SonicWall TZ80 Next-Gen Firewall and Network Security Manager (NSM) SaaS 2.6.0 FAQ
Description
What is SonicWall TZ80?
SonicWall TZ80, the subscription-based NGFW purpose-built for small offices, home offices, and IoT, delivers best-in-class security efficacy and performance and simplified management at a low TCO. Protect your businesses and compact workspaces with intrusion prevention, anti-malware, content/URL filtering, and application control. SonicWall TZ80 delivers the same enterprise-grade advanced threat protection available with all our NGFWs at best-in-class threat protection throughput and a low TCO on firewall inspection throughput.
Key Features:
- Subscription-based
- Multiple licensing models
- Better TCO on Firewall Licensing Throughput
- Best-in-class Threat Protection Throughput
- Zero-touch Provisioning and Simplified Management
- Zero-Trust Edge Support
What does NSM SaaS 2.6.0 offer?
NSM SaaS 2.6.0 supports the management of TZ80 and adds new features, such as a firewall model-specific template, which solves bulk deployment needs, and auto-sync, which ensures the firewalls always remain in sync.
- Firewall Model-Specific Templates: These allow businesses to create customized templates for faster deployment, streamlining bulk configurations and making it easier for industries such as Education, where schools across different districts can deploy similar policies.
- Auto-Sync for Local Firewall Changes: Automatically syncs configuration changes made locally on Firewalls with the cloud management (NSM), ensuring consistency across your entire security infrastructure.
- Firewall Audit Logs in NSM: Admins can now view and manage firewall audit logs directly on NSM, improving visibility and simplifying management.
What is the relevance of Zero Trust to TZ80?
Zero Trust is a security strategy that asserts that no user, device, or app should be trusted by default. It follows the maxim of “never trust, always verify”. This means an entity even if it has been authenticated before, has to be re-authenticated with every new connection. This strategy minimizes the risks of unauthorized access to confidential and secure data. ZTNA that is Zero Trust Network Access applies that same principle to remote access of applications and services across hybrid and multi-cloud infrastructure. SonicWall has an offering i.e. Cloud Secure Edge or CSE to enable businesses to adopt ZTNA strategy. TZ80 has an integrated CSE connector and that makes it easy to support ZTNA strategy and ensure secure access to private applications hosted behind the firewall.
Hardware, Deployment, Licensing & Support
How many ports does the TZ80 have?
SonicWall TZ80 has a total of five ports: four Gigabit Ethernet copper ports and one Gigabit SFP port.
How many users does the TZ80 support?
The recommendation is 15 to 20 users. However, this number can increase or decrease based on the deployment type.
Does TZ80 support Cellular Interfaces?
SonicWall TZ80 supports USB Cellular dongles – USB Type-A or USB Type-C.
How is SonicWall TZ80 different from SonicWall SOHO Firewall?
Compared to the legacy SonicWall SOHO firewall, the SonicWall TZ80 delivers 5x Threat Performance throughput, 4x VPN Performance, and 4x Max SSL Connections. TZ80 supports migration from SOHO and SOHOW in product settings, making it easy to upgrade from legacy SOHO firewalls.
How is SonicWall TZ80 different from existing firewalls?
There are several key differences. SonicWall TZ80 needs an active subscription to function. The firewall includes cloud management support in all its licensing tiers. It does not have FIPS and CC certifications. It supports the management of up to two SonicWall waves. It does not support SonicWall Switch management or Capture client enforcement. Also, it is not supported in close networks.
What are the new licensing options available with TZ80?
SonicWall TZ80 is a subscription-based model. Without a service subscription, TZ80 will not be operational.
There are 3 service subscription options: Secure Connect (SCSS), Advanced Protection Security Suite (APSS), and Managed Protection Security Suite (MPSS).
The service subscriptions are available for 1-year, 3-year, and 5-year terms. There is also a monthly licensing option for partners of our Service Provider Program.
The following table provides detailed features for each of the service subscription licenses.
| Feature | Secure Connect | Advanced Protection | Managed Protection |
| 24x7 Solution Support |
|
|
|
| Centralized Management & Orchestration |
|
|
|
| Layer 4/7 Stateful Firewall |
|
|
|
| SD-WAN & Advanced Routing |
|
|
|
| Intrusion Detection & Prevention |
|
|
|
| Content & Reputation-based Filtering |
|
|
|
| DNS Filtering |
|
|
|
| Full Reporting |
| 7-Day (Extensible to 30, 90, 365 days) | 30-Day (Extensible to 90, 365 days) |
| Advanced Analytics |
| 7-Day (Extensible to 30, 90, 365 days) | 30-Day (Extensible to 90, 365 days) |
| 24x7 Managed Firewall & Enhanced Support |
|
|
|
-SaaS-2.6.0-FAQ-kA1VN0000000Of30AE-0EMVN00000EobgC.png){kind=small}
What should buyers consider when selecting the licensing options?
The three licensing options are Secure Connect, Advanced Protection and Managed Protection. Secure Connect is typically for businesses seeking secure SD-WAN connectivity and VPN termination. Each subsequent license option builds upon the features in the previous model. For example, the first model, Advanced Protection Security Suite builds on the features in Secure Connect and enable businesses to add advanced threat protection and full reporting and analytics. Managed Protection Security Suite includes everything in APSS and meets the needs of customers and partners seeking managed firewall and enhanced 24x7 support.
