E-Class Network Security Appliance (NSA) Series
|SonicWALL NSA E5500 Appliance
Starting at $9,995.00
|SonicWALL NSA E6500 Appliance
Starting at $14,995.00
SonicWALL NSA E8500 Appliance
SonicWALL NSA E8510 Appliance
SonicWALL E-Class NSA Series:
SonicWALL E-Class NSA for Enterprise-class Deployments
Today's enterprise applications reside on both the network and in the cloud. These applications can be either productive business solutions or counterproductive—and often dangerous—diversions. Critical applications need bandwidth prioritization, while social media and gaming applications need to be bandwidth throttled or even completely blocked. Traditional stateful packet inspection firewalls only scan for ports and protocols—not applications—so they cannot tell the good applications from the bad.
SonicWALL® E-Class Network Security Appliance (NSA) Series solutions provide enterprise-performance featuring tightly integrated intrusion prevention, anti-malwareprotection and application intelligence, control and visualization. Combining SonicWALL's patented Reassembly-Free Deep Packet Inspection™ (RFDPI)* technology with a powerful multi-core hardware platform, E-Class NSA Series solutions can analyze and control thousands of unique applications, even if encrypted with SSL. Integrated application traffic analytics reporting provides the E-Class NSA Series with powerful insight into network usage.
Comprised of SonicWALL E-Class NSA E8510, E8500, E7500, E6500 and E5500 appliances, the E-Class NSA Series offers a broad range of scalable solutions for the most demanding of enterprise deployments in data centers, campus networks and distributed environments. As inline solutions, the E-Class NSA Series leverages existing infrastructure while adding an extra layer of network security and visibility. In security gateway deployments, it adds secure remote access, high availability and other enterprise features.
The E-Class NSA Series is a key part of SonicWALL's portfolio of enterprise-class products and services for network security, email security and secure remote access.
- Next-Generation Firewall
- 10 GbE connectivity
- Powerful intrusion prevention
- Application intelligence, control and visualization
- Reassembly-Free Deep Packet Inspection technology
- Flexible deployment
- Deep Packet Inspection of SSL-encrypted traffic (DPI SSL)
- SonicWALL Global Response Intelligent Defense (GRID) Network
- WAN Acceleration Remote access for the mobile enterprise
Features & Benefits
- SonicWALL's Next-Generation Firewall including Reassembly-Free Deep Packet Inspection tightly integrates intrusion prevention, malware protection, and newly enhanced application intelligence and control with real-time visualization.
- 10 GbE connectivity on the NSA E8510 allows deployment to environments with a 10 GbE infrastructure.
- Powerful intrusion prevention protects against a comprehensive array of network-based application layer threats by scanning packet payloads for worms, Trojans, software vulnerabilities, application exploits, and other malicious code.
- Application intelligence, control and visualization provides granular control and real-time visualization of applications to guarantee bandwidth prioritization and ensure maximum network security and productivity.
- Reassembly-Free Deep Packet Inspection technology provides control for thousands of applications and detects millions of pieces of malware to protect the network automatically and seamlessly, while inspecting hundreds of thousands of connections simultaneously across all ports, with near zero latency and unlimited stream size.
- Flexible deployment as either a traditional gateway or as an inline solution allows administrators to keep their existing network infrastructure, while adding application intelligence and control as an extra layer of security and visibility.
- Deep Packet Inspection of SSL-encrypted traffic (DPI SSL) transparently decrypts and scans both inbound and outbound HTTPS traffic using SonicWALL RFDPI. The traffic is then re-encrypted and sent to its original destination if no threats or vulnerabilities are discovered.
- The SonicWALL Global Response Intelligent Defense (GRID) Network continually updates threat protection, intrusion detection and prevention and application control services on a 24x7 basis to maximize security. The full suite of threat prevention services can defend against over a million unique malware attacks.
- WAN Acceleration decreases latency and increases transfer speeds between remote sites for even higher network efficiency gains.
- Remote access for the mobile enterprise provides secure connectivity to corporate resources from Windows, Windows Mobile, Linux, Apple Macintosh and iOS and Google Android devices.
* U.S. Patents 7,310,815; 7,600,257; 7,738,380; 7,835,361
Application Intelligence and Control Technology
SonicWALL Application Intelligence and Control provides granular control and real-time visualization of applications to guarantee bandwidth prioritization and ensure maximum network security and productivity. An integrated feature of SonicWALL Next-Generation Firewalls, it uses Reassembly-Free Deep Packet Inspection technology to identify and control applications in use, regardless of port or protocol. With a continuously expanding threat signature database that currently recognizes over 3,700 applications and millions of malware threats, it can maintain granular control over applications, prioritize or throttle bandwidth and deny web site access. The SonicWALL App Flow Monitor provides real-time graphs of applications, ingress and egress bandwidth, active web site connections and user activity, and can continuously send data to NetFlow/IPFIX analyzers.
