3 FIREWALL GENERAL NSa 2700 Operating system SonicOS 7.0 Interfaces 16x1GbE, 3x10G SFP , 2 USB 3.0, 1 Console, 1 Management port Storage 64GB M.2 Expansion Storage Expansion Slot (Up to 256GB)
Hypervisor level analysis. • Full system emulation. • Broad file type examination. • Automated and manual submission. • Real-time threat intelligence updates.
The SonicWall Network Security
SonicWall NSa 2700 The SonicWall Network Security Appliance (NSa) 2700 nextgeneration firewall (NGFW) offers medium- to large-sized enterprises industry-leading performance at the lowest total cost of ownership in its class. With comprehensive security features such as intrusion prevention, VPN, application control, malware analysis, URL filtering and IP reputation services, it protects the perimeter from advanced threats without becoming a bottleneck. The NSa 2700 has been built from the ground up with the latest hardware components, all designed to deliver multi-gigabit threat prevention throughput -- even for encrypted traffic. Featuring a high port density (including 16 x 1GbE ports and three x 10 GbE ports), the solution supports network and hardware redundancy with high availability, clustering and dual power supplies. Generation 7 SonicOS 7.0 and Security Services The SonicWall NSa 2700 runs on SonicOS 7.0, a new operating system built from the ground up to deliver a modern user interface, intuitive workflows and user-first design principles. SonicOS 7.0 provides multiple features designed to facilitate enterprise-level workflows. It offers easy policy configuration, zero-touch deployment and flexible management -- all of which allow enterprises to improve both their security and operational efficiency. The NSa 2700 supports advanced networking features, such as SD-WAN, dynamic routing, layer 4-7 clustering and high-speed VPN functionality. In addition to integrating firewall and switch capabilities, the appliance provides a single-paneof-glass interface to manage both switches and access points. Built to mitigate the advanced cyberattacks of today and tomorrow, the NSa 2700 offers access to SonicWall's premier advanced firewall security services, allowing you to protect your entire security infrastructure. Solutions and services such as Cloud Application Security, Capture Advanced Threat Protection (ATP) cloud-based sandboxing, Real-Time Deep Memory Inspection (RTDMITM) and Reassembly-Free Deep Packet Inspection (RFDPI) -- along with Deep Packet Inspection (DPI) for all traffic including TLS 1.3 -- offer comprehensive gateway protection from most stealthy and dangerous malware, including zeroday and encrypted threats. Highlights: · 1 RU Form Factor · 16 x 1 GbE interfaces · 3 x 10 GbE interfaces · 2 Gbps Threat and Malware Analysis Throughput · Enterprise Internet Edge Ready · Latest Generation 7 SonicOS support · Secure SD-WAN capability · Intuitive single pane of glass management · TLS 1.3 support · Best-in-class price-performance · Fast DPI performance · Low TCO in its class · High port density for easy networking · SonicWall Switch, SonicWave Access Point and Capture Client integration · Redundant power Deployments SonicWall NSa 2700 has two main deployment options for medium and distributed enterprises: Internet Edge Deployment In this standard deployment option, SonicWall NSa 2700 protects private networks from malicious traffic coming from the internet, allowing you to: · Deploy a proven NGFW solution with highest performance and port density (including 10 GbE connectivity) in its class · Gain visibility and inspect encrypted traffic, including TLS 1.3, to block evasive threats coming from the Internet -- all without compromising performance · Protect your enterprise with integrated security, including malware analysis, cloud app security, URL filtering and reputation services · Save space and money with an integrated NGFW solution that includes advanced security and networking capabilities · Reduce complexity and maximize