| NSa 9650 | NSa 9450 | NSa 9250 | NSa 6650 | NSa 5650 | NSa 4650 | NSa 3650 | NSa 2650 | |
|---|---|---|---|---|---|---|---|---|
| TotalSecure Firewall Overview | ||||||||
| Deep Packet Inspection Firewall | ||||||||
| Stateful Packet Inspection Firewall | ||||||||
| Unlimited File Size Protection | ||||||||
| Protocols Scanned | ||||||||
| Threat Prevention Services Available | ||||||||
| Application Intelligence and Control | ||||||||
| Intrusion Prevention Service | ||||||||
| Gateway Anti-Virus and Anti-Spyware | ||||||||
| Content & URL Filtering (CFS) | ||||||||
| SSL Inspection (DPI SSL) | ||||||||
| Content Filtering Client (CFC)1 | Optional | Optional | Optional | Optional | Optional | Optional | Optional | Optional |
| Analyzer Reporting1 | Optional | Optional | Optional | Optional | Optional | Optional | Optional | Optional |
| Capture Advance Threat Protection1 | Optional | Optional | Optional | Optional | Optional | Optional | Optional | Optional |
| Enforced Client Anti-Virus and Anti-Spyware1 | Optional | Optional | Optional | Optional | Optional | Optional | Optional | Optional |
| 24x7 Support | ||||||||
| Firewall General | ||||||||
| Interfaces | 10 x 10-GbE SFP+, 2 x 10-GbE, 8 x 2.5-GbE, 8 x 1-GbE, 1 GbE Management, 1 Console | 10 x 10-GbE SFP+, 2 x 10-GbE, 8 x 2.5-GbE, 8 x 1-GbE, 1 GbE Management, 1 Console | 10 x 10-GbE SFP+, 2 x 10-GbE, 8 x 2.5-GbE, 8 x 1-GbE, 1 GbE Management, 1 Console | 6 x 10-GbE SFP+, 2 x 10-GbE, 4 x 2.5-GbE SFP, 8 x 2.5-GbE, 8 x 1-GbE, 1 GbE Management, 1 Console | 2 x 10-GbE SFP+, 2 x 10-GbE, 4 x 2.5-GbE SFP, 4 x 2.5-GbE, 16 x 1-GbE, 1 GbE Management, 1 Console | 2 x 10-GbE SFP+, 4 x 2.5-GbE SFP, 4 x 2.5-GbE, 16 x 1-GbE, 1 GbE Management, 1 Console | 2 x 10-GbE SFP+, 8 x 2.5-GbE SFP, 4 x 2.5-GbE, 12 x 1-GbE, 1 GbE Management, 1 Console | 4 x 2.5-GbE SFP, 4 x 2.5-GbE, 12 x 1-GbE, 1 GbE Management, 1 Console |
| Built-in Storage | 1TB, 128 GB | 1TB, 128 GB | 1TB, 128 GB | 64 GB | 64 GB | 32 GB | 32 GB | 16 GB |
| Management | CLI, SSH, Web UI, Capture Security Center, GMS, REST APIs | CLI, SSH, Web UI, Capture Security Center, GMS, REST APIs | CLI, SSH, Web UI, Capture Security Center, GMS, REST APIs | CLI, SSH, Web UI, Capture Security Center, GMS, REST APIs | CLI, SSH, Web UI, Capture Security Center, GMS, REST APIs | CLI, SSH, Web UI, Capture Security Center, GMS, REST APIs | CLI, SSH, Web UI, Capture Security Center, GMS, REST APIs | CLI, SSH, Web UI, Capture Security Center, GMS, REST APIs |
| Nodes Supported | Unrestricted | Unrestricted | Unrestricted | Unrestricted | Unrestricted | Unrestricted | Unrestricted | Unrestricted |
| Site-to-Site VPN Tunnels | 12,000 | 12,000 | 12,000 | 8,000 | 6,000 | 4,000 | 3,000 | 1,000 |
| IPSec VPN Clients (Maximum) | 2,000 (6,000) | 2,000 (6,000) | 2,000 (6,000) | 2,000 (6,000) | 2,000 (6,000) | 2,000 (4,000) | 500 (3,000) | 50 (1,000) |
| SSL VPN NetExtender Clients (Maximum) | 50 (3,000) | 2 (3,000) | 2 (3,000) | 2 (2,000) | 2 (1,500) | 2 (1,000) | 2 (500) | 2 (350) |
| VLAN Interfaces | 512 | 512 | 512 | 512 | 500 | 400 | 256 | 256 |
| Wireless Controller | ||||||||
| WWAN Failover (4G/LTE) | ||||||||
| Network Switch Management | ||||||||
| Firewall/VPN Performance | ||||||||
| Firewall Inspection Throughput2 | 17.1 Gbps | 17.1 Gbps | 12.0 Gbps | 12.0 Gbps | 6.25 Gbps | 6.0 Gbps | 3.75 Gbps | 3.0 Gbps |
| Threat Prevention throughput3 | 9.4 Gbps | 9.0 Gbps | 6.5 Gbps | 5.5 Gbps | 3.4 Gbps | 2.5 Gbps | 1.75 Gbps | 1.25 Gbps |
| Application Inspection Throughput3 | 11.5 Gbps | 10.8 Gbps | 7.75 Gbps | 6.0 Gbps | 4.25 Gbps | 3.0 Gbps | 2.1 Gbps | 1.4 Gbps |
| IPS Throughput3 | 10.3 Gbps | 10.2 Gbps | 7.2 Gbps | 6.0 Gbps | 3.4 Gbps | 2.3 Gbps | 1.8 Gbps | 1.4 Gbps |
