NSv 10 | NSv 25 | NSv 50 | NSv 100 | NSv 200 | NSv 300 | NSv 400 | NSv 800 | NSv 1600 | |
---|---|---|---|---|---|---|---|---|---|
Firewall General | |||||||||
Operating system | SonicOS | SonicOS | SonicOS | SonicOS | SonicOS | SonicOS | SonicOS | SonicOS | SonicOS |
Supported Hypervisors | VMware ESXi v5.5 / v6.0 / v6.5 | VMware ESXi v5.5 / v6.0 / v6.5 | VMware ESXi v5.5 / v6.0 / v6.5 | VMware ESXi v5.5 / v6.0 / v6.5 | VMware ESXi v5.5 / v6.0 / v6.5 | VMware ESXi v5.5 / v6.0 / v6.5 | VMware ESXi v5.5 / v6.0 / v6.5 | VMware ESXi v5.5 / v6.0 / v6.5 | VMware ESXi v5.5 / v6.0 / v6.5 |
Supported Public Cloud Platforms (Instance Type) | N/A | N/A | N/A | N/A | AWS (c5.large), Azure (Std D2 v2) | N/A | AWS (c5.xlarge), Azure (Std D3 v2) | AWS (c5.2xlarge), Azure (Std D4 v2) | AWS (c5.4xlarge), Azure (Std D5 v2) |
Max Cores | 2 | 2 | 2 | 2 | 2 | 3 | 4 | 8 | 16 |
Interface Count (ESXi/AWS/Azure) | 8 | 8 | 8 | 8 | 8/3/2 | 8/-/- | 8/4/4 | 8/4/8 | 8/8/8 |
Max Mgmt/DataPlane Cores | 1/1 | 1/1 | 1/1 | 1/1 | 1/1 | 1/2 | 1/3 | 1/7 | 1/15 |
Min Memory 1 | 4 GB | 4 GB | 4 GB | 4 GB | 4 GB | 6 GB | 8 GB | 10 GB | 12 GB |
Max Memory2 | 6 GB | 6 GB | 6 GB | 6 GB | 6 GB | 8 GB | 10 GB | 14 GB | 18 GB |
Supported IP/Nodes | 10 | 25 | 50 | 100 | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited |
Storage | 60 GB | 60 GB | 60 GB | 60 GB | 60 GB | 60 GB | 60 GB | 60 GB | 60 GB |
SSO users | 25 | 50 | 100 | 100 | 500 | 5000 | 10000 | 15000 | 20000 |
Logging | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog |
High availability | Active/Passive 3 | Active/Passive 3 | Active/Passive 3 | Active/Passive 3 | Active/Passive 3 | Active/Passive 3 | Active/Passive 3 | Active/Passive 3 | Active/Passive 3 |
Firewall/VPN Performance4 | |||||||||
Firewall Inspection Throughput | 2 Gbps | 2.5 Gbps | 3 Gbps | 3.5 Gbps | 4.1 Gbps | 5.9 Gbps | 7.8 Gbps | 13.9 Gbps | 17.2 Gbps |
Full DPI Throughput (GAV/GAS/IPS) | 450 Mbps | 550 Mbps | 650 Mbps | 750 Mbps | 900 Mbps | 1.6 Gbps | 2.2 Gbps | 4.0 Gbps | 6.4 Gbps |
Application Inspection Throughput | 1 Gbps | 1.25 Gbps | 1.5 Gbps | 1.75 Gbps | 2.3 Gbps | 3.4 Gbps | 4.1 Gbps | 5.5 Gbps | 6.4 Gbps |
IPS Throughput | 1 Gbps | 1.25 Gbps | 1.5 Gbps | 1.75 Gbps | 2.3 Gbps | 3.4 Gbps | 4.1 Gbps | 5.5 Gbps | 6.7 Gbps |
Anti-Malware Inspection Throughput | 450 Mbps | 550 Mbps | 650 Mbps | 750 Mbps | 900 Mbps | 1.6 Gbps | 2.2 Gbps | 4.0 Gbps | 6.6 Gbps |
IMIX Throughput | 750 Mbps | 850 Mbps | 950 Mbps | 1100 Mbps | 1.5 Gbps | 2.3 Gbps | 2.8 Gbps | 4.2 Gbps | 5.3 Gbps |
TLS/SSL DPI Throughput | 650 Mbps | 750 Mbps | 850 Mbps | 950 Mbps | 1.1 Gbps | 1.2 Gbps | 1.8 Gbps | 3.4 Gbps | 5.1 Gbps |
VPN Throughput | 500 Mbps | 550 Mbps | 600 Mbps | 650 Mbps | 750 Mbps | 1.4 Gbps | 1.9 Gbps | 4.2 Gbps | 8.4 Gbps |
Connections per second | 1800 | 5000 | 8000 | 10000 | 13760 | 24360 | 37270 | 75640 | 125000 |
Maximum connections (SPI) | 2500 | 6250 | 12500 | 25000 | 225000 | 1M | 1.5M | 3M | 4M |
Maximum connections (DPI) | 2500 | 6250 | 12500 | 25000 | 125000 | 500000 | 1.5M | 2M | 2.5M |
TLS/SSL DPI Connections | 500 | 1000 | 2000 | 4000 | 8000 | 12000 | 20000 | 30000 | 50000 |
VPN | |||||||||
Site-to-Site VPN Tunnels | 10 | 10 | 25 | 50 | 75 | 100 | 6000 | 10000 | 25000 |
IPSec VPN clients (max) | 10 | 10 | 25 | 25 | 50(1000) | 50(1000) | 2000(4000) | 2000(6000) | 2000(10,000) |
SSL VPN NetExtender Clients (Maximum) | 2(10) | 2(25) | 2(25) | 2(25) | 2(100) | 2(100) | 2(100) | 2(100) | 2(100) |
Encryption/authentication | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B, Common Access Card (CAC) | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B, Common Access Card (CAC) | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B, Common Access Card (CAC) | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B, Common Access Card (CAC) | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B, Common Access Card (CAC) | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B, Common Access Card (CAC) | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B, Common Access Card (CAC) | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B, Common Access Card (CAC) | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B, Common Access Card (CAC) |
Key exchange | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v |
Route-based VPN | RIP, OSPF, BGP | RIP, OSPF, BGP | RIP, OSPF, BGP | RIP, OSPF, BGP | RIP, OSPF, BGP | RIP, OSPF, BGP | RIP, OSPF, BGP | RIP, OSPF, BGP | RIP, OSPF, BGP |
Networking | |||||||||
IP address assignment | Static, DHCP, internal DHCP server, DHCP relay | Static, DHCP, internal DHCP server, DHCP relay | Static, DHCP, internal DHCP server, DHCP relay | Static, DHCP, internal DHCP server, DHCP relay | Static, DHCP, internal DHCP server, DHCP relay | Static, DHCP, internal DHCP server, DHCP relay | Static, DHCP, internal DHCP server, DHCP relay | Static, DHCP, internal DHCP server, DHCP relay | Static, DHCP, internal DHCP server, DHCP relay |
