en-US
search-icon

Network Security Appliance (NSA) Mid-Range Firewall Series

Protect your network from the core to the perimeter with industry-validated security effectiveness and performance. The SonicWall Network Security Appliance (NSA) Mid-Range Firewall Series consolidates automated advanced threat prevention technologies in a mid-range next-generation firewall (NGFW) platform. Built on a multi-core hardware architecture featuring 10-GbE interfaces, the NSA Series scales to meet the performance demands of mid-sized networks, branch offices and distributed enterprises. Features such as application intelligence and control, real-time visualization and WLAN management provide the controls to identify, monitor and control application and user traffic across the entire network.
Mid Range Product Image

Advanced threat prevention in a high-performance security platform

Protect your network from the core to the perimeter with industry-validated security effectiveness and performance. The SonicWall Network Security Appliance (NSA) Mid-Range Firewall Series consolidates automated advanced threat prevention technologies in a mid-range next-generation firewall (NGFW) platform. Built on a multi-core hardware architecture featuring 10-GbE interfaces, the NSA Series scales to meet the performance demands of mid-sized networks, branch offices and distributed enterprises. Features such as application intelligence and control, real-time visualization and WLAN management provide the controls to identify, monitor and control application and user traffic across the entire network.

Legend: S — Standard,  O — Optional,  N — Not Available

_productName NSA 6600 NSA 5600 NSA 4600 NSA 3600 NSA 2650
Deep Packet Inspection Firewall TotalSecure Firewall Overview S S S S S
Stateful Packet Inspection Firewall TotalSecure Firewall Overview S S S S S
Unlimited File Size Protection TotalSecure Firewall Overview S S S S S
Protocols Scanned TotalSecure Firewall Overview S S S S S
Application Intelligence and Control Threat Prevention Services Available S S S S S
Intrusion Prevention Service Threat Prevention Services Available S S S S S
Gateway Anti-Virus and Anti-Spyware Threat Prevention Services Available S S S S S
Content & URL Filtering (CFS) Threat Prevention Services Available S S S S S
SSL Inspection (DPI SSL) Threat Prevention Services Available S S S S S
Content Filtering Client (CFC)1 Threat Prevention Services Available O O O O O
Analyzer Reporting1 Threat Prevention Services Available O O O O O
Capture Advance Threat Protection1 Threat Prevention Services Available O O O O O
Enforced Client Anti-Virus and Anti-Spyware (McAfee®)1 Threat Prevention Services Available O O O O O
24x7 Support Threat Prevention Services Available S S S S S
Interfaces Firewall General 4 x 10-GbE SFP+, 8 x 1-GbE SFP, 8 x 1-GbE, 1 GbE Management, 1 Console 2 x 10-GbE SFP+, 4 x 1-GbE SFP, 12 x 1-GbE, 1 GbE Management, 1 Console 2 x 10-GbE SFP+, 4 x 1-GbE SFP, 12 x 1-GbE, 1 GbE Management, 1 Console 2 x 10-GbE SFP+, 4 x 1-GbE SFP, 12 x 1-GbE, 1 GbE Management, 1 Console 4 x 2.5-GbE SFP, 4 x 2.5-GbE, 12 x 1-GbE, 1 GbE Management, 1 Console
Management Firewall General CLI, SSH, GUI, GMS CLI, SSH, GUI, GMS CLI, SSH, GUI, GMS CLI, SSH, GUI, GMS CLI, SSH, GUI, GMS
Nodes Supported Firewall General Unrestricted Unrestricted Unrestricted Unrestricted Unrestricted
Site-to-Site VPN Tunnels Firewall General 6,000 4,000 3,000 1,000 1,000
IPSec VPN Clients (Maximum) Firewall General 2,000 (6,000) 2,000 (4,000) 500 (3,000) 50 (1,000) 50 (1,000)
SSL VPN NetExtender Clients (Maximum) Firewall General 2 (1,500) 2 (1,000) 2 (500) 2 (350) 2 (350)
VLAN Interfaces Firewall General 500 400 256 256 256
Wireless Controller Firewall General S S S S S
WWAN Failover (4G/LTE) Firewall General S S S S S
Network Switch Management Firewall General S S S S S
Firewall Inspection Throughput2 Firewall/VPN Performance 12 Gbps 9 Gbps 6 Gbps 3.4 Gbps 3 Gbps
Full DPI Throughput (GAV/GAS/IPS)3 Firewall/VPN Performance 3 Gbps 1.6 Gbps 800 Mbps 500 Mbps 600 Mbps
Application Inspection Throughput3 Firewall/VPN Performance 4.5 Gbps 3 Gbps 2 Gbps 1.1 Gbps 1.4 Gbps
IPS Throughput3 Firewall/VPN Performance 4.5 Gbps 3 Gbps 2 Gbps 1.1 Gbps 1.4 Gbps
Anti-Malware Inspection Throughput3 Firewall/VPN Performance 3 Gbps 1.7 Gbps 1.1 Gbps 600 Mbps 600 Mbps
IMIX Throughput Firewall/VPN Performance 3.5 Gbps 2.4 Gbps 1.6 Gbps 900 Mbps 700 Mbps
SSL DPI Throughput3 Firewall/VPN Performance 1.3 Gbps 800 Mbps 500 Mbps 300 Mbps 300 Mbps
VPN Throughput4 Firewall/VPN Performance 5 Gbps 4.5 Gbps 3 Gbps 1.5 Gbps 1.5 Gbps
Latency Firewall/VPN Performance 16 μs 24 μs 17 μs 38 μs 38 μs
Maximum SPI Connections Firewall/VPN Performance 1.5M 1.5M 1M 750K 1M
Maximum DPI Connections Firewall/VPN Performance 1M 1M 500K 375K 500K
Default/Maximum Connections (DPI SSL)5 Firewall/VPN Performance 6,000/10,500 4,000/8,500 3,000/4,500 2,000/2,750 12,000/13,500
New Connections/Sec Firewall/VPN Performance 90,000 60,000 40,000 20,000 15,000
Logging and Reporting Features Analyzer, Local Log, Syslog Analyzer, Local Log, Syslog Analyzer, Local Log, Syslog Analyzer, Local Log, Syslog Analyzer, Local Log, Syslog
Network Traffic Visualization Features S S S S S
Netflow/IPFIX Reporting Features S S S S S
SNMP Features S S S S S
Authentication Features LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, Terminal Services, Citrix LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, Terminal Services, Citrix LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, Terminal Services, Citrix LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, Terminal Services, Citrix LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, Terminal Services, Citrix
Dynamic Routing Features BGP, OSPF, RIP BGP, OSPF, RIP BGP, OSPF, RIP BGP, OSPF, RIP BGP, OSPF, RIP
Single Sign-on (SSO) Features S S S S S
Voice over IP (VoIP) Security Features S S S S S
PortShield Security Features S S S S S
Port Aggregation Features S S S S S
Link Redundancy Features S S S S S
Policy-based Routing Features S S S S S
Route-based VPN Features S S S S S
Dynamic Bandwidth Management Features S S S S S
Stateful High Availability Features S S S O O
Multi-WAN Features S S S S S
Load Balancing Features S S S S S
Object-based Management Features S S S S S
Policy-based NAT Features S S S S S
IKEv2 VPN Features S S S S S
TLS/SSL/SSH Decryption and Inspection Features S S S S S
SSL Control Features S S S S S
Auto-provision VPN Features S S S S S
Active/Active Cluster Features S S S S S
Terminal Services Authentication/Citrix Support Features S S S S S
Biometric Authentication Features S S S S S
DNS Proxy Features S S S S S
Harware Failover Features Active/Passive with State Sync, Active/Active DPI with State Sync, Active/Active Clustering Active/Passive with State Sync, Active/Active DPI with State Sync, Active/Active Clustering Active/Passive with State Sync, Active/Active Clustering Active/Passive with State Sync, Active/Active Clustering Active/Passive with State Sync
  1. Services must be purchased separately.
  2. Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services.
  3. Full DPI/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs.
  4. VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544.
  5. For every 125,000 DPI connections reduced, the number of available DPI SSL connections increases by 750.
Close Overview
FUTURE-PROOF YOUR INFRASTRUCTURE Image