efficiency using a central management system delivered through an intuitive singlepane-of-glass user interface Service Provider Internet Edge Campus/Private Edge Network ISP Router Switch NGFW Switch Private Network DMZ Network Switch Medium and Distributed Enterprises The SonicWall NSa 2700 supports SD-WAN and can be centrally managed, making it an ideal fit for medium and distributed enterprises. This deployment allows organizations to: · Future-proof against an ever-changing threat landscape by investing in a NGFW with multi-gigabit threat analysis performance · Provide direct and secure internet access to distributed branch offices instead of back-hauling through corporate headquarters · Allow distributed branch offices to securely access internal resources in corporate headquarters or in a public cloud, significantly improving application latency · Automatically block threats that use encrypted protocols such as TLS 1.3, securing networks from the most advanced attacks. · Reduce complexity and maximize efficiency using a central management system delivered through an intuitive single pane of glass user interface · Leverage high port density that includes 10 GbE connectivity to support a distributed enterprise and wide area networks Guest Branch O ce Internal Resource Access SonicWall Next Generation Firewall Direct Internet Access Internet SD-WAN SD-WAN Enterprise Headquarters SonicWall Next Generation Firewall 2 Console 16 x 1-GbE Ports 1 GbE Mgmt Dual USB Ports 3 x 10-GbE SFP+ Ports SonicWall NSa 2700 specifications FIREWALL GENERAL Operating system Interfaces Storage Expansion VLAN interfaces Access points supported (maximum) Management Sign-On (SSO) Users FIREWALL/VPN PERFORMANCE Firewall inspection throughput1 Threat prevention throughput2 Application inspection throughput2 IPS throughput2 Anti-malware inspection throughput2 TLS/SSL inspection and decryption throughput (DPI SSL)2 IPSec VPN throughput3 Connections per second Maximum connections (DPI) Maximum connections (SPI) Maximum connections (DPI-SSL) VPN Site-to-site VPN tunnels IPSec VPN clients (maximum) SSL VPN licenses (maximum) Encryption/authentication Key exchange Route-based VPN Certificate support VPN features Global VPN client platforms supported NetExtender Mobile Connect NSa 2700 SonicOS 7.0 16x1GbE, 3x10G SFP+, 2 USB 3.0, 1 Console, 1 Management port 64GB M.2 Storage Expansion Slot (Up to 256GB) 256 256 Network Security Manager, CLI, SSH, Web UI, GMS, REST APIs 30,000 NSa 2700 5.5 Gbps 3.0 Gbps 3.6 Gbps 3.4 Gbps 2.9 Gbps 800 Mbps 2.10 Gbps 21,500 500,000 1,500,000 125,000 NSa 2700 2,000 50 (1000) 2 (500) DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B Cryptography Diffie Hellman Groups 1, 2, 5, 14v RIP, OSPF, BGP Verisign, Thawte, Cybertrust, RSA Keon, Entrust and Microsoft CA for SonicWall-to- SonicWall VPN, SCEP Dead Peer Detection, DHCP Over VPN, IPSec NAT Traversal, Redundant VPN Gateway, Route-based VPN Microsoft® Windows Vista 32/64-bit, Windows 7 32/64-bit, Windows 8.0 32/64-bit, Windows 8.1 32/64-bit, Windows 10 Microsoft Windows Vista 32/64-bit, Windows 7, Windows 8.0 32/64-bit, Windows 8.1 32/64-bit, Mac OS X 10.4+, Linux FC3+/Ubuntu 7+/OpenSUSE Apple® iOS, Mac OS X, Google® AndroidTM, Kindle Fire, Chrome, Windows 8.1 (Embedded) 3 SonicWall NSa 2700 specifications, continued SECURITY SERVICES Deep Packet Inspection services Content Filtering Service (CFS) Comprehensive Anti-Spam Service Application Visualization Application Control Capture Advanced Threat Protection NSa 2700 Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, DPI SSL HTTP URL, HTTPS IP, keyword and content scanning, Comprehensive filtering based on file types such as ActiveX, Java, Cookies for privacy, allow/forbid lists Supported Yes Yes Yes NETWORKING IP address assignment NAT modes Routing protocols QoS Authentication Local user database VoIP Standards Certifications pending Common Access Card (CAC) High availability HARDWARE Form factor Power