en-US
search-icon

Network Security appliance (NSa) Mid-Range Firewall Series

Get the security you need at the speed you expect. Protect your network from the core to the perimeter with industry-validated security effectiveness and performance. The SonicWall Network Security appliance (NSa) Mid-Range Firewall series consolidates automated advanced threat prevention technologies in a mid-range next-generation firewall (NGFW) platform. It’s built on a multi-core hardware architecture featuring 10-GbE and 2.5-GbE interfaces. The NSa series scales to meet the performance demands of mid-sized networks, branch offices and distributed enterprises. NSa series firewalls feature cloud-based and on-box capabilities such as TLS/SSL decryption and inspection, application intelligence and control, real-time visualization and WLAN management.
Mid Range Product Image

Advanced threat prevention in a high-performance security platform

Get the security you need at the speed you expect. Protect your network from the core to the perimeter with industry-validated security effectiveness and performance. The SonicWall Network Security appliance (NSa) Mid-Range Firewall series consolidates automated advanced threat prevention technologies in a mid-range next-generation firewall (NGFW) platform. It’s built on a multi-core hardware architecture featuring 10-GbE and 2.5-GbE interfaces. The NSa series scales to meet the performance demands of mid-sized networks, branch offices and distributed enterprises. NSa series firewalls feature cloud-based and on-box capabilities such as TLS/SSL decryption and inspection, application intelligence and control, real-time visualization and WLAN management.

