1. Home
  2. Network Security
  3. SonicWall NSA Series

SonicWall Network Security Appliance (NSA) Series

loading

Take Tour

SonicWALL NSA 6600

SonicWALL NSA 6600

Secure large distributed and corporate central site environments requiring high throughput capacity and performance, with the SonicWALL NSA 6600.

SonicWALL NSA 250M

SonicWALL NSA 250M

Easily deploy and manage an array of advanced, flexible networking and configuration features in a wide variety of environments, with the accessible, affordable SonicWALL NSA 250M business firewall appliance.

SonicWALL NSA 2600

SonicWALL NSA 2600

Safeguard small organizations, branch offices and school campuses with the best-in-class security and performance of the NSA 2600 appliance.

SonicWALL NSA 3600

SonicWALL NSA 3600

Secure branch office sites in distributed enterprise, small- to medium-sized businesses and retail environments, with the SonicWALL NSA 3600.

SonicWALL NSA 4600

SonicWALL NSA 4600

Secure branch office and small- to medium-sized corporate environments concerned about throughput capacity and performance, with the SonicWALL NSA 4600.

SonicWALL NSA 5600

SonicWALL NSA 5600

Secure distributed, branch office and corporate environments needing significant throughput, with the SonicWALL NSA 5600.

Get a deeper level of security that grows with your business

Achieve a deeper level of security with the SonicWall Network Security Appliance (NSA) Series of next-generation firewalls. NSA Series appliances integrate automated and dynamic security capabilities into a single platform, combining the patented1 SonicWall Reassembly Free Deep Packet Inspection (RFDPI) firewall engine with a powerful, massively scalable, multi-core architecture. Now you can block even the most sophisticated threats with a multi-engine sandbox (Capture ATP), an intrusion prevention system (IPS) featuring advanced anti-evasion capabilities, SSL decryption and inspection, and network-based malware protection that leverages the power of the cloud.

Try Online

Overview

Centralized control over your next-generation security

Achieve a deep level of security with a single firewall appliance. NSA Series firewalls consolidate intrusion prevention; gateway anti-virus and anti-spyware; network-based malware protection; and application intelligence and control. You can also add bandwidth management; application blocking; and connectivity and security capabilities such as a multi-engine sandbox (Capture APT), SSL VPN, IPSec VPN, content filtering, anti-virus and anti-spam.

Around-the-clock protection from the latest daily threats

Safeguard your organization around the clock with the sophisticated security capabilities of NSA Series firewalls. The RFDPI engine inspects every byte of every packet and scans all network traffic — regardless of port or protocol. Real-time SSL decryption and inspection enables you to visualize and control application traffic as it crosses the network, and NSA Series firewalls have access to a continually updated cloud database that has more than 12.6 million variants of malware to protect your organization from the most recent threats.

Enhanced network performance

Give your organization the performance it needs to grow. NSA Series firewalls surpass traditional single-core and ASIC processors, delivering a multi-core design that ensures deep-packet inspection while scaling easily for future growth.

Low cost of ownership

Lower your TCO with easy deployment, configuration and maintenance. The intuitive design and superior power efficiency of NSA Series firewalls make it easy to achieve deep security.

Features

SonicWALL NSA 6600

SonicWall NSA 6600

Secure large distributed and corporate central site environments requiring high throughput capacity and performance, with the SonicWall NSA 6600.

SonicWALL NSA 5600

SonicWall NSA 5600

Secure distributed, branch office and corporate environments needing significant throughput, with the SonicWall NSA 5600.

SonicWALL NSA 4600

SonicWall NSA 4600

Secure branch office and small- to medium-sized corporate environments concerned about throughput capacity and performance, with the SonicWall NSA 4600.

SonicWALL NSA 3600

SonicWall NSA 3600

Secure branch office sites in distributed enterprise, small- to medium-sized businesses and retail environments, with the SonicWall NSA 3600.

SonicWALL NSA 2600

SonicWall NSA 2600

Safeguard small organizations, branch offices and school campuses with the best-in-class security and performance of the NSA 2600 appliance.

SonicWALL NSA 250M

SonicWall NSA 250M

Easily deploy and manage an array of advanced, flexible networking and configuration features in a wide variety of environments, with the accessible, affordable SonicWall NSA 250M business firewall appliance.

