en-US
search-icon

Network Security Appliance (NSA) Mid-Range Firewall Series

Protect your network from the core to the perimeter with industry-validated security effectiveness and performance. The SonicWall Network Security Appliance (NSA) Mid-Range Firewall Series consolidates automated advanced threat prevention technologies in a mid-range next-generation firewall (NGFW) platform. Built on a multi-core hardware architecture featuring 10-GbE interfaces, the NSA Series scales to meet the performance demands of mid-sized networks, branch offices and distributed enterprises. Features such as application intelligence and control, real-time visualization and WLAN management provide the controls to identify, monitor and control application and user traffic across the entire network.
Mid Range Product Image

Advanced threat prevention in a high-performance security platform

Protect your network from the core to the perimeter with industry-validated security effectiveness and performance. The SonicWall Network Security Appliance (NSA) Mid-Range Firewall Series consolidates automated advanced threat prevention technologies in a mid-range next-generation firewall (NGFW) platform. Built on a multi-core hardware architecture featuring 10-GbE interfaces, the NSA Series scales to meet the performance demands of mid-sized networks, branch offices and distributed enterprises. Features such as application intelligence and control, real-time visualization and WLAN management provide the controls to identify, monitor and control application and user traffic across the entire network.

Legend: S — Standard,  O — Optional,  N — Not Available

_productName NSA 6600 NSA 5600 NSA 4600 NSA 3600 NSA 2600
Deep Packet Inspection Firewall TotalSecure Firewall Overview S S S S S
Stateful Packet Inspection Firewall TotalSecure Firewall Overview S S S S S
Unlimited File Size Protection TotalSecure Firewall Overview S S S S S
Protocols Scanned TotalSecure Firewall Overview S S S S S
Application Intelligence and Control Threat Prevention Services Available S S S S S
Intrusion Prevention Service Threat Prevention Services Available S S S S S
Gateway Anti-Virus and Anti-Spyware Threat Prevention Services Available S S S S S
Content & URL Filtering (CFS) Threat Prevention Services Available S S S S S
SSL Inspection (DPI SSL) Threat Prevention Services Available S S S S S
Content Filtering Client (CFC)1 Threat Prevention Services Available O O O O O
Analyzer Reporting1 Threat Prevention Services Available O O O O O
Capture Advance Threat Protection1 Threat Prevention Services Available O O O O O
Enforced Client Anti-Virus and Anti-Spyware (McAfee® or Kaspersky®) Threat Prevention Services Available O O O O O
24x7 Support Threat Prevention Services Available S S S S S
Interfaces Firewall General 4x10GbE SFP+, 8x1GbE SFP, 8x1GbE, 1GbE Management, 1 Console 2x10GbE SFP+, 4x1GbE SFP, 12x1GbE, 1GbE Management, 1 Console 2x10GbE SFP+, 4x1GbE SFP, 12x1GbE, 1GbE Management, 1 Console 2x10GbE SFP+, 4x1GbE SFP, 12x1GbE, 1GbE Management, 1 Console 8x1 GbE, 1GbE Management, 1 Console
Management Firewall General CLI, SSH, GUI, GMS CLI, SSH, GUI, GMS CLI, SSH, GUI, GMS CLI, SSH, GUI, GMS CLI, SSH, GUI, GMS
Nodes Supported Firewall General Unrestricted Unrestricted Unrestricted Unrestricted Unrestricted
RAM Firewall General 4 GB 4 GB 2 GB 2 GB 2 GB
Visual Information Display (LCD Display) Firewall General N N N N N
Site-to-Site VPN Tunnels Firewall General 6,000 4,000 1,500 1,000 75
Global VPN Clients (Maximum) Firewall General 2,000 (6,000) 2,000 (4,000) 500 (3,000) 50 (1,000) 10 (250)
SSL VPN NetExtender Clients (Maximum) Firewall General 2 (1,500) 2 (1,000) 2 (500) 2 (350) 2 (250)
VLAN Interfaces Firewall General 500 400 256 256 256
SonicPoints Wireless Controller Firewall General S S S S S
WWAN Failover (4G/LTE) Firewall General S S S S S
Network Switch Management Firewall General S S S S S
Firewall Inspection Throughput2 Firewall/VPN Performance 12 Gbps 9 Gbps 6 Gbps 3.4 Gbps 1.9 Gbps
Full DPI Throughput (GAV/GAS/IPS)3 Firewall/VPN Performance 3 Gbps 1.6 Gbps 800 Mbps 500 Mbps 300 Mbps
Application Inspection Throughput3 Firewall/VPN Performance 4.5 Gbps 3 Gbps 2 Gbps 1.1 Gbps 700 Mbps
IPS Throughput3 Firewall/VPN Performance 4.5 Gbps 3 Gbps 2 Gbps 1.1 Gbps 700 Mbps
Anti-Malware Inspection Throughput3 Firewall/VPN Performance 3 Gbps 1.7 Gbps 1.1 Gbps 600 Mbps 400 Mbps
IMIX Throughput Firewall/VPN Performance 3.5 Gbps 2.4 Gbps 1.6 Gbps 900 Mbps 600 Mbps
SSL DPI Throughput3 Firewall/VPN Performance 1.3 Gbps 800 Mbps 500 Mbps 300 Mbps 200 Mbps
VPN Throughput4 Firewall/VPN Performance 5 Gbps 4.5 Gbps 3 Gbps 1.5 Gbps 1.1 Gbps
Latency Firewall/VPN Performance 16 μs 24 μs 17 μs 38 μs 45 μs
Maximum SPI Connections Firewall/VPN Performance 1.5M 1.5M 1M 750K 500K
Maximum DPI Connections Firewall/VPN Performance 1M 1M 500K 375K 250K
Default/Maximum Connections (DPI SSL)5 Firewall/VPN Performance 6,000/10,500 4,000/8,500 3,000/4,500 2,000/2,750 1,000/1,000
New Connections/Sec Firewall/VPN Performance 90,000 60,000 40,000 20,000 15,000
Logging Features Analyzer, Local Log, Syslog Analyzer, Local Log, Syslog Analyzer, Local Log, Syslog Analyzer, Local Log, Syslog Analyzer, Local Log, Syslog
Network Traffic Visualization Features S S S S S
Netflow/IPFIX Reporting Features S S S S S
SNMP Features S S S S S
Authentication Features XAUTH/ RADIUS, Active Directory, SSO, LDAP, Terminal Services, Citrix XAUTH/ RADIUS, Active Directory, SSO, LDAP, Terminal Services, Citrix XAUTH/ RADIUS, Active Directory, SSO, LDAP, Terminal Services, Citrix XAUTH/ RADIUS, Active Directory, SSO, LDAP, Terminal Services, Citrix XAUTH/ RADIUS, Active Directory, SSO, LDAP, Terminal Services, Citrix
Dynamic Routing Features BGP, OSPF, RIP BGP, OSPF, RIP BGP, OSPF, RIP BGP, OSPF, RIP BGP, OSPF, RIP
Single Sign-on (SSO) Features S S S S S
Voice over IP (VoIP) Security Features S S S S S
Interface to Interface Scanning Features S S S S S
PortShield Security Features S S S S S
Port Aggregation Features S S S S S
Link Redundancy Features S S S S S
Policy-based Routing Features S S S S S
Route-based VPN Features S S S S S
Dynamic Bandwidth Management Features S S S S S
Stateful High Availability Features S S S S S
Multi-WAN Features S S S S S
Load Balancing Features S S S S S
Object-based Management Features S S S S S
Policy-based NAT Features S S S S S
Inbound Load Balancing Features S S S S S
IKEv2 VPN Features S S S S S
Active/Active Cluster Features S S S S S
Terminal Services Authentication/Citrix Support Features S S S S S
TLS/SSL/SSH Decryption and Inspection Features S S S S S
SSL Control for IPv6 Features S S S S S
Auto-provision VPN Features S S S S S
Biometric Authentication Features S S S S S
DNS Proxy Features S S S S S
High Availability Failover Active/Passive with State Sync, Active/Active DPI with State Sync, Active/Active Clustering Active/Passive with State Sync, Active/Active DPI with State Sync, Active/Active Clustering Active/Passive with State Sync, Active/Active Clustering Active/Passive with State Sync, Active/Active Clustering Active/Passive with State Sync
Multi-WAN Failover Failover S S S S S
Automated Failover/Failback Failover S S S S S
  1. Services must be purchased separately.
  2. Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services.
  3. Full DPI/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs.
  4. VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544.
  5. For every 125,000 DPI connections reduced, the number of available DPI SSL connections increases by 750.
Close Overview
Embrace innovation Image