Legend: S — Standard,  O — Optional,  N — Not Available

_productName NSa 9650 NSa 9450 NSa 9250 NSa 6650 NSa 5650 NSa 4650 NSa 3650 NSa 2650
Deep Packet Inspection Firewall TotalSecure Firewall Overview S S S S S S S S
Stateful Packet Inspection Firewall TotalSecure Firewall Overview S S S S S S S S
Unlimited File Size Protection TotalSecure Firewall Overview S S S S S S S S
Protocols Scanned TotalSecure Firewall Overview S S S S S S S S
Application Intelligence and Control Threat Prevention Services Available S S S S S S S S
Intrusion Prevention Service Threat Prevention Services Available S S S S S S S S
Gateway
Anti-Virus and
Anti-Spyware
Threat Prevention Services Available S S S S S S S S
Content & URL Filtering (CFS) Threat Prevention Services Available S S S S S S S S
SSL Inspection (DPI SSL) Threat Prevention Services Available S S S S S S S S
Content Filtering Client (CFC)1 Threat Prevention Services Available O O O O O O O O
Analyzer Reporting1 Threat Prevention Services Available O O O O O O O O
Capture Advance Threat Protection1 Threat Prevention Services Available O O O O O O O O
Enforced Client
Anti-Virus and
Anti-Spyware1
Threat Prevention Services Available O O O O O O O O
24x7 Support Threat Prevention Services Available S S S S S S S S
Interfaces Firewall General 10 x 10-GbE SFP+, 2 x 10-GbE, 8 x 2.5-GbE, 8 x 1-GbE, 1 GbE Management, 1 Console 10 x 10-GbE SFP+, 2 x 10-GbE, 8 x 2.5-GbE, 8 x 1-GbE, 1 GbE Management, 1 Console 10 x 10-GbE SFP+, 2 x 10-GbE, 8 x 2.5-GbE, 8 x 1-GbE, 1 GbE Management, 1 Console 6 x 10-GbE SFP+, 2 x 10-GbE, 4 x 2.5-GbE SFP, 8 x 2.5-GbE, 8 x 1-GbE, 1 GbE Management, 1 Console 2 x 10-GbE SFP+, 2 x 10-GbE, 4 x 2.5-GbE SFP, 4 x 2.5-GbE, 16 x 1-GbE, 1 GbE Management, 1 Console 2 x 10-GbE SFP+, 4 x 2.5-GbE SFP, 4 x 2.5-GbE, 16 x 1-GbE, 1 GbE Management, 1 Console 2 x 10-GbE SFP+, 8 x 2.5-GbE SFP, 4 x 2.5-GbE, 12 x 1-GbE, 1 GbE Management, 1 Console 4 x 2.5-GbE SFP, 4 x 2.5-GbE, 12 x 1-GbE, 1 GbE Management, 1 Console
Management Firewall General CLI, SSH, Web UI, Capture Security Center, GMS, REST APIs CLI, SSH, Web UI, Capture Security Center, GMS, REST APIs CLI, SSH, Web UI, Capture Security Center, GMS, REST APIs CLI, SSH, Web UI, Capture Security Center, GMS, REST APIs CLI, SSH, Web UI, Capture Security Center, GMS, REST APIs CLI, SSH, Web UI, Capture Security Center, GMS, REST APIs CLI, SSH, Web UI, Capture Security Center, GMS, REST APIs CLI, SSH, Web UI, Capture Security Center, GMS, REST APIs
Nodes Supported Firewall General Unrestricted Unrestricted Unrestricted Unrestricted Unrestricted Unrestricted Unrestricted Unrestricted
Site-to-Site VPN Tunnels Firewall General 12,000 12,000 12,000 8,000 6,000 4,000 3,000 1,000
IPSec VPN Clients (Maximum) Firewall General 2,000 (6,000) 2,000 (6,000) 2,000 (6,000) 2,000 (6,000) 2,000 (6,000) 2,000 (4,000) 500 (3,000) 50 (1,000)
SSL VPN NetExtender Clients (Maximum) Firewall General 50 (3,000) 2 (3,000) 2 (3,000) 2 (2,000) 2 (1,500) 2 (1,000) 2 (500) 2 (350)
VLAN Interfaces Firewall General 512 512 512 512 500 400 256 256
Wireless Controller Firewall General S S S S S S S S
WWAN Failover (4G/LTE) Firewall General S S S S S S S S
Network Switch Management Firewall General S S S S S S S S
Firewall Inspection Throughput2 Firewall/VPN Performance 17.1 Gbps 17.1 Gbps 12.0 Gbps 12.0 Gbps 6.25 Gbps 6.0 Gbps 3.75 Gbps 3.0 Gbps
Full DPI Throughput (GAV/GAS/IPS)3 Firewall/VPN Performance 5.5 Gbps 5.0 Gbps 3.3 Gbps 3.1 Gbps 1.7 Gbps 1.2 Gbps 730 Mbps 600 Mbps
Application Inspection Throughput3 Firewall/VPN Performance 11.5 Gbps 10.8 Gbps 7.75 Gbps 6.0 Gbps 4.25 Gbps 3.0 Gbps 2.1 Gbps 1.4 Gbps
IPS Throughput3 Firewall/VPN Performance 10.3 Gbps 10.2 Gbps 7.2 Gbps 6.0 Gbps 3.4 Gbps 2.3 Gbps 1.8 Gbps 1.4 Gbps
Anti-Malware Inspection Throughput3 Firewall/VPN Performance 5.5 Gbps 5.0 Gbps 3.7 Gbps 3.5 Gbps 1.7 Gbps 1.25 Gbps 800 Mbps 600 Mbps
IMIX Throughput Firewall/VPN Performance 4.1 Gbps 4.1 Gbps 2.65 Gbps 2.65 Gbps 1.45 Gbps 1.3 Gbps 900 Mbps 700 Mbps
SSL DPI Throughput3 Firewall/VPN Performance 2.25 Gbps 2.1 Gbps 1.5 Gbps 1.45 Gbps 800 Mbps 500 Mbps 300 Mbps 250 Mbps
VPN Throughput4 Firewall/VPN Performance 10.0 Gbps 10.0 Gbps 6.75 Gbps 6.0 Gbps 3.5 Gbps 3.0 Gbps 1.5 Gbps 1.3 Gbps
Maximum SPI Connections Firewall/VPN Performance 12,500,000 10,000,000 7,500,000 5,000,000 4,000,000 3,000,000 2,000,000 1,000,000
Maximum DPI Connections Firewall/VPN Performance 5,000,000 4,000,000 3,000,000 2,000,000 1,500,000 1,000,000 750,000 500,000
Default/Maximum Connections
(DPI SSL)5
Firewall/VPN Performance 210,000/300,000 134,000/200,000 48,000/100,000 45,000/75,000 19,000/37,000 18,000/30,000 15,000/24,000 12,000/18,000
New Connections/Sec Firewall/VPN Performance 130,000 130,000 90,000 90,000 40,000 40,000 14,000 14,000
Logging and Reporting Features Analyzer, Local Log, Syslog Analyzer, Local Log, Syslog Analyzer, Local Log, Syslog Analyzer, Local Log, Syslog Analyzer, Local Log, Syslog Analyzer, Local Log, Syslog Analyzer, Local Log, Syslog Analyzer, Local Log, Syslog
Network Traffic Visualization Features S S S S S S S S
Netflow/IPFIX Reporting Features S S S S S S S S
SNMP Features S S S S S S S S
Authentication Features LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC) LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC) LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC) LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC) LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC) LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC) LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC) LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC)
Dynamic Routing Features BGP, OSPF, RIP BGP, OSPF, RIP BGP, OSPF, RIP BGP, OSPF, RIP BGP, OSPF, RIP BGP, OSPF, RIP BGP, OSPF, RIP BGP, OSPF, RIP
Single Sign-on (SSO) Features S S S S S S S S
Voice over IP (VoIP) Security Features S S S S S S S S
PortShield Security Features S S S S S S S S
Port Aggregation Features S S S S S S S S
Link Redundancy Features S S S S S S S S
Policy-based Routing Features S S S S S S S S
Route-based VPN Features S S S S S S S S
Dynamic Bandwidth Management Features S S S S S S S S
Stateful High Availability Features S S S S S S S S
Multi-WAN Features S S S S S S S S
Load Balancing Features S S S S S S S S
Object-based Management Features S S S S S S S S
Policy-based NAT Features S S S S S S S S
IKEv2 VPN Features S S S S S S S S
TLS/SSL/SSH Decryption and Inspection Features S S S S S S S S
SSL Control Features S S S S S S S S
Auto-provision VPN Features S S S S S S S S
Active/Active Cluster Features S S S S S
Terminal Services Authentication/Citrix Support Features S S S S S
Biometric Authentication Features S S S S S S S S
DNS Proxy Features S S S S S S S S
Hardware Failover6 Features Active/Passive with State Sync, Active/Active DPI with State Sync, Active/Active Clustering Active/Passive with State Sync, Active/Active DPI with State Sync, Active/Active Clustering Active/Passive with State Sync, Active/Active DPI with State Sync, Active/Active Clustering Active/Passive with State Sync, Active/Active DPI with State Sync, Active/Active Clustering Active/Passive with State Sync, Active/Active DPI with State Sync, Active/Active Clustering Active/Passive with State Sync, Active/Active Clustering Active/Passive with State Sync, Active/Active Clustering Active/Passive with State Sync
  1. Services must be purchased separately.
  2. Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services.
  3. Full DPI/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs.
  4. VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544.
  5. For every 125,000 DPI connections reduced, the number of available DPI SSL connections increases by 3,000.
  6. Active/Active Clustering and Active/Active DPI with State Sync require the purchase of Expanded License except for NSa 9250 and above.
Close Overview
FUTURE-PROOF YOUR INFRASTRUCTURE Image

