SonicWall Network Security Appliance (NSA) Series

loading

SonicWALL NSA 6600

SonicWALL NSA 6600

Secure large distributed and corporate central site environments requiring high throughput capacity and performance, with the SonicWALL NSA 6600.

SonicWALL NSA 2600

SonicWALL NSA 2600

Safeguard small organizations, branch offices and school campuses with the best-in-class security and performance of the NSA 2600 appliance.

SonicWALL NSA 3600

SonicWALL NSA 3600

Secure branch office sites in distributed enterprise, small- to medium-sized businesses and retail environments, with the SonicWALL NSA 3600.

SonicWALL NSA 4600

SonicWALL NSA 4600

Secure branch office and small- to medium-sized corporate environments concerned about throughput capacity and performance, with the SonicWALL NSA 4600.

SonicWALL NSA 5600

SonicWALL NSA 5600

Secure distributed, branch office and corporate environments needing significant throughput, with the SonicWALL NSA 5600.

Get a deeper level of security that grows with your business

Achieve a deeper level of security with the SonicWall Network Security Appliance (NSA) Series of next-generation firewalls. NSA Series appliances integrate automated and dynamic security capabilities into a single platform, combining the patented1 SonicWall Reassembly Free Deep Packet Inspection (RFDPI) firewall engine with a powerful, massively scalable, multi-core architecture. Now you can block even the most sophisticated threats with a multi-engine sandbox (Capture ATP), an intrusion prevention system (IPS) featuring advanced anti-evasion capabilities, SSL decryption and inspection, and network-based malware protection that leverages the power of the cloud.

Overview

Centralized control over your next-generation security

Achieve a deep level of security with a single firewall appliance. NSA Series firewalls consolidate intrusion prevention; gateway anti-virus and anti-spyware; network-based malware protection; and application intelligence and control. You can also add bandwidth management; application blocking; and connectivity and security capabilities such as a multi-engine sandbox (Capture APT), SSL VPN, IPSec VPN, content filtering, anti-virus and anti-spam.

Around-the-clock protection from the latest daily threats

Safeguard your organization around the clock with the sophisticated security capabilities of NSA Series firewalls. The RFDPI engine inspects every byte of every packet and scans all network traffic — regardless of port or protocol. Real-time TLS/SSL decryption and inspection enables you to visualize and control application traffic as it crosses the network, and NSA Series firewalls have access to a continually updated cloud database that has more than 12.6 million variants of malware to protect your organization from the most recent threats.

Enhanced network performance

Give your organization the performance it needs to grow. NSA Series firewalls surpass traditional single-core and ASIC processors, delivering a multi-core design that ensures deep-packet inspection while scaling easily for future growth.

Low cost of ownership

Lower your TCO with easy deployment, configuration and maintenance. The intuitive design and superior power efficiency of NSA Series firewalls make it easy to achieve deep security.

Features

SonicWALL NSA 6600

SonicWall NSA 6600

Secure large distributed and corporate central site environments requiring high throughput capacity and performance, with the SonicWall NSA 6600.

SonicWALL NSA 5600

SonicWall NSA 5600

Secure distributed, branch office and corporate environments needing significant throughput, with the SonicWall NSA 5600.

SonicWALL NSA 4600

SonicWall NSA 4600

Secure branch office and small- to medium-sized corporate environments concerned about throughput capacity and performance, with the SonicWall NSA 4600.

SonicWALL NSA 3600

SonicWall NSA 3600

Secure branch office sites in distributed enterprise, small- to medium-sized businesses and retail environments, with the SonicWall NSA 3600.

SonicWALL NSA 2600

SonicWall NSA 2600

Safeguard small organizations, branch offices and school campuses with the best-in-class security and performance of the NSA 2600 appliance.

Services

Advanced Gateway Security Suite (AGSS)

Leverage SonicWall Advanced Gateway Security Suite (AGSS) to deliver a multi-engine sandbox, powerful anti‐virus, anti‐spyware, intrusion prevention, content filtering, as well as application intelligence and control services. An upgrade over CGSS, this package features Capture Advanced Threat Protection (ATP), a multi-engine sandbox that runs and inspects suspicious files, programs and code in an isolated cloud-based environment.

Comprehensive Gateway Security Suite (CGSS)

Get the most from your deep packet inspection firewall with the SonicWall Comprehensive Security Suite (CGSS) subscription. CGSS includes gateway anti-virus, anti-spyware, intrusion prevention, application intelligence and control service, content/URL filtering and 24x7 support. Combine security, productivity and support in a single, bundled solution that lowers TCO.

