SonicWall NSa Series: Advanced Network Security Appliances
Industry-validated security effectiveness and performance for mid-sized networks, distributed enterprises, and data centers.
Introduction
The SonicWall Network Security appliance (NSa) series provides organizations with advanced threat prevention in a high-performance security platform. Leveraging deep learning technologies in the SonicWall Capture Cloud Platform, the NSa series delivers automated real-time breach detection and prevention.
Cutting-Edge Threat Prevention with Superior Performance
Modern network threats are highly evasive. The NSa series integrates two advanced security technologies: patent-pending Real-Time Deep Memory Inspection (RTDMI™) and patented single-pass Reassembly-Free Deep Packet Inspection (RFDPI). RTDMI proactively detects and blocks zero-day threats and unknown malware by inspecting directly in memory. RFDPI examines every byte of every packet, inspecting both inbound and outbound traffic. Together, these technologies, along with cloud intelligence from the SonicWall Capture Cloud Platform, provide comprehensive protection, including full decryption and inspection of TLS/SSL and SSH encrypted connections, blocking insidious threats at the gateway.
Diagram Description: A comparison between a "Packet assembly-based process" and "SonicWall stream-based architecture" (RFDPI). The former involves packet disassembly and reassembly, potentially leading to bypassed scanning if buffers are full or content is too large. The latter is a single-pass, stream-based inspection that eliminates these limitations, showing multiple CPUs processing traffic concurrently for higher inspection capacity and lower latency.
Network Control and Flexibility
The NSa series runs on SonicOS, a feature-rich operating system offering application intelligence and control, real-time visualization, intrusion prevention (IPS), and high-speed virtual private networking (VPN). Administrators can identify and categorize applications, prioritize business-critical traffic, and segment networks using VLANs. The integrated wireless access controller, combined with SonicWave 802.11ac Wave 2 access points, creates a secure, high-speed wireless network solution.
Easy Deployment, Setup, and Ongoing Management
The NSa series integrates security, connectivity, and flexibility technologies into a single solution. It automatically detects and provisions SonicWave wireless access points and WAN Acceleration (WXA) series devices. Cloud-based centralized management, reporting, licensing, and analytics are handled through the SonicWall Capture Security Center, providing an intuitive dashboard for real-time network management. This simplifies deployment and management, lowering total cost of ownership and increasing return on investment.
Capture Cloud Platform
SonicWall's Capture Cloud Platform delivers cloud-based threat prevention, network management, reporting, and analytics. It consolidates threat intelligence from multiple sources, including the multi-engine network sandboxing service (Capture Advanced Threat Protection) and over a million SonicWall sensors globally. When new malicious code is detected, SonicWall's Capture Labs threat research team develops signatures deployed to customer firewalls for immediate protection without reboots. The platform provides continuous access to an expanded signature database, offering tens of millions of signatures.
Diagram Description: The Capture Cloud Platform workflow shows data files (streaming data, PDF, email, data file) being processed by an Endpoint. This data is fed into a Machine Learning engine with Deep Learning Algorithms, which analyzes it using RTDMI, Virtualization, Emulation, and Hypervisor analysis. The output is classified malware (e.g., Ransomware, Trojan) or unknown threats. This is sent to the Cloud Capture Sandbox for analysis, resulting in a verdict (Block, Send, or Good). The process aims to block malicious files before they enter the network.
Key Features and Technologies
RFDPI Engine
- Reassembly-Free Deep Packet Inspection (RFDPI): Stream-based, bi-directional traffic analysis at high speed without proxying or buffering.
- Bi-directional inspection: Scans inbound and outbound traffic simultaneously.
- Stream-based inspection: Proxy-less, non-buffering technology for ultra-low latency DPI.
- Highly parallel and scalable: Utilizes multi-core architecture for high throughput.
- Single-pass inspection: Scans for malware, intrusions, and application identification simultaneously.
Firewall and Networking
- REST APIs: For integrating threat intelligence feeds.
- Stateful packet inspection: Inspects and analyzes all network traffic.
- High availability/clustering: Supports Active/Passive and Active/Active modes.
- DDoS/DoS attack protection: SYN flood, UDP/ICMP flood, and connection rate limiting.
- IPv6 support: Filtering and wire mode implementations.
- Flexible deployment: NAT, Layer 2 bridge, wire, and network tap modes.
- WAN load balancing: For multiple WAN interfaces.
- Advanced QoS: For critical communications.
- H.323 gatekeeper and SIP proxy support: For VoIP security.
- Dell N-Series and X-Series switch management: Integrated management.
- Biometric authentication: For secure network access.
- Open authentication and social login: For guest access.
Management and Reporting
- Cloud-based and on-premises management: Via Capture Security Center or Global Management System (GMS).