FUTURE-PROOF YOUR INFRASTRUCTURE

The new NSA 2650 future-proofs your infrastructure with high port density and a large number of simultaneous connections across both wired and wireless networks in an advanced, cost-effective firewall. With eight 2.5 GbE interfaces, the NSA 2650 is one of the first firewalls built to embrace the 802.11ac Wave 2 WiFi standard by matching the wired and the wireless throughput. To meet the continuing increase in the number of connected devices and encrypted connections, the NSA 2650 provides a very high number of stateful packet inspection, deep packet inspection and deep packet inspection of SSL connections.

SonicWall NSA 2650 Next-Generation Firewall Video Datasheet

With eight 2.5 gigabit Ethernet ports, 802.11ac Wave 2 WiFi and deep packet inspection of encrypted traffic, the SonicWall NSA 2650 provides best-in-class performance

GO BEYOND THREAT DETECTION Image

GO BEYOND THREAT DETECTION

It’s not enough to just detect threats. Your firewall needs to prevent them. That’s exactly what SonicWall NSA Series firewalls do. Our patented Reassembly-Free Deep Packet Inspection technology scans traffic for known and unknown threats and removes them before they get into your network. The NSA Series examines every byte of every packet on all ports and protocols regardless of file size. SonicWall’s award-winning Capture Advanced Threat Protection Service provides cloud-based, multi-engine sandboxing that blocks unknown and zero-day attacks at the gateway for added security.

View Supporting Asset >
EMBRACE INNOVATION Image

EMBRACE INNOVATION

  • Patented Reassembly-Free Deep Packet Inspection (RFDPI) technology
  • On-box and cloud-based threat prevention featuring multi-engine sandboxing, anti-malware, intrusion prevention, web filtering and more
  • Feature-rich SonicOS operating system with intuitive UI
  • 10-Gigabit Ethernet ports
  • Real-time TLS /SSL and SSH decryption and inspection
  • Application visualization and control
  • Built-in wireless controller
EXPECT HIGH-SPEED PERFORMANCE Image

EXPECT HIGH-SPEED PERFORMANCE

The SonicWall NSA Series delivers both high-speed stateful and deep packet inspection firewall performance, with multi-core parallel-processing architecture and multiple Gigabit Ethernet ports. The NSA Series uses single-pass, stream-based, deep packet inspection technology to deliver latency-free performance for simultaneous network streams. The built-in wireless controller enables you to establish high-speed wireless network security by adding SonicWall SonicWave 802.11ac Wave 2 wireless access points.