en-US
search-icon

Network Security Appliance (NSA) Mid-Range Firewall Series

Protect your network from the core to the perimeter with industry-validated security effectiveness and performance. The SonicWall Network Security Appliance (NSA) Mid Range Firewall Series consolidates automated advanced threat prevention technologies in a mid-range next-generation firewall (NGFW) platform. Built on a multi-core hardware architecture featuring 10-GbE interfaces, the NSA Series scales to meet the performance demands of mid-sized networks, branch offices and distributed enterprises. Features such as application intelligence and control, real-time visualization and WLAN management provide the controls to identify, monitor and control application and user traffic across the entire network.
Mid Range Product Image

Advanced threat prevention in a high-performance security platform

Protect your network from the core to the perimeter with industry-validated security effectiveness and performance. The SonicWall Network Security Appliance (NSA) Mid Range Firewall Series consolidates automated advanced threat prevention technologies in a mid-range next-generation firewall (NGFW) platform. Built on a multi-core hardware architecture featuring 10-GbE interfaces, the NSA Series scales to meet the performance demands of mid-sized networks, branch offices and distributed enterprises. Features such as application intelligence and control, real-time visualization and WLAN management provide the controls to identify, monitor and control application and user traffic across the entire network.

Legend: S — Standard,  O — Optional,  N — Not Available

_productName NSA 6600 NSA 5600 NSA 4600 NSA 3600 NSA 2600
Deep Packet Inspection Firewall Firewall Overview S S S S S
Stateful Packet Inspection Firewall Firewall Overview S S S S S
Unlimited File Size Protection Firewall Overview S S S S S
Protocols Scanned Firewall Overview S S S S S
Application Intelligence and Control Security Services Included S S S S S
Intrusion Prevention Service Security Services Included S S S S S
Gateway Anti-Virus and Anti-Spyware Security Services Included S S S S S
Content & URL Filtering (CFS) Security Services Included S S S S S
SSL Inspection (DPI SSL) Security Services Included S S S S S
Content Filtering Client (CFC) Security Services Included O O O O O
Analyzer Reporting Security Services Included O O O O O
Capture Advance Threat Protection Security Services Included O O O O O
Enforced Client Anti-Virus and Anti-Spyware (McAfee® or Kaspersky®) Security Services Included O O O O O
24x7 Support Security Services Included S S S S S
Interfaces Firewall General 4x10GbE SFP+, 8x1GbE SFP, 8x1GbE, 1GbE Management, 1 Console 2x10GbE SFP+, 4x1GbE SFP, 12x1GbE, 1GbE Management, 1 Console 2x10GbE SFP+, 4x1GbE SFP, 12x1GbE, 1GbE Management, 1 Console 2x10GbE SFP+, 4x1GbE SFP, 12x1GbE, 1GbE Management, 1 Console 8x1 GbE, 1GbE Management, 1 Console
Management Firewall General CLI, SSH, GUI, GMS CLI, SSH, GUI, GMS CLI, SSH, GUI, GMS CLI, SSH, GUI, GMS CLI, SSH, GUI, GMS
Nodes Supported Firewall General Unrestricted Unrestricted Unrestricted Unrestricted Unrestricted
RAM Firewall General 4 GB 4 GB 2 GB 2 GB 2 GB
Visual Information Display (LCD Display) Firewall General N N N N N
Site-to-Site VPN Tunnels Firewall General 6000 4000 1500 1000 75
Global VPN Clients (Maximum) Firewall General 2000 (6000) 2000 (4000) 500 (3000) 50 (1000) 10 (250)
SSL VPN NetExtender Clients (Maximum) Firewall General 2 (1500) 2 (1000) 2 (500) 2 (350) 2 (250)
VLAN Interfaces Firewall General 500 400 256 256 256
SonicPoints Wireless Controller Firewall General S S S S S
WWAN Failover (4G/LTE) Firewall General S S S S S
Network Switch Management Firewall General S S S S S
Firewall Inspection Throughput2 Firewall/VPN Performance 13 Gbps 9 Gbps 6 Gbps 3.4 Gbps 1.9 Gbps
Full DPI Performance (GAV/GAS/IPS) Firewall/VPN Performance 3 Gbps 1.6 Gbps 800 Mbps 500 Mbps 300 Mbps
Application Inspection Throughput Firewall/VPN Performance 4.5 Gbps 3 Gbps 2 Gbps 1.1 Gbps 700 Mbps
IPS Throughput Firewall/VPN Performance 4.5 Gbps 3 Gbps 2 Gbps 1.1 Gbps 700 Mbps
Anti-Malware Inspection Throughput Firewall/VPN Performance 3 Gbps 1.7 Gbps 1.1 Gbps 600 Mbps 400 Mbps
IMIX performance Firewall/VPN Performance 3.5 Gbps 2.4 Gbps 1.6 Gbps 900 Mbps 600 Mbps
SSL DPI Performance Firewall/VPN Performance 1.3 Gbps 800 Mbps 500 Mbps 300 Mbps 200 Mbps
VPN Throughput4 Firewall/VPN Performance 5 Gbps 4.5 Gbps 3 Gbps 1.5 Gbps 1.1 Gbps
Latency Firewall/VPN Performance 16 μs 24 μs 17 μs 38 μs 45 μs
Maximum Connections5 Firewall/VPN Performance 750K 750K 400K 325K 225K
Maximum DPI Connections Firewall/VPN Performance 500K 500K 200K 175K 125K
DPI-SSL Connections Firewall/VPN Performance 6000 4000 3000 2000 1000
New Connections/Sec Firewall/VPN Performance 90000 60000 40000 20000 15000
Logging Features Analyzer, Local Log, Syslog Analyzer, Local Log, Syslog Analyzer, Local Log, Syslog Analyzer, Local Log, Syslog Analyzer, Local Log, Syslog
Network Traffic Visualization Features S S S S S
Netflow/IPFIX Reporting Features S S S S S
SNMP Features S S S S S
Authentication Features XAUTH/ RADIUS, Active Directory, SSO, LDAP, Terminal Services6, Citrix6, Internal User Database XAUTH/ RADIUS, Active Directory, SSO, LDAP, Terminal Services6, Citrix6, Internal User Database XAUTH/ RADIUS, Active Directory, SSO, LDAP, Terminal Services6, Citrix6, Internal User Database XAUTH/ RADIUS, Active Directory, SSO, LDAP, Terminal Services6, Citrix6, Internal User Database XAUTH/ RADIUS, Active Directory, SSO, LDAP, Terminal Services6, Citrix6, Internal User Database
Dynamic Routing Features BGP, OSPF, RIP BGP, OSPF, RIP BGP, OSPF, RIP BGP, OSPF, RIP BGP, OSPF, RIP
Single Sign-on (SSO) Features S S S S S
Voice over IP (VoIP) Security Features S S S S S
Interface to Interface Scanning Features S S S S S
PortShield Security Features S S S S S
Port Aggregation Features S S S S S
Link Redundancy Features S S S S S
Policy-based Routing Features S S S S S
Route-based VPN Features S S S S S
Dynamic Bandwidth Management Features S S S S S
Stateful High Availability Features S S S S S
Multi-WAN Features S S S S S
Load Balancing Features S S S S S
Object-based Management Features S S S S S
Policy-based NAT Features S S S S S
Inbound Load Balancing Features S S S S S
IKEv2 VPN Features S S S S S
Active/Active Cluster Features S S S S S
Terminal Services Authentication/Citrix Support Features S S S S S
TLS/SL/SSH decryption and inspection Features S S S S S
SSL Control for IPv6 Features S S S S
Easy VPN Features S S S S
Biometric Authentication Features S S S S
DNS Proxy Features S S S S
Hardware Failover Failover Active/Passive with State Sync, Active/Active DPI with State Sync Active/Passive with State Sync, Active/Active DPI with State Sync
Multi-WAN Failover Failover S S S S S
Automated Failover/Failback Failover S S S S S
Close Overview
Embrace innovation Image

