SonicWALL NSA Models: (Click appliance to view
product's page and pricing)
SonicWALL NSA Series:
 The SonicWALL Network Security Appliance Series:
Next Generation Unified Threat Management Protection
Organizations of all sizes depend on their networks to access internal and external mission-critical applications. As advances in networking continue to provide tremendous benefit to organizations, they are increasingly challenged by sophisticated and financially-motivated attacks designed to disrupt communication, degrade performance and compromise data.
Malicious attacks penetrate outdated stateful packet inspection firewalls by exploiting higher network levels. Point products add layers of security, but are costly, difficult to manage, limited in controlling network misuse and ineffective against the latest multipronged attacks. The SonicWALL® Network Security Appliance (NSA) Series revolutionizes network security, utilizing a breakthrough multi-core design and patented Reassembly-Free Deep Packet Inspection™ (RFDPI) technology* offering complete protection without compromising network performance. This platform was first made available on the SonicWALL E-Class NSA Series, and it is now available for mid-sized organizations.
The NSA Series overcomes the limitations of existing security solutions by scanning the entirety of each packet for current internal and external threats in real time. Built on a high-speed multi-core processing platform, the NSA Series enables deep packet inspection without adversely impacting the performance of mission-critical networks and applications.
The NSA Series applies next-generation Unified Threat Management (UTM) against a comprehensive array of attacks, combining intrusion prevention, anti-virus and anti-spyware with the application-level control of SonicWALL Application Intelligence Service. With advanced routing, stateful high-availability and high-speed IPSec and SSL VPN technology, the NSA Series adds security, reliability, functionality and productivity to branch offices, central sites and distributed mid-enterprise networks, while minimizing cost and complexity.
Comprised of the SonicWALL NSA 240, 2400, NSA 3500 and NSA 4500, the NSA Series offers a scalable range of solutions designed to meet the network security needs of any organization.
- SonicWALL’s next generation security
- Scalable multi-core hardware and Reassembly-Free Deep Packet Inspection
- Stateful High Availability and load balancing features
- High performance and lowered TCO
- Advanced routing services and networking features
- Standards-based Voice over IP (VoIP)
- Secure distributed wireless LAN services
- Onboard Quality of Service (QoS)
*U.S. Patent 7,310,815–A method and apparatus for data stream analysis and blocking.
Features & Benefits:
- SonicWALL’s next generation security incorporates a new level of UTM that integrates intrusion prevention, gateway anti-virus and anti-spyware and features the Application Intelligence Service suite of configurable tools to prevent data leakage and offer granular application control.
- Scalable multi-core hardware and Reassembly-Free Deep Packet Inspection scans and eliminates threats of unlimited file sizes, and provides virtually unrestricted concurrent connections with uncompromising speed. The NSA 240 can be configured using primary or secondary modem or 3G wireless interfaces for future-proofed extensibility.
- Stateful High Availability and load balancing features in SonicOS 5.5 Enhanced maximize total network bandwidth and maintain seamless network uptime, delivering uninterrupted access to mission-critical resources, and ensuring that VPN tunnels and other network traffic will not be interrupted in the event of a failover.
- High performance and lowered TCO are achieved by using the processing power of multiple cores in unison to dramatically increase throughput and provide simultaneous inspection capabilities, while lowering power consumption.
- Advanced routing services and networking features incorporate advanced networking and security technology including 802.1q VLANs, Multi-WAN failover, zone and object-based management, load balancing, advanced NAT modes and more, providing granular configuration flexibility and comprehensive protection at the administrator’s discretion.
- Standards-based Voice over IP (VoIP) capabilities provide the highest levels of security for every element of the VoIP infrastructure, from communications equipment to VoIP-ready devices such as SIP Proxies, H.323 Gatekeepers and Call Servers.
- Secure distributed wireless LAN services enable the appliance to function as a secure wireless switch and controller that automatically detects and configures SonicPoints,™ SonicWALL wireless access points, for secure remote access in distributed network environments.
- Onboard Quality of Service (QoS) features use industry standard 802.1p and Differentiated Services Code Points (DSCP) Class of Service (CoS) designators to provide powerful and flexible bandwidth management that is vital for VoIP, multimedia content and business-critical applications.ed management, load
balancing, advanced NAT modes and more, providing
granular configuration flexibility and comprehensive
protection at the administrator’s discretion.
Flexible, Customizable Deployment Options:
Every SonicWALL Network Security Appliance solution delivers next generation Unified Threat Management protection, utilizing a breakthrough multi-core hardware design and Reassembly-Free Deep Packet Inspection for internal and external network protection without compromising network performance. Each NSA Series product combines high-speed intrusion prevention, file and content inspection, and powerful Application Intelligence Service controls with an extensive array of advanced networking and flexible configuration features. The NSA Series offers an accessible, affordable platform that is easy to deploy and manage in a wide variety of corporate, branch office and distributed network environments.
