SonicWALL Network Security

Appliance (NSA) Series

Industry-validated security effectiveness and performance for
mid-sized networks

The Dell SonicWALL Network Security SonicWALL NGFWs provide a further

Appliance (NSA) series provides level of protection by decrypting
mid-sized networks, branch offices and inspecting SSL/TLS encrypted
and distributed enterprises with web traffic for hidden threats in real
advanced threat prevention in a time. With the continued growth of
high-performance security platform. encrypted web traffic, organizations
Combining next-generation firewall are effectively blind to an estimated
technology with our patented* one-third of their network traffic.
Reassembly-Free Deep Packet This makes SSL/TLS decryption and Benefits:
Inspection (RFDPI) engine on a inspection a critical component of any
Superior threat prevention and
multi-core architecture, the NSA series security solution.
performance
offers the security, performance and
control organizations require. When organizations activate deep • Patented reassembly-free deep
packet inspection functions such as packet inspection technology
Superior threat prevention intrusion prevention, anti-virus, anti- • On-box and cloud-based
and performance spyware, SSL decryption/inspection threat prevention
and others on their firewalls network
NSA series next-generation firewalls performance often slows down,
• SSL/TLS decryption and
(NGFWs) integrate a series of advanced inspection
sometimes dramatically. NSA series
security technologies to deliver a firewalls feature a multi-core hardware • Industry-validated security
superior level of threat prevention. architecture that utilizes specialized effectiveness
Our patented single-pass RFDPI security microprocessors. Combined • Multi-core hardware architecture
threat prevention engine examines with our RFDPI engine, this unique
every byte of every packet, inspecting • Dedicated in-house threat
design eliminates the performance research team
both inbound and outbound traffic degradation networks experience with
simultaneously. The NSA series other firewalls. Network control and flexibility
leverages on-box capabilities including
intrusion prevention, anti-malware and • Powerful SonicOS
In today’s security environment it’s not operating system
web/URL filtering in addition to cloud- enough to rely on solely on outside
based services such as CloudAV and parties for threat information. That’s • Application intelligence
Dell SonicWALL Capture multi-engine and control
why Dell SonicWALL formed its own
sandboxing to block zero-day threats in-house threat research team more • Network segmentation
at the gateway. Unlike other security than 15 years ago. This dedicated with VLANs
products that cannot inspect large files team gathers, analyzes and vets data • Wireless network security
for hidden threats, NSA firewalls scan from over one million sensors in its
files of any size across all ports and Global Response Intelligent Defense Easy deployment, setup and
protocols. The security architecture (GRID) network. Dell SonicWALL also ongoing management
in Dell SonicWALL NGFWs has been participates in industry collaboration • Tightly integrated solution
validated as one of the industry’s best efforts and engages with threat
for security effectiveness by NSS Labs • Centralized management
research communities to gather
which awarded Dell SonicWALL its and share samples of attacks and • Scalability through multiple
“Recommended” rating for the fourth vulnerabilities. This shared threat hardware platforms
consecutive year. intelligence is used to develop • Low total cost of ownership
real-time countermeasures that
Going beyond intrusion prevention, are automatically deployed to our
anti-malware and web filtering, Dell customers’ firewalls.