Services

Advanced Gateway Security Suite (AGSS)

Leverage SonicWall Advanced Gateway Security Suite (AGSS) to deliver a multi-engine sandbox, powerful anti‐virus, anti‐spyware, intrusion prevention, content filtering, as well as application intelligence and control services. An upgrade over CGSS, this package features Capture Advanced Threat Protection (ATP), a multi-engine sandbox that runs and inspects suspicious files, programs and code in an isolated cloud-based environment.

Comprehensive Gateway Security Suite (CGSS)

Get the most from your deep packet inspection firewall with the SonicWall Comprehensive Security Suite (CGSS) subscription. CGSS includes gateway anti-virus, anti-spyware, intrusion prevention, application intelligence and control service, content/URL filtering and 24x7 support. Combine security, productivity and support in a single, bundled solution that lowers TCO.

Gateway security services

Enable your business firewall to provide real-time network threat prevention with SonicWall gateway anti-virus, anti-spyware, intrusion prevention and application intelligence and control. Block the latest blended threats — including viruses, spyware, worms, Trojans, software vulnerabilities and other malicious code. Guarantee bandwidth prioritization and ensure maximum network security and productivity with granular policies for both groups and users.

Capture Advanced Threat Protection

The cloud-based SonicWall Capture Advanced Threat Protection Service scans a broad range of files to detect advanced threats, analyzes them in a multi-engine sandbox, blocks them prior to a security verdict, and rapidly deploys remediation signatures. The result is higher security effectiveness, faster response times and a lower total cost of ownership.

Content filtering services

Gain a cost-effective, easy-to-manage way to enforce protection and productivity policies, and block inappropriate, unproductive and dangerous web content in educational, business or government environments. SonicWall Content Filtering Service lets you control access to websites based on rating, IP address, URL and more. You get the ideal combination of control and flexibility to ensure the highest levels of protection and productivity, which you can configure and control from your network security appliance, eliminating the need for a costly, dedicated filtering solution. Extend enforcement of your internal policies to devices located outside the firewall perimeter by blocking unwanted internet content with the content filtering client.

Content Filtering Client

Extend the enforcement of web policies in IT-issued devices outside the network perimeter. Although it doesn’t require a firewall, it can be optionally coupled with SonicWall Content Filtering Service as an ideal combination to keep students and employees off of dangerous or non-productive websites by switching to cloud-enforced policies even when they are using roaming devices.

Support services

Benefit from advanced technical assistance and ongoing software and firmware updates with SonicWall Dynamic Support. The service includes:

  • Telephone and web-based support 24x7
  • Direct access to highly-trained senior support engineers
  • Advance exchange hardware replacement in the event of a failure
  • Access to electronic support tools

TotalSecure hardware & services bundle

Enjoy the convenience and affordability of deploying your firewall as a SonicWall TotalSecure solution. This combines the hardware and services needed for comprehensive network protection from viruses, spyware, worms, Trojans, key loggers and more — without the complexity of building your own security package.

Comprehensive anti-spam service

Block threats from your email server and stop spam at the gateway by adding SonicWall Comprehensive Anti-Spam Service (CASS) to your SonicWall firewall. Rapidly deploy your spam firewall software with one-click activation of up to 250 users.

Enforced client anti-virus and anti-spyware software

Execute an innovative, multi-layered, anti-virus internet security strategy with SonicWall firewalls and Enforced Client Anti-Virus and Anti-Spyware software. You get SonicWall Reassembly-Free Deep Packet Inspection anti-malware at the gateway, and enforced anti-virus protection at the endpoints. You can redirect any user with a non-compliant endpoint to a web page to install the latest Enforced Client Anti-Virus and Anti-Spyware software. Provide automatically updated security definitions to the endpoint as soon as they become available. Plus, you can automate enforcement to minimize administrative overhead.

Comparison

 SonicWall NSA Series

 View a comparison matrix that compares the various models
 of the NSA Series.
 View Matrix

