minute.
IT administrators can use Scrutinizer to plot network appliances such as firewalls, routers and switches on a Google® map embedded in the Scrutinizer application. Using this geographic map as a starting point into all network analysis provides traffic details collected and organized for easy visualization in Scrutinizer.
Dell SonicWALL Specific IPFIX Templates for Reporting.
Administrators can use Scrutinizer to obtain deep insights into application usage as detected by Dell SonicWALL Next-Generation Firewalls. The Dell SonicWALL firewall transmits IPFIX data in real-time to Scrutinizer and the administrator can examine application usage, VoIP usage, VPN usage, and much more by user and over different time periods. While some firewall vendors do provide NetFlow support or IPFIX support, only Dell SonicWALL offers this granular level of application traffic detail.
Advanced Reporting Module.
The Dell™ SonicWALL™ Scrutinizer Advanced Reporting Module is a value added performance monitoring, reporting, and billing solution. It provides extended performance monitoring and reporting for Cisco and Citrix solutions. It also offers CrossCheck, which provides integration with third party monitoring tools such as WhatsUp Gold, Orion, SNMPc, Uptime Devices, Nimsoft and others. In addition, it allows customizable billing and invoicing based on actual network usage.
Extended Support for Cisco Solutions.
The Scrutinizer Advanced Reporting Module supports Cisco Smart Logging and Telemetry, Cisco TrustSec (CTS), Cisco Performance Routing (PfR), Performance Agent and Performance Monitoring (Cisco Medianet). This module delivers detailed reports on all traffic related to voice and video. IT staff can easily use this module to troubleshoot issues related to video or voice by using Scrutinizer to analyze the appropriate flows.
With the Scrutinizer Advanced Reporting Module, Scrutinizer can be configured to analyze and alert on excessive amounts of one or a combination of the following example parameters:
- Round Trip Time (Latency)
- Packet Loss
- Bits, Bytes and Packets
- MAC Addresses, IP Addresses
- Hundreds more not listed
Extended Support for Citrix Solutions.
The Scrutinizer Advanced Reporting Module brings enhanced support for Citrix equipment by adding granular drill-down capabilities for:
- URLs providing reporting insight into web servers and databases being accessed
- Applications providing reporting insight into applications being accelerated via NetScaler
- Latency providing reporting insight into the health and delay as seen by NetScaler
Note: Citrix NetScaler makes applications and cloud-based services run five times better by offloading application and database servers, accelerating application and service performance, and integrating security.
The Scrutinizer Advanced Reporting Module also includes CrossCheck, which was created in direct response to large MSP and enterprise customer demands for integration with third party monitoring applications. It provides:
- An inventory of all network devices managed by other analytic tools displaying several attributes including device name, IP address, and status.
- Flowalyzer Poller, which continually assesses the status of devices identified by Advanced Reporting and provides updates to Scrutinizer via IPFIX messages.
- References on the status of devices inside third party management solutions, and a single Fault Index value across multiple integrations. Fault index measurements indicate device status across numerous management systems using configurable severity levels. Syslog notifications can be sent out if predefined threshold levels are met.
- Clickable inventory item listings that provide users with direct links to integrated third party applications and easy access to devices that are managed via these other applications.
- The ability to create inventory groupings for easy monitoring of network segments regardless of whether the appliances are managed by Scrutinizer or a third party application.
- Inventory groupings can be created allowing for easy monitoring of network segments regardless of whether the appliances are managed by Scrutinizer or a third party application.
Customizable Traffic and Usage-based Billing and Invoicing
The Scrutinizer Advanced Reporting Module enables customizable invoicing and billing solutions based on actual network usage, and eases data export to Microsoft Excel in .CSV format.
The Advanced Reporting Module allows service providers to export flow data based on any flow (NetFlow, IPFIX, sFlow, etc.) field or combination of flow fields including but, not limited to: rate per second, packets, total bits, IP addresses, ToS (DSCP) or BGP autonomous system (AS) number. This data can then be used to invoice end customers based on actual network usage rather than WAN connection speed.
The Advanced Reporting Module routinely exports a custom .CSV file with all the required details. For example, it allows billing based on a flat rate versus a burst rate as well as total amount transferred per month. More traditional billing is also possible, for example, where the end customer pays based on the 95% percentile technique.
The Dell SonicWALL Multi-Tenancy Module (only available as an add-on for Dell SonicWALL Scrutinizer with the Flow Analytics Module,) adds several features that are especially useful for Managed Service Providers (MSPs) and Internet Service Providers (ISPs).
As a service provider or IT organization, delivering information about the performance of the infrastructure and services you are providing to the end-user is critical. With Scrutinizer MTM, you have the secure flexibility needed to deliver a controlled, secure and segregated reporting experience per customer or user.
- Allows permissions to be configured per router / switch / interface, etc. per login account
- Style Sheets are easily modified with several defaults to change the colors and fonts to match the Service Providers marketing efforts. Most logos can be changed as well
- Definable default landing page when customer logs in
- Unique language support per login account
- Allows integration of 3rd party applications and URLs into mashups
Mashups for easy accessibility.
Utilizing simple web technology, Scrutinizer allows anyone to easily assemble a URL into a mashup or third party application to directly import and display important information regarding the activity of a specific host or application on your network into the Scrutinizer dashboard.
IT administrators can choose to provide end users are with secure login access to the flow data generated by their network devices. End users can also use the customer portal to troubleshoot bandwidth usage and identify/analyze odd traffic patterns. Additionally, automatic HTML reports can be scheduled for each end customer. Service providers can use the portal as a message board to communicate with their customers as well as integrate other applications into the Dashboard interface.