- The SonicWALL NSA 4500 is ideal for corporate central-site and large distributed environments requiring high throughput capacity and performance
- The SonicWALL NSA 3500 is ideal for corporate, branch office and distributed environments needing significant throughput capacity and performance
- The SonicWALL NSA 2400 is ideal for small- to medium-sized corporate and branch office environments concerned about throughput capacity and performance
- The SonicWALL NSA 240 is ideal for small- to medium- sized businesses and branch office sites
Specifications:
| Model Comparison |
| Appliance: |
NSA 240 |
NSA 2400MX |
NSA 2400 |
NSA 3500 |
NSA 4500 |
| Firewall |
| SonicOS Version |
SonicOS Enhanced 5.7 (or higher) |
| Stateful Throughput1 |
600 Mbps |
775 Mbps |
775 Mbps |
1.5 Gbps |
2.75 Gbps |
| GAV Performance2 |
115 Mbps |
160 Mbps |
160 Mbps |
350 Mbps |
690 Mbps |
| IPS Performance2 |
195 Mbps |
275 Mbps |
275 Mbps |
750 Mbps |
1.4 Gbps |
| UTM Performance2 |
110 Mbps |
150 mbps |
150 Mbps |
240 Mbps |
600 Mbps |
| IMIX Peformance2 |
195 Mbps |
235 Mbps |
235 Mbps |
580 Mbps |
700 Mbps |
| Maximum Connections3 |
85,000 / 110,0004 |
225,000 |
225,000 |
325,000 |
500,000 |
| Maximum UTM Connections |
32,000 / 50,0004 |
125,000 |
125,000 |
175,000 |
250,000 |
| New Connections/Sec |
2,000 |
4,000 |
4,000 |
7,000 |
10,000 |
| Nodes Supported |
Unrestricted |
| Denial of Service Attack Prevention |
22 classes of DoS, DDoS and scanning attacks |
| SonicPoints Supported (maximum) |
16 |
32 |
32 |
32 |
64 |
| VPN |
| 3DES/AES Throughput5 |
150 Mbps |
300 Mbps |
300 Mbps |
625 Mbps |
1.0 Gbps |
| Site-to-Site VPN Tunnels |
25 / 504 |
75 |
75 |
800 |
1,500 |
| Bundled Global VPN Client Licenses for
Remote Access (Maximum) |
2 (25) |
10 (250) |
10 (250) |
50 (1,000) |
500 (3,000) |
| Bundled SSL VPN Licenses (Maximum) |
2 (15) |
2 (25) |
2 (25) |
2 (30) |
2 (30) |
| Virtual Assist Bundled (Maximum) |
1 30-day trial (5) |
1 (5) |
1 (5) |
2 (10) |
2 (10) |
| Encryption/Authentication/DH Group |
DES, 3DES, AES (128, 192, 256-bit), MD5, SHA-1/DH Groups 1, 2, 5, 14 |
| Key Exchange |
IKE, IKEv2, Manual Key, PKI (X.509), L2TP over IPSec |
| Route-Based VPN |
Yes (OSPF, RIP) |
| Certificate Support |
Verisign, Thawte, Cybertrust, RSA Keon, Entrust, and Microsoft CA for SonicWALL-to-SonicWALL VPN, SCEP |
| Dead Peer Detection |
Yes |
| DHCP Over VPN |
Yes |
| IPSec NAT Traversal |
Yes |
| Redundant VPN Gateway |
Yes |
| Global VPN Client Platforms Supported |
Microsoft® Windows 2000, Windows XP, Microsoft® Vista 32-bit/64 bit, Windows 7 |
| SSL VPN Platforms Supported |
Microsoft® Windows 2000 / XP / Vista 32/64-bit / Windows 7, Mac 10.4+, Linux FC 3+ / Ubuntu 7+ / OpenSUSE |
| Security Services |
| Deep Packet Inspection Signature Service |
Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention and Application Intelligence |
| Content Filtering Service (CFS) Premium
Edition |
(CFS) HTTP URL,HTTPS IP, keyword and content scanning ActiveX, Java Applet, and cookie blocking |
| Gateway-enforced Client Anti-Virus and
Anti-Spyware |
HTTP/S, SMTP, POP3, IMAP and FTP, Enforced McAfee™ Clients Email attachment blocking |
| Comprehensive Anti-Spam Service |
Yes |
| Application Intelligence |
Provides application level enforcement and bandwidth control, regulate Web traffic, email, email attaches
and file transfers, scan and restrict documents and files for key words and phrases |
| Networking |
| IP Address Assignment |
Static, (DHCP, PPPoE, L2TP and PPTP client),
Internal DHCP server, DHCP relay |
| NAT Modes |
1:1, 1:many, many:1, many:many, flexible
NAT (overlapping IPs), PAT, transparent
mode |
| VLAN Interfaces (802.1q) |
10 / 254 |
25 |
25 |
50 |