supply Maximum power consumption (W) Input power Total heat dissipation Dimensions Weight WEEE weight Shipping weight Environment (Operating/Storage) Humidity REGULATORY Major regulatory compliance NSa 2700 Static (DHCP, PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP relay 1:1, 1:many, many:1, many:many, flexible NAT (overlapping IPs), PAT, transparent mode BGP4, OSPF, RIPv1/v2, static routes, policy-based routing Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1e (WMM) LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC) 250 Full H323-v1-5, SIP TCP/IP, UDP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3 FIPS 140-2 (with Suite B) Level 2, UC APL, VPNC, IPv6 (Phase 2), ICSA Network Firewall, ICSA Anti-virus, Common Criteria NDPP (Firewall and IPS) Supported Active/Active with stateful synchronization NSa 2700 1U Rack Mountable 60W 21.5 100-240 VAC, 50-60 Hz 73.32 BTU 43 x 32.5 x 4.5 (cm) 16.9 x 12.8 x 1.8 in 4.0 kg / 8.8 lbs 4.2 kg / 9.3 lbs 6.4 kg / 14.1 lbs 32°-105° F (0°-40° C)/-40° to 158° F (-40° to 70° C) 5-95% non-condensing NSa 2700 FCC Class A, CE (EMC, LVD, RoHS), C-Tick, VCCI Class A, MSIP/KCC Class A, UL, cUL, TUV/GS, CB, Mexico CoC by UL, WEEE , REACH, ANATEL, BSMI 1 Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services. 2 Threat Prevention/GatewayAV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs. Threat Prevention throughput measured with Gateway AV, Anti-Spyware, IPS and Application Control enabled.. 3 VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544. All specifications, features and availability are subject to change. 4 SonicOS 7.0 Feature Summary Firewall · Stateful packet inspection · Reassembly-Free Deep Packet Inspection · DDoS attack protection (UDP/ICMP/SYN flood) · IPv4/IPv6 support · Biometric authentication for remote access · DNS proxy · Full API support · SonicWall Switch integration · SD-WAN scalability · SD-WAN Usability Wizard1 · SonicCoreX and SonicOS containerization1 · Connections scalability (SPI, DPI, DPI SSL) Enhanced dashboard1 · Enhanced device view · Top traffic and user summary · Insights to threats · Notification center TLS/SSL/SSH decryption and inspection · TLS 1.3 with enhanced security1 · Deep packet inspection for TLS/SSL/SSH · Inclusion/exclusion of objects, groups or hostnames · SSL control · Enhancements for DPI-SSL with CFS · Granular DPI SSL controls per zone or rule Capture advanced threat protection2 · Real-Time Deep Memory Inspection · Cloud-based multi-engine analysis · Virtualized sandboxing · Hypervisor level analysis · Full system emulation · Broad file type examination · Automated and manual submission · Real-time threat intelligence updates · Block until verdict · Capture Client Intrusion prevention2 · Signature-based scanning · Automatic signature updates · Bi-directional inspection · Granular IPS rule capability · GeoIP enforcement · Botnet filtering with dynamic list · Regular expression matching Anti-malware2 · Stream-based malware scanning · Gateway anti-virus · Gateway anti-spyware · Bi-directional inspection · No file size limitation · Cloud malware database 1 New feature, available on SonicOS 7.0 2 Requires added subscription Application identification2 · Application control · Application bandwidth management · Custom application signature creation · Data leakage prevention · Application reporting over NetFlow/IPFIX · Comprehensive application signature database Traffic visualization and analytics · User activity · Application/bandwidth/threat usage · Cloud-based analytics HTTP/HTTPS Web content filtering2 · URL filtering · Proxy avoidance · Keyword blocking · Policy-based filtering (exclusion/inclusion) · HTTP header insertion · Bandwidth manage CFS rating categories · Unified policy model with app control · Content Filtering Client VPN · Secure SD-WAN · Auto-provision VPN · IPSec VPN for site-to-site connectivity · SSL VPN and IPSec client remote access · Redundant VPN gateway · Mobile Connect for