Both end-customers and Managed Service Providers (MSPs) benefit from the MPSS offering. MSPs can backstop their existing monitoring and NOC operations to enhance their services and free up valuable time. In addition, Value-Added Resellers (VARS) working towards an MSP model can provide firewall monitoring for customers with expert support for deployment, patches and updates.
Settings Migration
Is a migration tool available for TZ80?
No, TZ80 supports in-product / on-box settings migration from SOHO and SOHOW firewalls.
Which models are supported for on-box migration experience on TZ80?
TZ80 supports on-box migration experience from SOHO and SOHOW firewall models running the latest software versions like 5.9.2.14, 5.9.2.8, and 6.5.4.13/above
How can I migrate settings from SOHO and/or SOHOW firewall to TZ80?
Export the settings files from SOHO/SOHOW source firewalls and then import them into a TZ80 firewall.
What configurations are not supported during the migration?
Interfaces like U1, VLAN, WLAN, and Tunnel are not supported during the migration. We recommend performing export/import for simple settings migration cases for bulk settings migration assistance, such as address objects, address groups, service objects, service groups, access rules, NAT Policies, and Route Policies. An error is displayed for all unsupported migrations.
Cloud Management, Reporting and Analytics
Which version of NSM can manage TZ80?
NSM version 2.6 and above can manage the TZ80 firewall.
Do I need to pay for Cloud management separately?
When you purchase Secure Connect, the APSS and MPSS license bundle includes cloud management and 7-day alerting by default at no additional cost.
What cloud management services are included in each of the bundles?
Secure Connect includes Support and Cloud Management with 7-day alerting. 7-day alerting refers to firewall UP/DOWN event reporting.
APSS includes all the secure services with Advanced cloud reporting and analytics for 7 days of data.
MPSS includes all security services, firewall-managed services, and 30 days of Advanced cloud reporting and analytics.
Are the flex packages available for cloud reporting?
We offer flex packages to add 30/90/365 days of Advanced Analytics and Reporting.
What is new about the Auto-sync feature on NSM 2.6?
The auto-sync feature introduced with NSM 2.6.0 automatically synchronizes local firewall configurations with NSM. Once the settings are synchronized with NSM, the device will continue to be in an “in-sync” state, and no manual intervention will be required to synchronize the local firewall settings changes on NSM.
What is the Firewall-model specific template?
This feature is a template of settings available in NSM 2.6 that can push configuration for mass deployments. Administrators can create a firewall-model specific template that can be used to apply similar configurations to other TZ80s, reducing time-to-deployment.
For more information on NSM 2.6, please refer to the NSM KB here
Orderability & Activation
Is subscription mandatory for TZ80 to operate?
Yes, the TZ80 requires an active license to operate. If the license expires, our annual licensing program has a 90-day grace period. After 90 days, the device will stop passing data traffic.
The monthly license subscriptions in the Service Provider Program does not allow for a grace. The device will stop passing traffic once the license expires.
What happens if I operate the TZ80 firewall without an active license?
If the license expires, our annual licensing program has a 90-day grace period. On the first day of the 90-day grace period (post-license expiry), the security services will stop which is consistent with the licensing behavior of our existing firewalls.
During the first 30 days of the grace period (after license expiration), the device will still be in a configurable state and pass data traffic. An alert on the on-device will indicate that the license has expired.
After the 30th day of the grace period (after license expiration), the device will be in a non-configurable mode but still pass data traffic. However, it will not allow any setting changes to be made.
After the 90th day of license expiration, the grace period ends. The firewall will be in non-configurable mode and not pass data traffic. However, control traffic to manage the TZ80 via the web GUI, and SSH will still be active. The device will continue to call home to SonicWall services; once the license is renewed, data traffic flow will be reinstated.
When all the 90 days of grace period have elapsed, if the device was managed via NSM it will be deleted from NSM, along with all Reporting and Analytics data. The device must be on-boarded again on NSM if the license is renewed after the 90-day grace period, and it will not have any of the old Reporting and Analytics data.
Will the TZ80 start passing data traffic once the expired license is renewed?
Yes, TZ80 will start passing data traffic after license renewal. If the device was managed via NSM and all the 90 days of grace period have elapsed, then the device is deleted from NSM, and all Reporting and Analytics data is deleted. The device must be on-boarded again on NSM if the license is renewed after the 90-day grace period, and it will not have any of the old Reporting and Analytics data. However, you can still renew the license. Learn more here.
What licenses besides Secure Connect, APSS, and MPSS hardware bundles are available?
Renewal SKUs for Secure Connect, APSS, MPSS, and flex SKUs NSM. No ala carte SKUs apart from cloud Reporting and analytics for 30, 60, and 90 days are available with TZ80.
Loyalty Programs
Is TZ80 part of the Customer Loyalty Program?
Yes, buyers can take advantage of Secure Upgrade Plus to upgrade from their legacy firewalls to TZ80 and qualify for special offers. Learn more about the program here.
Is TZ80 part of the SonicProtect Subscription Program?
Yes, businesses can take advantage of SonicProtect Subscription to enable cost protection and lock prices on multi-year APSS services. Learn more about SonicProtect Subscription here.