- S Standard
- O Optional
- - Not Available
- * This feature list is valid after the initial 30 day of the trial. For the first 30 days of the trial it includes all features available in the Flow Analytics Module as well.
|Component||Minimum Specifications |
(for trial installations)
(for production environments)
|Disks||50 GB IDE or SATA||1+ TB 15k SCSI in a RAID 0 or 10 configuration|
|Processor||Dual Core 2GHz+||Quad Core 2GHz+|
|Operating System||Windows Vista/2008/7||Windows 2008/2012 Server|
|Component||Minimum Specifications |
(for trial installations)
(for production environments – Dedicated resources)
|Disks||1 TB 15k SCSI in a RAID 0 or 10 configuration||1+ TB 15k SCSI in a RAID 0 or 10 configuration|
|Processor||Quad Core 2GHz+||2 x Quad Core 2GHz+|
|VMware||ESX(i) 4.x / 5.x||ESX(i) 4.x / 5.x|
|SonicWALL Scrutinizer Windows Version with Flow Analytics Module software license1||5||01-SSC-4002||$4,495|
|SonicWALL Scrutinizer Virtual Appliance with Flow Analytics Module software license1||5||01-SSC-3443||$8,495|
|Add-On Modules||Nodes||SKU||Pricing (USD)|
|SonicWALL Scrutinizer Advanced Reporting Module software license1||5||01-SSC-3773||$1,995|
|SonicWALL Scrutinizer Multi-Tenancy Module software license1||5||01-SSC-3782||$4,495|
|Node Upgrade Options||Nodes||SKU||Pricing (USD)|
|SonicWALL Scrutinizer with Flow Analytics Module software upgrade||5 to 25||01-SSC-4401||$3,850|
|5 to 50||01-SSC-0339||$9,350|
|5 to 100||01-SSC-0340||$18,150|
|5 to 150||01-SSC-0338||$22,550|
|5 to 250||01-SSC-3791||$31,350|
|25 to 50||01-SSC-0355||$5,500|
|25 to 100||01-SSC-0356||$14,300|
|25 to 150||01-SSC-0357||$18,700|
|25 to 250||01-SSC-3792||$27,500|
|50 to 100||01-SSC-0358||$8,800|
|50 to 150||01-SSC-0359||$13,200|
|50 to 250||01-SSC-3793||$22,000|
|100 to 150||01-SSC-0399||$4,400|
|100 to 250||01-SSC-3794||$13,200|
|150 to 250||01-SSC-3795||$8,800|
|SonicWALL Scrutinizer Virtual Appliance with Flow Analytics Module software upgrade||5 to 25||01-SSC-3796||$7,150|
|5 to 50||01-SSC-3797||$18,150|
|5 to 100||01-SSC-3798||$35,750|
|5 to 150||01-SSC-3799||$44,550|
|5 to 250||01-SSC-3890||$62,150|
|25 to 50||01-SSC-3891||$11,000|
|25 to 100||01-SSC-3892||$28,600|
|25 to 150||01-SSC-3893||$37,400|
|25 to 250||01-SSC-3894||$55,000|
|50 to 100||01-SSC-3895||$17,600|
|50 to 150||01-SSC-3896||$26,400|
|50 to 250||01-SSC-3897||$44,000|
|100 to 150||01-SSC-3898||$8,800|
|100 to 250||01-SSC-3899||$26,400|
|150 to 250||01-SSC-3900||$17,600|
|SonicWALL Scrutinizer Advanced Reporting Module software upgrade||5 to 25||01-SSC-3901||$2,200|
|5 to 50||01-SSC-3902||$4,400|
|5 to 100||01-SSC-3903||$7,700|
|5 to 150||01-SSC-3904||$11,000|
|5 to 250||01-SSC-3905||$14,300|
|25 to 50||01-SSC-3906||$2,200|
|25 to 100||01-SSC-3907||$5,500|
|25 to 150||01-SSC-3908||$8,800|
|25 to 250||01-SSC-3909||$12,100|
|50 to 100||01-SSC-3910||$3,300|
|50 to 150||01-SSC-3911||$6,600|
|50 to 250||01-SSC-3912||$9,900|
|100 to 150||01-SSC-3913||$3,300|
|100 to 250||01-SSC-3914||$6,600|
|150 to 250||01-SSC-3915||$3,300|
|SonicWALL Scrutinizer Multi-Tenancy Module software upgrade||5 to 25||01-SSC-3916||$3,850|
|5 to 50||01-SSC-3917||$9,350|
|5 to 100||01-SSC-3918||$18,150|
|5 to 150||01-SSC-3919||$22,550|
|5 to 250||01-SSC-3920||$31,350|
|25 to 50||01-SSC-3921||$5,500|
|25 to 100||01-SSC-3922||$14,300|
|25 to 150||01-SSC-3923||$18,700|
|25 to 250||01-SSC-3924||$27,500|
|50 to 100||01-SSC-3925||$8,800|
|50 to 150||01-SSC-3926||$13,200|
|50 to 250||01-SSC-3927||$22,000|
|100 to 150||01-SSC-3928||$4,400|
|100 to 250||01-SSC-3929||$13,200|
|150 to 250||01-SSC-3930||$8,800|
|Support Options||Nodes||SKU||Pricing (USD)|
|SonicWALL Scrutinizer with Flow Analytics Module 24x7 Software Support (1 Year)||5||01-SSC-4511||$899|
|SonicWALL Scrutinizer Virtual Appliance with Flow Analytics Module 24x7 Software Support (1 Year)||5||01-SSC-3935||$1,699|
|SonicWALL Scrutinizer Advanced Reporting Module 24x7 Software Support (1 Year)||5||01-SSC-3944||$399|
|SonicWALL Scrutinizer Multi-Tenancy Module 24x7 Software Support (1 Year)||5||01-SSC-3953||$899|
- All Software and software upgrade options include 1 year of 24x7 Software Support