 NSA 250M/WNSA 2600NSA 3600NSA 4600NSA 5600NSA 6600
Overview
Operating systemSonicOS 5.9SonicOS 6.2SonicOS 6.2SonicOS 6.2SonicOS 6.2SonicOS 6.2
Security Processor2x 700 MHz4x 800 MHz6x 800 MHz8x 1.1 GHz10x 1.3 GHz24x 1.0 GHz
Memory(RAM)512 MB2 GB2 GB2 GB4 GB4 GB
10 GbE SFP+ interfaces--222 4
1 GbE SFP interfaces--4448
1 GbE Copper interfaces581212128
1GbE Copper Management interfaces-11111
ExpansionExpansion Slot (Rear), SD Card, USBExpansion Slot (Front), SD Card, USBExpansion Slot (Rear), SD Card, USBExpansion Slot (Rear), SD Card, USBExpansion Slot (Rear), SD Card, USBExpansion Slot (Rear), SD Card, USB
Firewall inspection throughput1750 Mbps1.9 Gbps3.4 Gbps6.0 Gbps9.0 Gbps12.0 Gbps
Full DPI throughput2130 Mbps300 Mbps500 Mbps800 Mbps1.6 Gbps3.0 Gbps
Application inspection throughput2250 Mbps700 Mbps1.1 Gbps2.0 Gbps3.0 Gbps4.5 Gbps
IPS throughput2250 Mbps700 Mbps1.1 Gbps2.0 Gbps3.0 Gbps4.5 Gbps
Anti-malware inspection throughput2140 Mbps400 Mbps600 Mbps1.1 Gbps1.7 Gbps3.0 Gbps
IMIX throughput3210 Mbps600 Mbps900 Mbps1.6 Gbps2.4 Gbps3.5 Gbps
SSL Inspection and Decryption (DPI SSL)2Available200 Mbps300 Mbps500 Mbps800 Mbps1.3 Gbps
VPN throughput3200 Mbps1.1 Gbps1.5 Gbps3.0 Gbps4.5 Gbps5.0 Gbps
Connections per second3,000/sec15,000/sec20,000/sec40,000/sec60,000/sec90,000/sec
Maximum connections (SPI)110,000225,000325,000400,000562,500750,000
Maximum connections (DPI)64,000125,000175,000200,000375,000500,000
Single Sign On(SSO) Users25030,00040,00050,00060,00070,000
VLAN interfaces35256256256400500
SonicPoints supported (Maximum)1632486496128
 NSA 250M/WNSA 2600NSA 3600NSA 4600NSA 5600NSA 6600
VPN
Site-to-Site VPN Tunnels5075800150040006000
IPSec VPN clients(Maximum)2(25)10 (250)50 (1,000)500 (3,000)2,000 (4,000)2,000 (6,000)
SSL VPN licenses(Maximum)2(15)2 (250)2 (350)2 (500)2 (1000)2 (1500)
Encryption/AuthenticationDES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1
Key exchangeDiffie Hellman Groups 1, 2, 5, 14
Route-based VPNRIP, OSPF
 NSA 250M/WNSA 2600NSA 3600NSA 4600NSA 5600NSA 6600
Networking
IP address assignmentStatic,(DHCP PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP Relay
NAT modes1:1, many:1, 1:many, flexible NAT (overlapping IPS), PAT, transparent mode
Routing protocolsBGP, OSPF, RIPv1/v2, static routes, policy-based routing, multicast
QoSBandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p
AuthenticationXAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix
VoIPFull H323-v1-5, SIP
StandardsTCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3
CertificationsVPNC, ICSA Firewall, ICSA Anti-Virus, FIPS 140-2, Common Criteria EAL 1+VPNC, ICSA Firewall, ICSA Anti-Virus, FIPS 140-2, Common Criteria EAL 1+, UC APL
Common Access Card (CAC)SonicOS 5.9PendingPendingPendingPendingPending
 NSA 250M/WNSA 2600NSA 3600NSA 4600NSA 5600NSA 6600
Hardware
Form factorDesktop (1U Rack Mountable Kit Available)1U Rack Mountable
Fans2 Internal fansDual, FixedDual, FixedDual, FixedDual, FixedDual, redundant, hot swappable
Power Supply(W)36200250250250250
Maximum power consumption (W)12 / 1649.474.386.790.9113.1
Input power100-240 VAC, 60-50 Hz100-240 VAC, 60-50 Hz100-240 VAC, 60-50 Hz100-240 VAC, 60-50 Hz100-240 VAC, 60-50 Hz100-240 VAC, 60-50 Hz
