SonicWALL SuperMassive Series
Get uncompromising security, performance, speed, and visibility
Designed with leading-edge threat inspection technology and hardware processing power, SonicWall SuperMassive high end firewalls support today’s largest, most complex and demanding security use cases. With comprehensive security services including sandboxing, SSL inspection, intrusion prevention, anti-malware, application identification and content filtering, SuperMassive is the ideal next-generation high end firewall for securing large distributed enterprises and data centers.
SuperMassive Model Lineup:
The SuperMassive 9200 Next-Generation Firewall (NGFW) is designed to deliver deep security to your enterprise at multi-gigabit speeds.
The SuperMassive 9400 Next-Generation Firewall (NGFW) is designed to deliver deep security to your enterprise at multi-gigabit speeds.
The SuperMassive 9600 Next-Generation Firewall (NGFW) is designed to deliver deep security to your enterprise at multi-gigabit speeds.
The SuperMassive 9800 Next-Generation Firewall (NGFW) is designed to deliver deep security to your enterprise at multi-gigabit speeds.
High-Performance Network Security
- Protect against advanced threats and exploits in real-time
- Block evasive intrusions and attacks hiding in encrypted traffic
- Monitor and control of application traffic
- Centralize security management, analytics and reporting
- Thwart command and control communications and data exfiltration
Scale your security for data center modernization
Scale your security for data center modernization To enable the growing digital business, expectations for IT organizations to lead and deliver value, responsiveness and security has reached an all-time high. Innovative services plus increased data and capacity requirements compel IT leaders to address new operational challenges through data center modernization. SonicWall provides a network-based model for scaling network security to solve complex and demanding data center operations - all at a low cost.
Stop advanced threats with network security segments
Modern threats take advantage of all areas of your network to succeed. In order to stop advanced attacks, networks need to be divided into security segments to contain and mitigate threat propagation. However, defining logical segments is only part of the solution. Effective segmentation requires an integrated, dynamic network security approach to comprehensively enforce the integrity of each and every segment, and do so manageably and affordably.
|Memory (RAM)||8 GB||16 GB||32 GB||64 GB|
|Storage||8 GB||16 GB||32 GB||64 GB|
|Expansion||1 Expansion Slot (Rear)*, SD Card*|
|Management||CLI, SSH, GUI, GMS|
|Maximum SonicPoints supported||128||128||128||-|
|Logging||Analyzer, Local Log, Syslog|
|High availability||Active/Passive with State Sync, Active/Active DPI with State Sync|
|Firewall Inspection Throughput1||15 Gbps||20 Gbps||20 Gbps||28 Gbps|
|Full DPI Performance2 (GAV/GAS/IPS)||3 Gbps||4.4 Gbps||4.5 Gbps||9 Gbps|
|Application Inspection Throughput2||5 Gbps||10 Gbps||11.5 Gbps||20 Gbps|
|IPS Throughput2||5 Gbps||10 Gbps||11.5 Gbps||18 Gbps|
|Anti-Malware Inspection Throughput1||3.5 Gbps||4.5 Gbps||5 Gbps||9 Gbps|
|IMIX Performance||4.4 Gbps||5.5 Gbps||5.5 Gbps||6 Gbps|
|SSL inspection and decryption throughput (DPI SSL)2||1.0 Gbps||2.0 Gbps||2.0 Gbps||3 Gbps|
|VPN Throughput3||5 Gbps||10 Gbps||11.5 Gbps||14 Gbps|
|Maximum Connections (SPI)||5.0M||7.5M||10.0M||3.0M|
|Maximum Connections (DPI)||1.5M||1.5M||2.0M||2.5M|
|SSO User||8,000 (15,5006)||10,000 (17,5006)||12,000 (22,5006)||48,000|
|IPSec VPN Clients||2,000 (4,000)||2,000 (6,000)||2,000 (10,000)||2,000 (10,000)|
|SSL VPN NetExtender Clients (Maximum)||2 (3,000)||2 (3,000)||50 (3,000)||50 (50)|
|Encryption/Authentication||DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B, Common Access Card (CAC)|
|Key Exchange||Diffie Hellman Groups 1, 2, 5, 14v|
|Route-based VPN||RIP, OSPF|
|IP Address Assignement||Static, DHCP, PPPoE, L2TP and PPTP client, internal DHCP server, DHCP Relay4|
|NAT Modes||1:1, many:1, 1:many, flexible NAT (overlapping IPS), PAT, transparent mode|
|Routing Protocols||BGP, OSPF, RIPv1/v2, static routes, policy-based routing, multicast|
|QoS||Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p|
|Authentication||XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services5, Citrix5|
|VoIP||Full H323-v1-5, SIP|
|Standards||TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3|
|Certifications||UC APL4 , ICSA Enterprise Firewall, IPV6 Phase 2, VPNC, VPAT, FIPS 140-24 , Common Criteria NDPP4 , ICSA Anti-Virus4|
|Power Supply||Dual, redundant, hot swappable, 300 W||Dual, redundant, hot swappable, 500 W|
|Fans||Dual, redundant, hot swappable|
|Display||Front LED Display|
|Input Power||100-240 VAC, 60-50 Hz|
|Maximum Power Consumption (W)||200||200||200||350|
|MTBF @25ºC in hours||188,719||187,702||186,451||126,144|
|MTBF @25ºC in years||21.53||21.43||21.28||14.40|
|Form Factor||1U Rack Mountable||1U Rack Mountable||1U Rack Mountable||2U Rack Mountable|
|Weight||18.1 lb (8.2 kg)||18.1 lb (8.2 kg)||18.1 lb (8.2 kg)||40.5 lb (18.38 kg)|
|WEEE Weight||23 lb (10.4 kg)||23 lb (10.4 kg)||23 lb (10.4 kg)||49.5 lb (22.4 kg)|
|Shipping Weight||29.3 lb (13.3 kg)||29.3 lb (13.3 kg)||29.3 lb (13.3 kg)||65 lb (29.64 kg)|
|Major Regulatory||FCC Class A, CE (EMC, LVD, RoHS), C-Tick, VCCI Class A, MSIP/KCC Class A, UL, cUL, TUV/GS, CB, Mexico CoC by UL, WEEE , REACH, ANATEL, BSMI, CU|
|Environment||15-40 deg C|
1 Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services.