200 |
| Routing |
OSPF, RIPv1/v2, static routes, policy-based
routing, Multicast |
| QoS |
Bandwidth priority. maximum bandwidth, guaranteed
bandwidth, DSCP marking, 802.1p |
| IPv6 |
IPv6 Ready |
| Authentication |
XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix |
| Internal Database/Single Sign-on Users |
100/100 Users |
250/250 Users |
250/250 Users |
300/500 Users |
1,000/1,000 Users |
| VoIP |
Full H.323v1-5, SIP, gatekeeper support, outbound bandwidth management, VoIP over WLAN,
deep inspection security, full interoperability with most VoIP gateway and communications devices |
| System |
| Zone Security |
Yes |
| Schedules |
One Time, Recurring |
| Object-based/Group-based Management |
Yes |
| DDNS |
Yes |
| Management and Monitoring |
Web GUI (HTTP, HTTPS), Command Line (SSH,
Console), SNMP v2: Global management with
SonicWALL GMS |
| Logging and Reporting |
ViewPoint,® Local Log, Syslog, Solera Networks |
| High Availability |
Optional Active/Passive with State Sync** |
Optional Active/Passive with State Sync |
Active/Passive with State Sync |
| Load Balancing |
Yes, (Outgoing with percent-based, round
robin and spill-over) (Incoming with round
robin, random distribution, sticky IP, block
remap and symmetrical remap) |
| Standards |
TCP/IP, UDP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3 |
| Wireless Standards |
802.11 a/b/g/n, WPA2, WPA, TKIP, 802.1x, EAP-PEAP, EAP-TTLS |
| Hardware |
| Interfaces |
(3) GE Gigabit Ports+ (6) 10/100, 2 USB
Future Use, PC Card Slot (optional 3G/Analog
Modem), 1 Console Interface |
(16) 10/100, (10) 10/100/1000 Copper Gigabit Ports, 1 Console Interface, 2 USB, 2 Module Slots (For Future Use) |
(6) 10/100/1000 Copper Gigabit Ports, 1
Console Interface, 2 USB (future Use) |
| Memory (RAM) |
256 MB |
512 MB |
512 MB |
512 MB |
512 MB |
| Flash Memory |
32 MB Compact Flash |
512 MB Compact Flash |
| 3G Wireless/Modem7* |
With 3G USB Adapter Modem |
| Power Supply |
36W External |
Single 180W ATX Power Supply |
| Fans |
No Fan |
2 Fans |
| Power Input |
10-240V, 50-60Hz |
100-240Vac, 60-50Hz |
| Max Power Consumption |
15 W |
52 W |
42 W |
64 W |
66 W |
| Total Heat Dissipation |
51.1 BTU |
177 BTU |
144 BTU |
219 BTU |
225 BTU |
| Certifications |
VPNC, ICSA Firewall 4.1 |
EAL4+, FIPS 140-2 Level 2, VPNC, ICSA Firewall 4.1 |
| Certifications Pending |
EAL-4+, FIPS 140-2 |
- |
- |
| Form Factor |
Desktop |
1U rack-mountable |
| Dimensions |
7.125 x 1.5 x 10.5 in/18.10 x 3.81 x 26.67
cm |
17 x 13.25 x 1.75 in/
43.18 x 33.65 x 4.44 cm |
17 x10.25 x 1.75 in/
43.18 x 26 x 4.44 cm |
17 x 13.25 x 1.75 in/
43.18 x 33.65 x 4.44 cm |
| Weight: |
2.55 lbs
1.16 kg |
11.75 lbs
5.3 kg |
8.05 lbs
3.65 kg |
11.30 lbs
5.14 kg |
| WEEE Weight: |
3.15 lbs
1.43 kg |
12.25 lbs
5.6 kg |
8.05 lbs
3.65 kg |
11.30 lbs
5.14 kg |
| Major Regulatory |
FCC Class A, CES Class A, CE, C-Tick, VCCI,
Compliance MIC, UL, cUL, TUV/GS, CB, NOM,
RoHS, WEEE |
| Environment |
32-105° F, 0-40° C |
40-105° F, 5-40° C |
| MTBF |
TBD |
8.4 Years |
16.0 Years |
14.3 Years |
14.1 Years |
| Humidity |
0-95% non-condensing |
10-90% non-condensing |
Notes:
1 Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services.
2 UTM/Gateway AV/Anti-Spyware/IPS
throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs.
3 Actual maximum connection counts are
lower when UTM services are enabled.
4 Only with the NSA 240 Stateful HA and Expansion Upgrade.
5 VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544.
6 Supported on the NSA
3500 and higher.
7 Not available on NSA 2400. *USB 3G card and modem are not included. See http://www.sonicwall.com/us/products/cardsupport.html for supported USB devices.
|
SonicWALL
NSA Series Appliances