Gateway security services

Enable your business firewall to provide real-time network threat prevention with SonicWall gateway anti-virus, anti-spyware, intrusion prevention and application intelligence and control. Block the latest blended threats — including viruses, spyware, worms, Trojans, software vulnerabilities and other malicious code. Guarantee bandwidth prioritization and ensure maximum network security and productivity with granular policies for both groups and users.

Capture Advanced Threat Protection

The cloud-based SonicWall Capture Advanced Threat Protection Service scans a broad range of files to detect advanced threats, analyzes them in a multi-engine sandbox, blocks them prior to a security verdict, and rapidly deploys remediation signatures. The result is higher security effectiveness, faster response times and a lower total cost of ownership.

Content filtering services

Gain a cost-effective, easy-to-manage way to enforce protection and productivity policies, and block inappropriate, unproductive and dangerous web content in educational, business or government environments. SonicWall Content Filtering Service lets you control access to websites based on rating, IP address, URL and more. You get the ideal combination of control and flexibility to ensure the highest levels of protection and productivity, which you can configure and control from your network security appliance, eliminating the need for a costly, dedicated filtering solution. Extend enforcement of your internal policies to devices located outside the firewall perimeter by blocking unwanted internet content with the content filtering client.

Content Filtering Client

Extend the enforcement of web policies in IT-issued devices outside the network perimeter. Although it doesn’t require a firewall, it can be optionally coupled with SonicWall Content Filtering Service as an ideal combination to keep students and employees off of dangerous or non-productive websites by switching to cloud-enforced policies even when they are using roaming devices.

Support services

Benefit from advanced technical assistance and ongoing software and firmware updates with SonicWall Dynamic Support. The service includes:

  • Telephone and web-based support 24x7
  • Direct access to highly-trained senior support engineers
  • Advance exchange hardware replacement in the event of a failure
  • Access to electronic support tools

TotalSecure hardware & services bundle

Enjoy the convenience and affordability of deploying your firewall as a SonicWall TotalSecure solution. This combines the hardware and services needed for comprehensive network protection from viruses, spyware, worms, Trojans, key loggers and more — without the complexity of building your own security package.

Comprehensive anti-spam service

Block threats from your email server and stop spam at the gateway by adding SonicWall Comprehensive Anti-Spam Service (CASS) to your SonicWall firewall. Rapidly deploy your spam firewall software with one-click activation of up to 250 users.

Enforced client anti-virus and anti-spyware software

Execute an innovative, multi-layered, anti-virus internet security strategy with SonicWall firewalls and Enforced Client Anti-Virus and Anti-Spyware software. You get SonicWall Reassembly-Free Deep Packet Inspection anti-malware at the gateway, and enforced anti-virus protection at the endpoints. You can redirect any user with a non-compliant endpoint to a web page to install the latest Enforced Client Anti-Virus and Anti-Spyware software. Provide automatically updated security definitions to the endpoint as soon as they become available. Plus, you can automate enforcement to minimize administrative overhead.

Comparison

 SonicWall NSA Series

 View a comparison matrix that compares the various models
 of the NSA Series.
 View Matrix

