Description
Defeating advanced threats requires an advanced firewall solution built for the needs of your business. The SonicWall Network Security appliance (NSa) Mid-Range Firewall is next-generation security designed specifically for businesses of 250 users and up. Work with the confidence of knowing you’re protected against the day-to-day incursions as well as against advanced threats like ransomware, attacks against non-standard ports, and breaches in firewalls, all at the speed of business.
With cloud-based and on-box capabilities like TLS/SSL decryption and inspection, application intelligence and control, secure SD-WAN, real-time visualization, and WLAN management, SonicWall provides flexible, fast and cost-effective security to keep the threats out and your business thriving.
SonicWall Generation 7 (Gen 7) Network Security Appliance (NSa) next-generation firewalls (NGFWs) offers medium- to large-sized enterprises industry-leading performance at the lowest total cost of ownership in their class.
With comprehensive security features such as intrusion prevention, VPN, application control, malware analysis, URL filtering and IP reputation services, it protects the perimeter from advanced threats without becoming a bottleneck.
The Gen 7 NSa Series has been built from the ground up with the latest hardware components, all designed to deliver multi-gigabit threat prevention throughput — even for encrypted traffic. Featuring a high port density including multiple 1 GbE and 10 GbE ports, the solution supports network and hardware redundancy with high availability, clustering and dual power supplies.
Generation 7 – SonicOS 7.0 and Security Services
The Gen 7 NSa Series runs on SonicOS 7.0, a new operating system built from the ground up to deliver a modern user interface, intuitive workflows and user-first design principles. SonicOS 7.0 provides multiple features designed to facilitate enterprise-level workflows. It offers easy policy configuration, zero-touch deployment and flexible management — all of which allow enterprises to improve both their security and operational efficiency
The Gen 7 NSa Series supports advanced networking features, such as SD-WAN, dynamic routing, layer 4-7 clustering and high-speed VPN functionality. In addition to integrating firewall and switch capabilities, the appliance provides a single-pane-of-glass interface to manage both switches and access points.
Built to mitigate the advanced cyberattacks of today and tomorrow, the Gen 7 NSa Series offers access to SonicWall’s advanced firewall security services, allowing you to protect your entire IT infrastructure. Solutions and services such as Cloud Application Security, Capture Advanced Threat Protection (ATP) cloud-based sandboxing, Real-Time Deep Memory Inspection (RTDMI™) and Reassembly-Free Deep Packet Inspection (RFDPI) — for all traffic including TLS 1.3 — offer comprehensive gateway protection from most stealthy and dangerous malware, including zero-day and encrypted threats.
Highlights
- 1 RU – Form Factor
- 16 x 1 GbE interfaces
- 3 x 10 GbE interfaces
- 2 Gbps Threat and Malware Analysis Throughput
- Enterprise Internet Edge Ready
- Latest Generation 7 SonicOS support
- Secure SD-WAN capability
- Intuitive single pane of glass management
- TLS 1.3 support
- Best-in-class price-performance
- Fast DPI performance
- Low TCO in its class
- High port density for easy networking
- SonicWall Switch, SonicWave Access Point and Capture Client integration
- Redundant power
Features:
- Blocks More Attacks with RTDMI™ – Real-Time Deep Memory Inspection (RTDMI™) proactively detects and blocks unknown malware via deep memory inspection in real time, a revolutionary approach to defend against zero-day and side-channel attacks and other unrecognized threats.
- Secure Remote Workers – SonicWall NetExtender provides an intuitive SSL-VPN connection client that’s easy to deploy and configure. Easily provide your remote workers with secure access to your corporate network from Linux, Mac and Windows devices.
- Secure SD-WAN Technology – Leave MPLS behind for a more agile, more secure and more cost-effective network optimized for today’s broadband-driven, cloud-infused landscape. Secure SD-WAN technology is built in to NSa firewalls, so there’s no need to purchase additional SD-WAN appliances and licenses.