Reassembly-Free Deep Packet Inspection Engine
The SonicWALL Reassembly-Free Deep Packet Inspection delivers a scalable application inspection engine that can analyze files and content of any size in real-time without reassembling packets or application content. This means of inspection is designed specifically for real-time applications and latency sensitive traffic, delivering control without having to proxy connections. Using this engine design, high-speed network traffic is inspected more efficiently and reliably for an improved end user experience.
Flexible, Customizable Deployment Options
Central-site Gateway: Deployed as a central-site gateway, the E-Class NSA Series provides a high-speed scalable platform, providing network segmentation and security using VLANs and security zones. Redundancy features include WAN Load balancing, ISP failover and Active/Active DPI.
Layer 2 Bridge: Layer 2 bridge mode provides inline intrusion detection and prevention, adds an additional level of zone-based security to network segments or business units and simplifies layered security. Additionally, this enables administrators to limit access to sensitive data by specific business unit or database server.
Remote Site Protection
The E-Class NSA Series incorporates ultra-high performance Virtual Private Networks (VPNs) that easily scale to thousands of endpoints and branch offices. Innovative SonicWALL Clean VPN™ technology prevents vulnerabilities and malicious code by decontaminating traffic before it enters the corporate network, in real-time and without user intervention.
Easily integrated into existing environments, E-Class NSAs centralize gateway-level protection across all incoming and outgoing applications, files and content-based traffic, while controlling bandwidth and applications, without significantly impacting performance or scalability.
The highly-configurable E-Class NSA Series extends protection over the internal network by inspecting traffic over LAN interfaces and VLANs. Specifically designed for LAN network threats, the E-Class NSA Series monitors and responds to internally spreading malware, denial of service attacks, exploited software vulnerabilities, confidential documents, policy violations and network misuse.
Desktop and Server Protection
In addition to network and gateway based protection, the E-Class NSA Series provides additional endpoint protection for workstations and servers through an enforced anti-virus and anti-spyware client with advanced heuristics. This enforced client solution delivers network access control by restricting Internet access on endpoints that do not have the latest signature or engine updates. When enforcement is enabled on the appliance, each endpoint is directed to download the enforced anti-virus and anti-spyware client without any administrator intervention, automating the deployment of endpoint security.
Centralized Policy Management
The SonicWALL Global Management System (GMS®) provides organizations, distributed enterprises and service providers with a flexible, powerful and intuitive solution to centrally manage and report on E-Class NSA Next-Generation Firewalls.
|NSA E-Class Series||E5500||E6500||E7500||E8500||E8510|
|SonicOS Version||SonicOS Enhanced 5.6 (or higher)||SonicOS Enhanced 18.104.22.168 (or higher)|
|Stateful Throughput1||3.9 Gbps||5 Gbps||5.6 Gbps||8.0 Gbps|
|GAV Performance2||1.0 Gbps||1.69 Gbps||1.84 Gbps||2.25 Gbps|
|IPS Performance2||2.0 Gbps||2.3 Gbps||2.58 Gbps||3.7 Gbps|
|UTM Performance2||850 Mbps||1.59 Gbps||1.7 Gbps||2.2 Gbps|
|IMIX Performance3||1.1 Gbps||1.4 Gbps||1.6 Gbps||2.0 Gbps|
|Maximum UTM Connections||500,000||600,000||1,000,000||1,250,000|
|Denial of Service Attack Prevention||22 classes of DoS, DDoS and scanning attacks|
|SonicPoints Supported (maximum)||96||128|
|3DES/AES Throughput4||1.7 Gbps||2.7 Gbps||3.0 Gbps||4.0 Gbps|
|Site-to-Site VPN Tunnels||4,000||6,000||10,000|
|Bundled Global VPN Client Licenses for Remote Access (maximum)||2,000 (4,000)||2,000 (6,000)||2,000 (10,000)|
|Bundled SSL VPN Licenses (maximum)||2 (50)||2 (50)||2 (50)|
|Virtual Assist Bundled (maximum)||1 (25)||1 (25)||1 (25)|
|Encryption/Authentication/DH Groups||DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1/DH Groups 1, 2, 5, 14|
|Key Exchange||IKE, IKEv2, Manual Key, PKI (X.509), L2TP over IPSec|
|Route-based VPN||Yes (OSPF, RIP)|
|Certificate Support||Verisign, Thawte, Cybertrust, RSA Keon, Entrust, and Microsoft CA for SonicWALLto-SonicWALL VPN, SCEP|
|Redundant VPN Gateway||Yes|
|Global VPN Client Platforms Supported||Microsoft Windows 2000, Windows XP, Microsoft Vista 32-bit/64 bit, Windows 7|