- Powerful single device management: Intuitive web interface and CLI.
- IPFIX/NetFlow application flow reporting: For traffic analytics.
Virtual Private Networking (VPN)
- Auto-provision VPN: Simplifies site-to-site VPN deployment.
- IPSec VPN: For site-to-site connectivity.
- SSL VPN or IPSec client remote access: For secure access from various platforms.
- Redundant VPN gateway: For seamless failover.
- Route-based VPN: Ensures continuous uptime.
Encrypted Threat Prevention
- TLS/SSL decryption and inspection: Decrypts and inspects encrypted traffic for threats.
- SSH inspection: Deep packet inspection of SSH tunnels.
Intrusion Prevention
- Countermeasure-based protection: Leverages signatures for vulnerabilities.
- Automatic signature updates: Continuous research and deployment.
- Intra-zone IPS protection: Segments network to prevent threat propagation.
- Botnet command and control (CnC) detection and blocking: Identifies and blocks botnet traffic.
- Protocol abuse/anomaly: Blocks attacks that abuse protocols.
- Zero-day protection: Constant updates against exploit methods.
- Anti-evasion technology: Stream normalization and decoding.
Threat Prevention
- Gateway anti-malware: Scans all traffic for viruses, Trojans, etc.
- Capture Cloud malware protection: Leverages cloud signature database.
- Around-the-clock security updates: Automatic and immediate.
- Bi-directional raw TCP inspection: Scans raw TCP streams on any port.
- Extensive protocol support: Decodes payloads for malware inspection.
Application Intelligence and Control
- Application control: Manages applications and features.
- Custom application identification: Creates custom signatures.
- Application bandwidth management: Allocates bandwidth.
- Granular control: Manages applications by schedule, user group, etc.
Content Filtering
- Inside/outside content filtering: Enforces policies and blocks objectionable content.
- Enforced Content Filtering Client: Extends policy enforcement to external devices.
- Granular controls: Blocks content by category, schedule, user.
- Web caching: Improves response time for visited sites.
Enforced Antivirus and Anti-spyware
- Multi-layered protection: Perimeter defense and endpoint protection.
- Automated enforcement: Ensures compliance with security software.
- Automated deployment: Machine-by-machine client installation.
- Next-generation antivirus: AI engine for threat detection and rollback.
- Spyware protection: Scans and blocks spyware.
SonicWall NSa Series Models and Specifications
The SonicWall NSa series offers a range of models designed for different network scales and performance needs, from mid-sized businesses to large enterprises and data centers.
NSa 2650
Delivers high-speed threat prevention for thousands of encrypted and unencrypted connections to mid-sized organizations and distributed enterprises.
Diagram Description: Front panel of NSa 2650 shows Console port, 4 x 2.5GbE SFP ports, 4 x 2.5GbE ports, 1GbE management, and Dual USB ports. Rear panel shows Expansion module and Dual fans.
| Feature | NSa 2650 |
|---|---|
| Firewall throughput | 3.0 Gbps |
| IPS throughput | 1.4 Gbps |
| Anti-malware throughput | 600 Mbps |
| Full DPI throughput | 600 Mbps |
| IMIX throughput | 700 Mbps |
| Maximum DPI connections | 500,000 |
| New connections/sec | 14,000/sec |
| Storage module | 16 GB |
NSa 3650
Ideal for branch office and small to medium-sized corporate environments concerned about throughput capacity and performance.
Diagram Description: Front panel of NSa 3650 shows Console port, 8 x 2.5GbE SFP ports, 12 x 1GbE ports, 1GbE management, and Dual USB ports. Rear panel shows Expansion bay for future use, Dual fans, Storage module, and Power supply.
| Feature | NSa 3650 |
|---|---|
| Firewall throughput | 3.75 Gbps |
| IPS throughput | 1.8 Gbps |
| Anti-malware throughput | 800 Mbps |
| Full DPI throughput | 730 Mbps |
| IMIX throughput | 900 Mbps |
| Maximum DPI connections | 750,000 |
| New connections/sec | 14,000/sec |
| Storage module | 32 GB |
NSa 4650
Secures growing medium-sized organizations and branch office locations with enterprise-class features and uncompromising performance.
Diagram Description: Front panel of NSa 4650 shows Console port, 2 x 10GbE SFP+ ports, 4 x 2.5GbE SFP ports, 16 x 1GbE ports, 1GbE management, and Dual USB ports. Rear panel shows Expansion bay for future use, Triple fans, Storage module, and Dual power supplies.
| Feature | NSa 4650 |
|---|---|
| Firewall throughput | 6.0 Gbps |
| IPS throughput | 2.3 Gbps |
| Anti-malware throughput | 1.25 Gbps |
| Full DPI throughput | 1.2 Gbps |
| IMIX throughput | 1.3 Gbps |
| Maximum DPI connections | 1,000,000 |
| New connections/sec | 40,000/sec |
| Storage module | 32 GB |
NSa 5650
Ideal for distributed, branch office and corporate environments needing significant throughput and high port density.