NAT modes | 1:1, many:1, 1:many, flexible NAT (overlapping IPs), PAT, transparent mode | 1:1, many:1, 1:many, flexible NAT (overlapping IPs), PAT, transparent mode | 1:1, many:1, 1:many, flexible NAT (overlapping IPs), PAT, transparent mode | 1:1, many:1, 1:many, flexible NAT (overlapping IPs), PAT, transparent mode | 1:1, many:1, 1:many, flexible NAT (overlapping IPs), PAT, transparent mode | 1:1, many:1, 1:many, flexible NAT (overlapping IPs), PAT, transparent mode | 1:1, many:1, 1:many, flexible NAT (overlapping IPs), PAT, transparent mode | 1:1, many:1, 1:many, flexible NAT (overlapping IPs), PAT, transparent mode | 1:1, many:1, 1:many, flexible NAT (overlapping IPs), PAT, transparent mode |
VLAN Interfaces | 25 | 25 | 50 | 50 | 50 | 256 | 500 | 512 | 512 |
Routing protocols | BGP, OSPF, RIPv1/v2, static routes, policy-based routing | BGP, OSPF, RIPv1/v2, static routes, policy-based routing | BGP, OSPF, RIPv1/v2, static routes, policy-based routing | BGP, OSPF, RIPv1/v2, static routes, policy-based routing | BGP, OSPF, RIPv1/v2, static routes, policy-based routing | BGP, OSPF, RIPv1/v2, static routes, policy-based routing | BGP, OSPF, RIPv1/v2, static routes, policy-based routing | BGP, OSPF, RIPv1/v2, static routes, policy-based routing | BGP, OSPF, RIPv1/v2, static routes, policy-based routing |
QoS | Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p | Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p | Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p | Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p | Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p | Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p | Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p | Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p | Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p |
Authentication | XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix | XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix | XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix | XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix | XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix | XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix | XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix | XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix | XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix |
VoIP | Full H323-v1-5, SIP | Full H323-v1-5, SIP | Full H323-v1-5, SIP | Full H323-v1-5, SIP | Full H323-v1-5, SIP | Full H323-v1-5, SIP | Full H323-v1-5, SIP | Full H323-v1-5, SIP | Full H323-v1-5, SIP |
Standards | TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS | TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS | TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS | TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS | TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS | TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS | TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS | TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS | TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS |
(1) Memoria con jumbo frame deshabilitada.
(2) Memoria con jumbo frame habilitada. Se requiere una memoria adicional para habilitar el jumbo frame.
(3) Alta disponibilidad disponible en la plataforma VMware ESXi.
(4) Los números de rendimiento publicados cumplen con la especificación y el rendimiento real puede variar dependiendo del hardware subyacente, las condiciones de la red, la configuración del firewall y los servicios activados. El rendimiento y las capacidades también pueden variar sobre la base de la infraestructura de virtualización subyacente, por lo que recomendamos realizar pruebas adicionales dentro de su entorno para garantizar que se cumple con los requisitos de rendimiento y capacidad. Se observaron las métricas de rendimiento con el procesador Intel Xeon W (W-2195 2.3GHz, 4.3GHz Turbo, caché de 24.75M) utilizando el SonicOSv 6.5.0.2 con VMware vSphere 6.5.
Metodologías de prueba:
Rendimiento máximo basado en las pruebas RFC 2544 (para firewall).
El rendimiento total del antivirus/anti spyware/IPS de DPI/puerta de enlace se midió con la prueba de rendimiento estándar de la industria Spirent WebAvalanche HTTP y con herramientas de prueba de Ixia.
Pruebas realizadas con varios flujos y a través de varios pares de puertos.
El rendimiento de VPN se midió con el tráfico de UDP en un tamaño de paquetes de 1418 bytes, según la RFC 2544. Todas las especificaciones y características están sujetas a cambio.