| Anti-Malware Inspection Throughput3 | 8.5 Gbps | 8.0 Gbps | 6.5 Gbps | 5.4 Gbps | 2.8 Gbps | 2.45 Gbps | 1.5 Gbps | 1.3 Gbps |
| IMIX Throughput | 4.1 Gbps | 4.1 Gbps | 2.65 Gbps | 2.65 Gbps | 1.45 Gbps | 1.3 Gbps | 900 Mbps | 700 Mbps |
| SSL DPI Throughput3 | 2.25 Gbps | 2.1 Gbps | 1.5 Gbps | 1.45 Gbps | 800 Mbps | 675 Mbps | 320 Mbps | 250 Mbps |
| VPN Throughput4 | 10.0 Gbps | 10.0 Gbps | 6.75 Gbps | 6.0 Gbps | 3.5 Gbps | 3.0 Gbps | 1.5 Gbps | 1.3 Gbps |
| Maximum SPI Connections | 12,500,000 | 10,000,000 | 7,500,000 | 5,000,000 | 4,000,000 | 3,000,000 | 2,000,000 | 1,000,000 |
| Maximum DPI Connections | 5,000,000 | 4,000,000 | 3,000,000 | 2,000,000 | 1,500,000 | 1,000,000 | 750,000 | 500,000 |
| Default/Maximum Connections (DPI SSL)5 | 550,000/320,000 | 450,000/290,000 | 250,000/170,000 | 250,000/170,000 | 175,000/125,000 | 175,000/145,000 | 100,000/40,000 | 100,000/60,000 |
| New Connections/Sec | 130,000 | 130,000 | 90,000 | 90,000 | 40,000 | 40,000 | 14,000 | 14,000 |
| Features | ||||||||
| Logging and Reporting | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog |
| Network Traffic Visualization | ||||||||
| Netflow/IPFIX Reporting | ||||||||
| SNMP | ||||||||
| Authentication | LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC) | LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC) | LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC) | LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC) | LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC) | LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC) | LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC) | LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC) |
| Dynamic Routing | BGP, OSPF, RIP | BGP, OSPF, RIP | BGP, OSPF, RIP | BGP, OSPF, RIP | BGP, OSPF, RIP | BGP, OSPF, RIP | BGP, OSPF, RIP | BGP, OSPF, RIP |
| Secure SD-WAN | ||||||||
| Single Sign-on (SSO) | ||||||||
| Voice over IP (VoIP) Security | ||||||||
| PortShield Security | ||||||||
| Port Aggregation | ||||||||
| Link Redundancy | ||||||||
| Policy-based Routing | ||||||||
| Route-based VPN | ||||||||
| Dynamic Bandwidth Management | ||||||||
| Stateful High Availability | ||||||||
| Multi-WAN | ||||||||
| Load Balancing | ||||||||
| Object-based Management | ||||||||
| Policy-based NAT | ||||||||
| IKEv2 VPN | ||||||||
| TLS/SSL/SSH Decryption and Inspection | ||||||||
| SSL Control | ||||||||
| Auto-provision VPN | ||||||||
| Biometric Authentication | ||||||||
| Active/Active Cluster | ||||||||
| Terminal Services Authentication/Citrix Support | ||||||||
| DNS Proxy | ||||||||
| Hardware Failover6 | Active/Standby with State Sync, Active/Active DPI with State Sync, Active/Active Clustering | Active/Standby with State Sync, Active/Active DPI with State Sync, Active/Active Clustering | Active/Standby with State Sync, Active/Active DPI with State Sync, Active/Active Clustering | Active/Standby with State Sync, Active/Active DPI with State Sync, Active/Active Clustering | Active/Standby with State Sync, Active/Active DPI with State Sync, Active/Active Clustering | Active/Standby with State Sync, Active/Active Clustering | Active/Standby with State Sync, Active/Active Clustering | Active/Standby with State Sync |
1. Services must be purchased separately.
2. Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services.
3. Full DPI/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs. Threat Prevention throughput measured with Gateway AV, Anti-Spyware, IPS and Application Control enabled.
4. VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544.
5. For every 125,000 DPI connections reduced, the number of available DPI SSL connections increases by 3,000 except for NSa 9250 and above.
6. Active/Active Clustering and Active/Active DPI with State Sync require the purchase of Expanded License.