- Built-in Wireless Controller – Implement high-speed wireless security by combining a NSa series next-generation firewall with a SonicWall SonicWave wireless access point. NSa series firewalls and SonicWave access points both feature 2.5 GbE ports that enable multi-gigabit wireless throughput offered in Wave 2 wireless technology.
- Low Total Cost of Ownership – Make a SonicWall NSa firewall the start of enterprise savings. From reduced costs through zero-touch deployment to enabling SD-WAN and delivering NetSecOPEN-verified threat block rates on par or better than competitors at a fraction of the cost, SonicWall NSa firewalls are security you can’t afford to be without.
- Cloud-based & On-Premises Centralized Management – Gain greater visibility into your enterprise even as it becomes more complex on- and off-prem. Tightly integrated into the SonicWall ecosystem, bring your firewalls into a single-pane-of-glass management, licensing, reporting and analytics
- High Performance and Port Density – Deploy next generation firewalls that are designed for mid-size and distributed enterprises to deliver much needed multi-gigabit threat prevention performance while providing high port density including 10 GbE ports for flexible network connectivity
Specifications
FIREWALL GENERAL | NSa 2700 SERIES | NSa 3700 SERIES | NSa 4700 SERIES | NSa 6700 SERIES |
---|---|---|---|---|
Operating system | SonicOS 7.0 | |||
Interfaces | 16x1GbE, 3x10G SFP+, 2 USB 3.0, 1 Console, 1 Management port | 24x1GbE, 6x10G SFP+, 4x5G SFP+, 2 USB 3.0, 1 Console, 1 Mgmt. port | 6 x 10G/5G/2.5G/1G (SFP+); 24 x 1GbE Cu 2 USB 3.0, 1 Console, 1 Management port | 2x40G; 8x25G, 4 x10G/5G/2.5/1G SFP+, 4 x 10G/5G/2.5G/1G (Cu); 16 x 1GbE (Cu) 2 USB 3.0, 1 Console, 1 Mgmt. port |
Storage | 64GB M.2 | 128GB M.2 | 128GB | 256GB M.2 |
Expansion | Storage Expansion Slot (Up to 256GB) | Storage Expansion Slot (Up to 256GB) | Storage Expansion Slot (Up to 1TB) | Storage Expansion Slot (Up to 1TB) |
VLAN interfaces | 256 | 256 | 512 | 512 |
Access points supported (maximum) | 32 | 32 | 512 | 512 |
FIREWALL/VPN PERFORMANCE | NSa 2700 | NSa 3700 | NSa 4700 | NSa 6700 |
Firewall inspection throughput1 | 5.2 Gbps | 5.5 Gbps | 18 Gbps | 36 Gbps |
Threat Prevention throughput2 | 3.0 Gbps | 3.5 Gbps | 9.5 Gbps | 19 Gbps |
Application inspection throughput2 | 3.6 Gbps | 4.2 Gbps | 11 Gbps | 20 Gbps |
IPS throughput2 | 3.4 Gbps | 3.8 Gbps | 10 Gbps | 20 Gbps |
Anti-malware inspection throughput2 | 2.9 Gbps | 3.5 Gbps | 9.5 Gbps | 18.5 Gbps |
TLS/SSL inspection and decryption throughput (DPI SSL)2 | 800 Mbps | 850 Mbps | 5 Gbps | 9 Gbps |
IPSec VPN throughput3 | 2.10 Gbps | 2.2 Gbps | 11 Gbps | 19 Gbps |
Connections per second | 21,500 | 22,500 | 115,000 | 153,000 |
Maximum connections (DPI) | 500,000 | 750,000 | 2,000,000 | 6,000,000 |
VPN | NSa 2700 | NSa 3700 | NSa 4700 | NSa 6700 |
Site-to-site VPN tunnels | 2,000 | 3,000 | 4,000 | 6,000 |