Embrace innovation

  • Patented Reassembly-Free Deep Packet Inspection (RFDPI) technology
  • On-box and cloud-based threat prevention featuring multi-engine sandboxing, anti-malware, intrusion prevention, web filtering and more
  • Feature-rich SonicOS operating system with intuitive UI
  • 10-Gigabit Ethernet ports
  • Real-time SSL, TLS and SSH decryption and inspection
  • Application visualization and control
  • Built-in wireless controller
Go beyond threat detection Image

Go beyond threat detection

It’s not enough to just detect threats. Your firewall needs to prevent them. That’s exactly what SonicWall NSA Series firewalls do. Our patented Reassembly-Free Deep Packet Inspection technology scans traffic for known and unknown threats and removes them before they get into your network. The NSA Series examines every byte of every packet on all ports and protocols regardless of file size. SonicWall’s award-winning Capture Advanced Threat Protection Service provides cloud-based multi-engine sandboxing that blocks unknown and zero-day attacks at the gateway for added security.

View Supporting Asset >
Expect high-speed performance Image

Expect high-speed performance

The SonicWall NSA Series delivers both high-speed stateful and deep packet inspection firewall performance, with multi-core parallel-processing architecture and multiple Gigabit Ethernet ports. The NSA Series uses single-pass, stream-based, deep packet inspection technology to deliver latency-free performance for simultaneous network streams. The built-in wireless controller enables you to establish high-speed wireless network security by adding SonicWall SonicPoint 802.11ac wireless access points.

Visualize success Image

Visualize success

The growing use of both personal and business-critical applications on the network is creating chaos and draining bandwidth. Using application intelligence and control, you can identify and categorize productive from unproductive applications. You can also control that traffic through powerful application-level policies on a per-user basis. Prioritize and allocate more bandwidth to essential applications, while limiting bandwidth to non-essential applications. Real-time monitoring and visualization provides a graphical representation of applications, users and bandwidth usage for granular insight into traffic across the network.