FUTURE-PROOF YOUR INFRASTRUCTURE

The NSa series future-proofs your infrastructure for whatever comes next. Featuring high port density and unparalleled threat prevention speeds across a large number of encrypted and unencrypted connections, the NSa series delivers advanced, cost-effective security. With up to 12 2.5-GbE interfaces, NSa series next-generation firewalls are built to embrace the 802.11ac Wave 2 WiFi standard by matching the wired and the wireless throughput. To meet the continuing increase in the number of connected devices and encrypted connections, the NSa series provides a very high number of stateful packet inspection, deep packet inspection and deep packet inspection of TLS/SSL connections.

SonicWall NSa Series Firewalls Video Data Sheet

NSa series firewalls scale from mid-sized organizations up to large distributed enterprises and data centers, and consolidate industry-validated security effectiveness and best-in-class price-performance in a 1U rack-mount appliance

GO BEYOND THREAT DETECTION Image

GO BEYOND THREAT DETECTION

It’s not enough to just detect threats. Your firewall must prevent them. That’s exactly what SonicWall NGFWs do. NSa series firewalls leverage the power of our Capture Cloud Platform to deliver real-time, cloud-based threat prevention, while augmenting the security from our on-box deep packet inspection engine. This combination scans all wired and wireless traffic for known and unknown threats and removes them before they get into your network. The NSa series examines every byte of every packet on all ports and protocols regardless of file size for maximum protection.

EMBRACE INNOVATION Image

EMBRACE INNOVATION

  • Patent-pending Real-Time Deep Memory Inspection (RTDMI™) technology
  • Patented Reassembly-Free Deep Packet Inspection (RFDPI®) technology
  • Cloud-based and on-box threat prevention featuring multi-engine sandboxing, anti-malware, intrusion prevention, web filtering and more
  • Feature-rich SonicOS operating system with intuitive UI
  • 10-Gigabit and 2.5-Gigabit Ethernet ports
  • Real-time TLS/SSL and SSH decryption and inspection
  • Onboard storage module
  • Dual power supplies for redundancy
  • Built-in wireless controller
EXPECT HIGH-SPEED PERFORMANCE Image

EXPECT HIGH-SPEED PERFORMANCE

The SonicWall NSa series delivers both high-speed stateful and deep packet inspection firewall performance, with a multi-core parallel-processing architecture and multiple 10- and 2.5-Gigabit Ethernet ports. The NSa series uses our patent-pending Real-Time Deep Memory Inspection (RTDMI™) and single-pass, stream-based, deep packet inspection technologies to deliver latency-free performance for simultaneous network streams. The built-in wireless controller enables you to establish high-speed wireless network security by adding SonicWall SonicWave 802.11ac Wave 2 wireless access points.

NSA 2600/3600/4600/5600/6600 Image

NSA 2600/3600/4600/5600/6600

Protect your network from the core to the perimeter with industry-validated security effectiveness and performance. The SonicWall Network Security Appliance (NSA) Mid Range Firewall Series consolidates automated advanced threat prevention technologies in a mid-range next-generation firewall (NGFW) platform. Built on a multi-core hardware architecture featuring 10-GbE interfaces, the NSA Series scales to meet the performance demands of mid-sized networks, branch offices and distributed enterprises. Features such as application intelligence and control, real-time visualization and WLAN management provide the controls to identify, monitor and control application and user traffic across the entire network.

Learn more >