iOS, Mac OS X, Windows, Chrome, Android and Kindle Fire · Route-based VPN (OSPF, RIP, BGP) Networking · PortShield · Jumbo frames · Path MTU discovery · Enhanced logging · VLAN trunking · Port mirroring (NSa 2650 and above) · Layer-2 QoS · Port security · Dynamic routing (RIP/OSPF/BGP) · SonicWall wireless controller · Policy-based routing (ToS/metric and ECMP) · NAT · DHCP server · Bandwidth management · A/P high availability with state sync · Inbound/outbound load balancing · High availability - Active/Standby with state sync · L2 bridge, wire/virtual wire mode, tap mode, NAT mode · Asymmetric routing · Common Access Card (CAC) support VoIP · Granular QoS control · Bandwidth management · DPI for VoIP traffic · H.323 gatekeeper and SIP proxy support Management, monitoring and support · Capture Security Appliance (CSa) support · Capture Threat Assessment (CTA) v2.0 · New design or template · Industry and global average comparison · New UI/UX, Intuitive feature layout1 · Dashboard · Device information, application, threats · Topology view · Simplified policy creation and management · Policy/Objects usage statistics1 · Used vs Un-used · Active vs Inactive · Global search for static data · Storage support1 · Internal and external storage management1 · WWAN USB card support (5G/LTE/4G/3G) · Network Security Manager (NSM) support · Web GUI · Command line interface (CLI) · Zero-Touch registration & provisioning · CSC Simple Reporting1 · SonicExpress mobile app support · SNMPv2/v3 · Centralized management and reporting with SonicWall Global Management System (GMS)2 · Logging · Netflow/IPFix exporting · Cloud-based configuration backup · BlueCoat security analytics platform · Application and bandwidth visualization · IPv4 and IPv6 management · CD management screen · Dell N-Series and X-Series switch management including cascaded switches Debugging and diagnostics · Enhanced packet monitoring · SSH terminal on UI Wireless · SonicWave AP cloud management · WIDS/WIPS · Rogue AP prevention · Fast roaming (802.11k/r/v) · 802.11s mesh networking · Auto-channel selection · RF spectrum analysis · Floor plan view · Topology view · Band steering · Beamforming · AirTime fairness · Bluetooth Low Energy · MiFi extender · RF enhancements and improvements · Guest cyclic quota 5 Product NSa 2700 with TotalSecure Essential Edition (1-year) NSa 2700 with Secure Upgrade Plus Essential Edition (3-year) NSa 2700 High Availability Services Essential Protection Service Suite - Capture ATP, Threat Prevention, Content Filtering, Anti-Spam and 24x7 Support for NSa 2700 (1-year) Advanced Protection Service Suite (1-year) Capture Advanced Threat Protection for NSa 2700 (1-year) Gateway Anti-Virus, Intrusion Prevention and Application Control (1-year) Content Filtering Service for NSa 2700 (1-year) Comprehensive Anti-Spam Service for NSa 2700 (1-year) 24x7 Support for NSa 2700 (1-year) Partner Enabled Services Need help to plan, deploy or optimize your SonicWall solution? SonicWall Advanced Services Partners are trained to provide you with world class professional services. Learn more at www.sonicwall.com/PES. SKU 02-SSC-7369 02-SSC-7370 02-SSC-7367 SKU 02-SSC-7346 02-SSC-6905 02-SSC-6911 02-SSC-6929 02-SSC-7358 02-SSC-7371 02-SSC-6899 About SonicWall SonicWall delivers Boundless Cybersecurity for the hyper-distributed era and a work reality where everyone is remote, mobile and unsecure. By knowing the unknown, providing real-time visibility and enabling breakthrough economics, SonicWall closes the cybersecurity business gap for enterprises, governments and SMBs worldwide. For more information, visit www.sonicwall.com. SonicWall, Inc. 1033 McCarthy Boulevard | Milpitas, CA 95035 Refer to our website for additional information. www.sonicwall.com © 2020 SonicWall Inc. ALL RIGHTS RESERVED. SonicWall is a trademark or registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their respective owners. Datasheet-NSa2700-US-COG-3702Adobe PDF Library 15.0