Embrace innovation

  • Patented Reassembly-Free Deep Packet Inspection (RFDPI) technology
  • On-box and cloud-based threat prevention featuring multi-engine sandboxing, anti-malware, intrusion prevention, web filtering and more
  • Feature-rich SonicOS operating system with intuitive UI
  • 10-Gigabit Ethernet ports
  • Real-time SSL, TLS and SSH decryption and inspection
  • Application visualization and control
  • Built-in wireless controller
Go beyond threat detection Image

Go beyond threat detection

It’s not enough to just detect threats. Your firewall needs to prevent them. That’s exactly what SonicWall NSA Series firewalls do. Our patented Reassembly-Free Deep Packet Inspection technology scans traffic for known and unknown threats and removes them before they get into your network. The NSA Series examines every byte of every packet on all ports and protocols regardless of file size. SonicWall’s award-winning Capture Advanced Threat Protection Service provides cloud-based multi-engine sandboxing that blocks unknown and zero-day attacks at the gateway for added security.

View Supporting Asset >
Expect high-speed performance Image

Expect high-speed performance

The SonicWall NSA Series delivers both high-speed stateful and deep packet inspection firewall performance, with multi-core parallel-processing architecture and multiple Gigabit Ethernet ports. The NSA Series uses single-pass, stream-based, deep packet inspection technology to deliver latency-free performance for simultaneous network streams. The built-in wireless controller enables you to establish high-speed wireless network security by adding SonicWall SonicPoint 802.11ac wireless access points.

Visualize success Image

Visualize success

The growing use of both personal and business-critical applications on the network is creating chaos and draining bandwidth. Using application intelligence and control, you can identify and categorize productive from unproductive applications. You can also control that traffic through powerful application-level policies on a per-user basis. Prioritize and allocate more bandwidth to essential applications, while limiting bandwidth to non-essential applications. Real-time monitoring and visualization provides a graphical representation of applications, users and bandwidth usage for granular insight into traffic across the network.