|SSL VPN Platforms Supported||Microsoft® Windows 2000 / XP / Vista 32/64-bit / Windows 7 32/64-bit, Mac 10.4+, Linux FC 3+ / Ubuntu 7+ / OpenSUSE|
|MobileConnect Platform Supported||iOS 4.2 and higher|
|Deep Packet Inspection Security Services|
|Deep Packet Inspection Service||Intrusion Prevention, Gateway Anti-Virus, Anti-Spyware and Application Intelligence|
|Content Filtering Service (CFS) Premium Edition||HTTP, URL, HTTPS IP, keyword and content scanning ActiveX, Java Applet, and Cookie blocking, bandwidth management on rating categories, custom allow/forbid lists|
|Enforced Client Anti-Virus and Anti-Spyware||HTTP/S, SMTP, POP3, IMAP and FTP, Enforced McAfee™ Clients Email attachment blocking|
|Comprehensive Anti-Spam Service5||Supported|
|Application Intelligence and Control||Application bandwidth management and control, prioritize or block application by signatures, control file transfers, scan for key words or phrases|
|DPI-SSL||Provides the ability to decrypt HTTPS traffic transparently, scan this traffic for threats using SonicWALL's Deep Packet Inspection technology (GAV/AS/IPS/Application Intelligence/CFS), then re-encrypt the traffic and send it to its destination if no threats or vulnerabilities are found. This feature works for both clients and servers.|
|IP Address Assignment||Static, (DHCP, PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP relay|
|NAT Modes||1:1, 1:many, many:1, many:many, flexible NAT (overlapping IPs), PAT, transparent mode|
|VLAN Interfaces (802.1q)||400||500||512|
|Routing||OSPF, RIPv1/v2, static routes, policy-based routing, Multicast|
|QoS||Bandwidth priority. maximum bandwidth, guaranteed bandwidth, DSCP marking, 802.1p|
|Authentication||XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix|
|Internal Database/Single Sign-on Users||1,500/2,500 Users||2,500/4,000 Users||2,500/7,000 Users|
|VoIP||Full H.323v1-5, SIP, gatekeeper support, outbound bandwidth management, VoIP over WLAN, deep inspection security, full interoperability with most VoIP gateway and communications devices|
|Management and Monitoring||Web GUI (HTTP, HTTPS), Command Line (SSH, Console), SNMP v2: Global management with SonicWALL GMS|
|Logging and Reporting||Analyzer, Scrutinizer, GMS, Local Log, Syslog, Solera Networks, NetFlow v5/v9, IPFIX with Extensions, Real-time Visualization|
|High Availability||Active/Passive with State Synch, Active/Active DPI|
|Load Balancing||Yes, (Outgoing with percent-based, round robin and spill-over) (Incoming with round robin, random distribution, sticky IP, block remap and symmetrical remap)|
|Standards||TCP/IP, UDP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3|
|Wireless Standards||802.11 a/b/g/n, WEP, WPA, WPA2, TKIP, 802.1x, EAP-PEAP, EAP-TTLS|
|WAN Acceleration Support6||Yes|
|Interfaces||(8) 10/100/1000 Copper Gigabit Ports, 1Gbe HA Interface, 1 Console Interface, 2 USB||(4) SFP (SX, LX or TX), (4) 10/100/1000 GbE, 1GbE HA Interface, 2 USB, 1 Console Interface||(2) SFP+ 10GbE, (4) 10/100/1000 GbE, 1 GbE HA Interface, 2 USB, 1 Console Interface|
|Memory (RAM)||1 GB||1 GB||2 GB||4 GB|
|Flash Memory||512 MB Compact Flash|
|3G Wireless/Modem*||With a supported 3G Adapter or Analog Modem|
|Power Supply||Single 250W ATX Power Supplies||Dual 250W ATX, Hot Swappable|
|Fans||Dual Fans, Hot Swappable|
|Display||Front LCD Display|
|Power Input||100-240Vac, 60-50Hz|
|Max Power Consumption||81 W||90 W||150 W|
|Total Heat Dissipation||276 BTU||307 BTU||511.5 BTU|
|Certifications||EAL4+, FIPS 140-2 Level 2, VPNC, ICSA Firewall 4.1 , IPv6 Phase 1, IPv6 Phase 2||ICSA Firewall 4.1|
|Certifications Pending||-||EAL4+, FIPS 140-2 Level 2, VPNC, IPv6 Phase 1 and 2||EAL4+, FIPS 140-2 Level 2, VPNC, ICSA Firewall 4.1, IPv6 Phase 1 and 2|
|Form Factor||1U rack-mountable|
|Dimensions||17 x 16.75 x 1.75 in/43.18 x 42.54 x 4.44 cm|
|Weight:|| 15.00 lbs
| 15.10 lbs
| 17.30 lbs
|WEEE Weight:|| 15.00 lbs
| 15.10 lbs
| 17.30 lbs
|Major Regulatory||FCC Class A, CES Class A, CE, C-Tick, VCCI, Compliance MIC, UL, cUL, TUV/GS, CB, NOM, RoHS, WEEE|
|Environment||40-105 F, 5-40 C|
1 Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services.
2 Full DPI/Gateway AV/ Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs.
3 Actual maximum connection counts are lower when Full DPI services are enabled.
4 VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544.
5 The Comprehensive Anti-Spam Service supports an unrestricted number of users but is recommended for 250 users or less.
6 With SonicWALL WXA Series Appliances.
*Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP Performance test.