Encryption/authentication | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B Cryptography | |||
Key exchange | Diffie Hellman Groups 1, 2, 5, 14v | |||
Route-based VPN | RIP, OSPF, BGP | |||
VPN features | Dead Peer Detection, DHCP Over VPN, IPSec NAT Traversal, Redundant VPN Gateway, Route-based VPN | |||
Global VPN client platforms supported | Microsoft® Windows 10 | |||
NetExtender | Microsoft Windows 10, Linux | |||
Mobile Connect | Apple® iOS, Mac OS X, Google® Android™, Kindle Fire, Chrome OS, Windows 10 | |||
SECURITY SERVICES | NSa 2700 | NSa 3700 | NSa 4700 | NSa 6700 |
Deep Packet Inspection services | Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, DPI SSL | |||
Content Filtering Service (CFS) | HTTP URL, HTTPS IP, keyword and content scanning, Comprehensive filtering based on file types such as ActiveX, Java, Cookies for privacy, allow/forbid lists | |||
Comprehensive Anti-Spam Service | Supported | |||
Application Visualization | Yes | Yes | Yes | Yes |
Application Control | Yes | Yes | Yes | Yes |
Capture Advanced Threat Protection | Yes | Yes | Yes | Yes |
DNS Security | Yes | Yes | Yes | Yes |
NETWORKING | NSa 2700 | NSa 3700 | NSa 4700 | NSa 6700 |
IP address assignment | Static, (DHCP, PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP relay | |||
NAT modes | 1:1, 1:many, many:1, many:many, flexible NAT (overlapping IPs), PAT, transparent mode | |||
Routing protocols4 | BGP, OSPF, RIPv1/v2, static routes, policy-based routing | |||
QoS | Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1e (WMM) | |||
Authentication | LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC) | |||
VoIP | Full H.323v1-5, SIP | |||
Standards | TCP/IP, UDP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3 | |||
Certifications | FIPS 140-2 (with Suite B) Level 2, IPv6 (Phase 2), ICSA Network Firewall, ICSA Anti-virus, Common Criteria NDPP (Firewall and IPS) | |||
HARDWARE | NSa 2700 | NSa 3700 | NSa 4700 | NSa 6700 |
Form factor | 1U Rack Mountable | 1U Rack Mountable | 1U Rack Mountable | 1U Rack Mountable |
Power supply | 60W | 90W | 1x350W | 1x350W |
Maximum power consumption (W) | 21.5 | 36.3 | 135.8 | 139.2 |
Input power | 100-240 VAC, 50-60 Hz | |||
Total heat dissipation (BTU) | 73.32 BTU | 123.78 BTU | 463.1 BTU | 474.4 BTU |
Dimensions | 43 x 32.5 x 4.5 (cm) 16.9 x 12.8 x 1.8 in | 43 x 46.5 x 4.5 (cm) 16.9 x 18.1 x 1.8 in | ||
Weight | 4.0 kg / 8.8 lbs | 4.6 kg / 10.2 lbs | 7.8 Kg | 8.1 Kg |
WEEE weight | 4.2 kg / 9.3 lbs | 4.8 kg / 10.6 lbs | 9.6 Kg | 9.9 Kg |
Shipping weight | 6.4 kg / 14.1 lbs | 7 kg / 15.4 lbs | 13.5 Kg | 13.8 Kg |
Environment (Operating/Storage) | 32°-105° F (0°-40° C)/-40° to 158° F (-40° to 70° C) | |||
Humidity | 5-95% non-condensing | 0-90% R.H non-condensing | ||
REGULATORY | NSa 2700 | NSa 3700 | NSa 4700 | NSa 6700 |
Major regulatory compliance (wired models) | FCC Class B, FCC , ICES Class B, CE (EMC, LVD, RoHS), C-Tick, VCCI Class B, UL/cUL, TUV/ GS, CB, Mexico DGN notice by UL, WEEE, |