Dimensions1.4 x 7.1 x 10.7 (3.5 x 18 x 27cm)1.75x10.25x17 in (4.5x26x43 cm)1.75 x 19.1 x 17 in (4.5 x 48.5 x 43.3 cm)
Weight3.05 lbs/1.38 kg/3.15 lbs/1.43 kg10.1 lb / 4.6 kg13.56 lb/6.15 Kg14.93 lb/6.77 Kg
WEEE weight4.4 lbs/2.0kg/4.65 lbs/2.11 kg11.0 lb/5.0 kg14.24 lb/6.46 Kg19.78 lb/8.97 Kg
Shipping weight5.6 lbs/5.9 lbs14.3 lb/6.5 kg20.79lb/9.43 Kg26.12 lb/11.85 Kg
MTBF (Years)23.4/14.120.216.81615.413.3
Environment40-105 F, 0 - 40 C32-105 F, 0-40 deg C
Humidity5 - 95% non-condensing10-90% non-condensing
 NSA 250M/WNSA 2600NSA 3600NSA 4600NSA 5600NSA 6600
Regulatory
NSA 250MFCC Class A, ICES Class A, CE (EMC, LVD, RoHS), C-Tick, VCCI Class A, MSIP/KCC Class A, UL, cUL, TUV/GS, CB, Mexico CoC by UL, WEEE, REACH, ANATEL, BSMI, CU
NSA 250MWFCC Class A, FCC Cert, ICES Class A, IC Cert, CE (EMC, LVD, RoHS, R&TTE), C-Tick, UL, cUL, TUV/GS, CB, Mexico CoC by UL, WEEE, REACH, ANATEL, BSMI, NCC Taiwan
NSA 2400FCC Class A, ICES Class A, CE (EMC, LVD, RoHS), C-Tick, VCCI Class A, MSIP/KCC Class A, UL, cUL, TUV/GS, CB, Mexico CoC by UL, WEEE, REACH, ANATEL, BSMI, CU
NSA 2600FCC Class A, ICES Class A, CE (EMC, LVD, RoHS), C-Tick, VCCI Class A, MSIP/KCC Class A, UL, cUL, TUV/GS, CB, Mexico CoC by UL, WEEE, REACH, ANATEL, BSMI, CU
NSA 3600FCC Class A, ICES Class A, CE (EMC, LVD, RoHS), C-Tick, VCCI Class A, MSIP/KCC Class A, UL, cUL, TUV/GS, CB, Mexico CoC by UL, WEEE, REACH, ANATEL, BSMI, CU
NSA 4600FCC Class A, ICES Class A, CE (EMC, LVD, RoHS), C-Tick, VCCI Class A, MSIP/KCC Class A, UL, cUL, TUV/GS, CB, Mexico CoC by UL, WEEE, REACH, ANATEL, BSMI, CU
NSA 5600FCC Class A, ICES Class A, CE (EMC, LVD, RoHS), C-Tick, VCCI Class A, MSIP/KCC Class A, UL, cUL, TUV/GS, CB, Mexico CoC by UL, WEEE, REACH, ANATEL, BSMI, CU
NSA 6600FCC Class A, ICES Class A, CE (EMC, LVD, RoHS), C-Tick, VCCI Class A, MSIP/KCC Class A, UL, cUL, TUV/GS, CB, Mexico CoC by UL, WEEE, REACH, ANATEL, BSMI, CU
 NSA 250M/WNSA 2600NSA 3600NSA 4600NSA 5600NSA 6600
Integrated Wireless
Standards802.11a/b/g/n(WEP, WPA, WPA2, 802.11i, TKIP, PSK,02.1x, EAP-PEAP, EAP-TTLS
Virtual access points (VAPs)5 antennas (5 dBi Diversity)External triple, detachable
Radio power-802.11a/802.11b/802.11g15.5 dBm max/18 dBm max/17 dBM @ 6 Mbps, 13 dBM @ 54 Mbps
Radio power-802.11n (2.4GHz)/802.11n (5.0GHz)19 dBm MCS 0, 11 dBm MCS 15/17 dBm MCS 0, 12 dBm MCS 15
Radio receive sensitivity-802.11a/802.11b/802.11g-95 dBm MCS 0, -81 dBm MCS 15/-90 dBm @ 11Mbps/-91 dBm @ 6Mbps, -74 dBm @ 54 Mbps
Radio receive sensitivity-802.11n(2.4GHz)/802.11n(5.0GHz)-89 dBm MCS 0, -70 dBm MCS 15/-95 dBm MCS 0, -76 dBm MCS 15

1 Testing Methodologies: Maximum performance based on RFC 2544(for firewall). Actual performance may vary depending on network conditions and activated services.
2 Full DPI/GatewayAV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs.
3 VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544. All specifications, features and availability are subject to change.
*Future use.

Videos

Datasheets

White Papers

Infographics

Case Studies

Technical Briefs

On-Demand Webcasts

Support Docs, Notes and Guides