Diagram Description: Front panel of NSa 5650 shows Console port, 2 x 10GbE SFP+ ports, 4 x 2.5GbE ports, 16 x 1GbE ports, 1GbE management, and Dual USB ports. Rear panel shows Expansion bay for future use, Triple fans, Storage module, and Dual power supplies.
| Feature | NSa 5650 |
|---|---|
| Firewall throughput | 6.25 Gbps |
| IPS throughput | 3.4 Gbps |
| Anti-malware throughput | 1.7 Gbps |
| Full DPI throughput | 1.7 Gbps |
| IMIX throughput | 1.45 Gbps |
| Maximum DPI connections | 1,500,000 |
| New connections/sec | 40,000/sec |
| Storage module | 64 GB |
NSa 6650
Ideal for large distributed and corporate central site sites requiring high throughput capacity and performance.
Diagram Description: Front panel of NSa 6650 shows Console port, 6 x 10GbE SFP+ ports, 2 x 10GbE ports, 4 x 2.5GbE SFP ports, 8 x 1GbE ports, 1GbE management, and Dual USB ports. Rear panel shows Expansion bay for future use, Triple fans, Storage module, and Dual power supplies.
| Feature | NSa 6650 |
|---|---|
| Firewall throughput | 12.0 Gbps |
| IPS throughput | 6.0 Gbps |
| Anti-malware throughput | 3.5 Gbps |
| Full DPI throughput | 3.1 Gbps |
| IMIX throughput | 2.65 Gbps |
| Maximum DPI connections | 2,000,000 |
| New connections/sec | 90,000/sec |
| Storage module | 64 GB |
NSa 9250/9450/9650 Series
Provide distributed enterprises and data centers with scalable, deep security at multi-gigabit speeds.
Diagram Description: Front panel of NSa 9250/9450/9650 series shows Console port, 10 x 10GbE SFP+ ports, 2 x 10GbE ports, 8 x 2.5GbE SFP ports, 8 x 1GbE ports, 1GbE management, LCD display, LCD controls, and 1GB USB ports. Rear panel shows Expansion bay for future use, Triple fans, Storage module, and Dual power supplies.
| Feature | NSa 9250 | NSa 9450 | NSa 9650 |
|---|---|---|---|
| Firewall throughput | 12.0 Gbps | 17.1 Gbps | 17.1 Gbps |
| IPS throughput | 7.2 Gbps | 10.2 Gbps | 10.3 Gbps |
| Anti-malware throughput | 3.7 Gbps | 5.0 Gbps | 5.5 Gbps |
| Full DPI throughput | 3.3 Gbps | 5.0 Gbps | 5.5 Gbps |
| IMIX throughput | 2.65 Gbps | 4.1 Gbps | 4.1 Gbps |
| Maximum DPI connections | 3,000,000 | 4,000,000 | 5,000,000 |
| New connections/sec | 90,000/sec | 130,000/sec | 130,000/sec |
| Storage module | 128 GB | 128 GB | 256 GB |
Ordering Information
SonicWall offers various bundles and services for the NSa series, including TotalSecure Advanced Edition, Advanced Gateway Security Suite, Capture Advanced Threat Protection, Threat Prevention, Content Filtering Service, Capture Client, and 24x7 Support. Specific SKUs are available for each model and service combination.
Example for NSa 2650:
- NSa 2650 TotalSecure Advanced Edition (1-year): 01-SSC-1988
- Advanced Gateway Security Suite – Capture ATP, Threat Prevention, Content Filtering and 24x7 Support for NSa 2650 (1-year): 01-SSC-1783
- Capture Advanced Threat Protection for NSa 2650 (1-year): 01-SSC-1935
- Threat Prevention – Intrusion Prevention, Gateway Anti-Virus, Gateway Anti-Spyware, Cloud Anti-Virus for NSa 2650 (1-year): 01-SSC-1976
- 24x7 Support for NSa 2650 (1-year): 01-SSC-1541
- Content Filtering Service for NSa 2650 (1-year): 01-SSC-1970
- Capture Client: Based on user count
- Comprehensive Anti-Spam Service for NSa 2650 (1-year): 01-SSC-2001
Modules and accessories such as SFP+ modules and twinax cables are also available.
About SonicWall
SonicWall has been fighting the cyber-criminal industry for over 26 years, defending small, medium-sized businesses, and enterprises worldwide. Their combination of products and partners provides a real-time cyber defense solution tuned to the specific needs of businesses in over 150 countries.