Legend: S — Standard,  O — Optional,  N — Not available

TotalSecure Firewall OverviewNSA 6600NSA 5600NSA 4600NSA 3600NSA 2600
Deep Packet Inspection FirewallSSSSS
Stateful Packet Inspection FirewallSSSSS
Unlimited File Size ProtectionSSSSS
Protocols ScannedSSSSS
Threat Prevention Services AvailableNSA 6600NSA 5600NSA 4600NSA 3600NSA 2600
Application Intelligence and ControlSSSSS
Intrusion Prevention ServiceSSSSS
Gateway Anti-Virus and Anti-SpywareSSSSS
Content & URL Filtering (CFS)SSSSS
SSL Inspection (DPI SSL)SSSSS
Content Filtering Client (CFC)1OOOOO
Analyzer Reporting1OOOOO
Capture Advance Threat Protection1OOOOO
Enforced Client Anti-Virus and Anti-Spyware (McAfee® or Kaspersky®)OOOOO
24x7 SupportSSSSS
Firewall GeneralNSA 6600NSA 5600NSA 4600NSA 3600NSA 2600
Interfaces4x10GbE SFP+, 8x1GbE SFP, 8x1GbE, 1GbE Management, 1 Console2x10GbE SFP+, 4x1GbE SFP, 12x1GbE, 1GbE Management, 1 Console2x10GbE SFP+, 4x1GbE SFP, 12x1GbE, 1GbE Management, 1 Console2x10GbE SFP+, 4x1GbE SFP, 12x1GbE, 1GbE Management, 1 Console8x1 GbE, 1GbE Management, 1 Console
ManagementCLI, SSH, GUI, GMSCLI, SSH, GUI, GMSCLI, SSH, GUI, GMSCLI, SSH, GUI, GMSCLI, SSH, GUI, GMS
Nodes SupportedUnrestrictedUnrestrictedUnrestrictedUnrestrictedUnrestricted
RAM4 GB4 GB2 GB2 GB512 MB
Visual Information Display (LCD Display)NNNNN
Site-to-Site VPN Tunnels60004000150080075
Global VPN Clients (Maximum)2000 (6000)2000 (4000)500 (3000)50 (1000)10 (250)
SSL VPN NetExtender Clients (Maximum)2 (1500)2 (1000)2 (500)2 (350)2 (250)
VLAN interfaces500400256256256
SonicPoints Wireless ControllerSSSSS
WWAN Failover (4G/LTE)SSSSS
Network Switch ManagementSSSSS
Firewall/VPN PerformanceNSA 6600NSA 5600NSA 4600NSA 3600NSA 2600
Firewall Inspection Throughput213 Gbps9 Gbps6 Gbps3.4 Gbps1.9 Gbps
Full DPI Performance (GAV/GAS/IPS)3 Gbps1.6 Gbps800 Mbps500 Mbps300 Mbps
Application Inspection Throughput4.5 Gbps3 Gbps2 Gbps1.1 Gbps700 Mbps
IPS Throughput4.5 Gbps3 Gbps2 Gbps1.1 Gbps700 Mbps
Anti-Malware Inspection Throughput3 Gbps1.7 Gbps1.1 Gbps600 Mbps400 Mbps
IMIX performance3.5 Gbps2.4 Gbps1.6 Gbps900 Mbps600 Mbps
SSL DPI Performance1.3 Gbps800 Mbps500 Mbps300 Mbps200 Mbps
VPN Throughput45 Gbps4.5 Gbps3 Gbps1.5 Gbps1.1 Gbps
Latency1624173845
Maximum Connections5750K750K400K325K225K
Maximum DPI Connections500K500K200K175K125K
DPI-SSL Connections60004000300020001000
New Connections/Sec9000060000400002000015000
FeaturesNSA 6600NSA 5600NSA 4600NSA 3600NSA 2600
LoggingAnalyzer, Local Log, SyslogAnalyzer, Local Log, SyslogAnalyzer, Local Log, SyslogAnalyzer, Local Log, SyslogAnalyzer, Local Log, Syslog
Network Traffic VisualizationSSSSS
Netflow/IPFIX ReportingSSSSS
SNMPSSSSS
AuthenticationXAUTH/ RADIUS, Active Directory, SSO, LDAP, Terminal Services6, Citrix6, Internal User DatabaseXAUTH/ RADIUS, Active Directory, SSO, LDAP, Terminal Services6, Citrix6, Internal User DatabaseXAUTH/ RADIUS, Active Directory, SSO, LDAP, Terminal Services6, Citrix6, Internal User DatabaseXAUTH/ RADIUS, Active Directory, SSO, LDAP, Terminal Services6, Citrix6, Internal User DatabaseXAUTH/ RADIUS, Active Directory, SSO, LDAP, Terminal Services6, Citrix6, Internal User Database
Dynamic RoutingBGP, OSPF, RIPBGP, OSPF, RIPBGP, OSPF, RIPBGP, OSPF, RIPBGP, OSPF, RIP
Single Sign-on (SSO)SSSSS
Voice over IP (VoIP) SecuritySSSSS
Interface to Interface ScanningSSSSS
PortShield SecuritySSSSS
Port AggregationSSSSS
Link RedundancySSSSS
Policy-based RoutingSSSSS
Route-based VPNSSSSS
Dynamic Bandwidth ManagementSSSSS
Stateful High AvailabilitySSSSS
Multi-WANSSSSS
Load BalancingSSSSS
Object-based ManagementSSSSS
Policy-based NATSSSSS
Inbound Load BalancingSSSSS
IKEv2 VPNSSSSS
Active/Active ClusterSSSSS
Terminal Services Authentication/Citrix SupportSSSSS
TLS/SL/SSH decryption and inspectionSSSSS
SSL Control for IPv6SSSS 
Auto-provision VPNSSSS 
Biometric AuthenticationSSSS 
DNS ProxySSSS 
FailoverNSA 6600NSA 5600NSA 4600NSA 3600NSA 2600
Hardware Failover   Active/Passive with State Sync, Active/Active DPI with State SyncActive/Passive with State Sync, Active/Active DPI with State Sync
Multi-WAN FailoverSSSSS
Automated Failover/FailbackSSSSS

Legend: S — Standard,  O — Optional,  N — Not available

1 Services must be purchased separately.

2 Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services.

3 Full DPI/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs.

4 VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544.

5 Actual maximum connection counts are lower when services are enabled.

6 Not supported on SuperMassive 9800