2 Full DPI/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs.
3 VPN throughput measured using UDP traffic at 1280 byte packet.
4 Applies to SuperMassive 9200, 9400 and 9600. SuperMassive 9800 UC APL certification is pending.
5 Supported on SonicOS 6.1 and 6.2.
6 For every 125,000 DPI connections reduced, the number of available DPI SSL connections increases by 750.
*Future use. All specifications, features and availability are subject to change.
Services & Add-Ons:
Advanced Gateway Security Suite (AGSS)
Leverage SonicWall Advanced Gateway Security Suite (AGSS) to deliver a multi-engine sandbox, powerful anti‐virus, anti‐spyware, intrusion prevention, content filtering, as well as application intelligence and control services. An upgrade over CGSS, this package features Capture Advanced Threat Protection (ATP), a multi-engine sandbox that runs and inspects suspicious files, programs and code in an isolated cloud-based environment.
Comprehensive Gateway Security Suite (CGSS)
Get the most from your deep packet inspection firewall with the SonicWall Comprehensive Security Suite (CGSS) subscription. CGSS includes gateway anti-virus, anti-spyware, intrusion prevention, application intelligence and control service, content/URL filtering and 24x7 support. Combine security, productivity and support in a single, bundled solution that lowers TCO.
Gateway Security Services
Enable your business firewall to provide real-time network threat prevention with SonicWall gateway anti-virus, anti-spyware, intrusion prevention and application intelligence and control. Block the latest blended threats — including viruses, spyware, worms, Trojans, software vulnerabilities and other malicious code. Guarantee bandwidth prioritization and ensure maximum network security and productivity with granular policies for both groups and users.
Capture Advanced Threat Protection
The cloud-based SonicWall Capture Advanced Threat Protection Service scans a broad range of files to detect advanced threats, analyzes them in a multi-engine sandbox, blocks them prior to a security verdict, and rapidly deploys remediation signatures. The result is higher security effectiveness, faster response times and a lower total cost of ownership.
Content Filtering Services
Gain a cost-effective, easy-to-manage way to enforce protection and productivity policies, and block inappropriate, unproductive and dangerous web content in educational, business or government environments. SonicWall Content Filtering Service lets you control access to websites based on rating, IP address, URL and more. You get the ideal combination of control and flexibility to ensure the highest levels of protection and productivity, which you can configure and control from your network security appliance, eliminating the need for a costly, dedicated filtering solution. Extend enforcement of your internal policies to devices located outside the firewall perimeter by blocking unwanted internet content with the content filtering client.
Content Filtering Client
Extend the enforcement of web policies in IT-issued devices outside the network perimeter. Although it doesn’t require a firewall, it can be optionally coupled with SonicWall Content Filtering Service as an ideal combination to keep students and employees off of dangerous or non-productive websites by switching to cloud-enforced policies even when they are using roaming devices.
Benefit from advanced technical assistance and ongoing software and firmware updates with SonicWall Dynamic Support. The service includes:
- Telephone and web-based support 24x7
- Direct access to highly-trained senior support engineers
- Advance exchange hardware replacement in the event of a failure
- Access to electronic support tools
TotalSecure Hardware & Services Bundle
Enjoy the convenience and affordability of deploying your firewall as a SonicWall TotalSecure solution. This combines the hardware and services needed for comprehensive network protection from viruses, spyware, worms, Trojans, key loggers and more — without the complexity of building your own security package.
Comprehensive Anti-Spam Service
Block threats from your email server and stop spam at the gateway by adding SonicWall Comprehensive Anti-Spam Service (CASS) to your SonicWall firewall. Rapidly deploy your spam firewall software with one-click activation of up to 250 users.
Enforced Client Anti-Virus and Anti-Spyware Software
Execute an innovative, multi-layered, anti-virus internet security strategy with SonicWall firewalls and Enforced Client Anti-Virus and Anti-Spyware software. You get SonicWall Reassembly-Free Deep Packet Inspection anti-malware at the gateway, and enforced anti-virus protection at the endpoints. You can redirect any user with a non-compliant endpoint to a web page to install the latest Enforced Client Anti-Virus and Anti-Spyware software. Provide automatically updated security definitions to the endpoint as soon as they become available. Plus, you can automate enforcement to minimize administrative overhead.
Download the SonicWALL SuperMassive Series Datasheet (.PDF)