*U.S. Patents 7,310,815; 7,600,257; 7,738,380; 7,835,361; 7,991,723

Network control and flexibility For organizations that require key security, connectivity and
advanced flexibility in their network flexibility technologies into a single,
At the core of the NSA series is SonicOS,
design, SonicOS offers the tools to comprehensive solution. This includes
Dell SonicWALL’s feature-rich operating
securely segment the network through SonicPoint wireless access points and
system. SonicOS provides organizations
the use of virtual LANs (VLANs) which the Dell SonicWALL WAN Acceleration
with the network control and flexibility
enable network administrators to Appliance (WXA) series, both of
they require through application
create a virtual LAN interface that which are automatically detected
intelligence and control, real-time
allows for network separation into one and provisioned by the managing
visualization, an intrusion prevention
or more logical groups. Administrators NSA firewall. Consolidating multiple
system (IPS) featuring sophisticated
create rules that determine the level of capabilities eliminates the need to
anti-evasion technology, high-speed
communication with devices on purchase and install point products
virtual private networking (VPN) and
other VLANs. that don’t always work well together.
other robust security features.
This reduces the effort it takes to
Built into every NSA series firewall is a deploy the solution into the network
Using application intelligence and
wireless access controller that enables and configure it, saving both time
control, network administrators can
organizations to extend the network and money.
identify and categorize productive
perimeter securely through the use
applications from those that are
of wireless technology. Together, Dell Ongoing management and monitoring
unproductive or potentially dangerous,
SonicWALL firewalls and SonicPoint of network security are handled
and control that traffic through
802.11ac wireless access points create centrally through the firewall or
powerful application-level policies on
a wireless network security solution through the Dell SonicWALL Global
both a per-user and a per-group basis
that combines industry-leading next- Management System (GMS), providing
(along with schedules and exception
generation firewall technology with network administrators with a single
lists). Business-critical applications
high-speed wireless for enterprise-class pane of glass from which to manage all
can be prioritized and allocated
network security and performance aspects of the network. Together, the
more bandwidth while non-essential
across the wireless network. simplified deployment and setup along
applications are bandwidth-limited.
with the ease of management enable
Real-time monitoring and visualization
Easy deployment, setup and organizations to lower their total cost
provides a graphical representation
ongoing management of ownership and realize a high return
of applications, users and bandwidth
on investment.
usage for granular insight into traffic Like all Dell SonicWALL firewalls,
across the network. the NSA series tightly integrates

a ted S
c
ti n an SL
d
io
va s

de spec
anti-e phi

in
s

cry tion
IPS with so

Patented
ption

single pass
RFDPI
engine

e ti
N

al t w o
-

n
m

si
st

w a rk-b a s e d a s
re w a
ex it h c l o u d
n

ti o
N

t-g n
en e
e r at p r ev
i o n t h r e at
Network Security Appliance 2600 Network Security Appliance 3600/4600
The Dell SonicWALL NSA 2600 is designed to address the The Dell SonicWALL NSA 3600/4600 is ideal for branch
needs of growing small organizations, branch offices and office and small- to medium-sized corporate environments
school campuses. concerned about throughput capacity and performance.

Dual 8 x 1GbE Expansion Dual 2 x 10GbE 12 x 1GbE

USB ports ports module USB ports SFP+ ports ports

Console 1GbE Console 1GbE 4 x 1GbE

management management SFP ports

Expansion bay
Dual fans Power for future use Dual fans Power

Firewall NSA 2600 Firewall NSA 3600 NSA 4600

Firewall throughput 1.9 Gbps Firewall throughput 3.4 Gbps 6.0 Gbps
IPS throughput 700 Mbps IPS throughput 1.1 Gbps 2.0 Gbps
Anti-malware throughput 400 Mbps Anti-malware throughput 600 Mbps 1.1 Gbps
Full DPI throughput 300 Mbps Full DPI throughput 500 Mbps 800 Mbps
IMIX throughput 600 Mbps IMIX throughput 900 Mbps 1.6 Gbps
Maximum DPI connections 125,000 Maximum DPI connections 175,000 200,000
New connections/sec 15,000/sec New connections/sec 20,000/sec 40,000/sec
Description SKU Description NSA 3600 NSA 4600
NSA 2600 firewall only 01-SSC-3860 Firewall only 01-SSC-3850 01-SSC-3840
NSA 2600 TotalSecure (1-year) 01-SSC-3863 TotalSecure (1-year) 01-SSC-3853 01-SSC-3843
Network Security Appliance 5600 Network Security Appliance 6600
The Dell SonicWALL NSA 5600 is ideal for distributed, The Dell SonicWALL NSA 6600 is ideal for large distributed
branch office and corporate environments needing and corporate central site environments requiring high
significant throughput. throughput capacity and performance.

Dual 2 x 10GbE 12 x 1GbE Dual 4 x 10GbE 8 x 1GbE

USB ports SFP+ ports ports USB ports SFP+ ports ports

Console 1GbE 4 x 1GbE Console 1GbE 8 x 1GbE

management SFP ports management SFP ports

Dual hot
Expansion bay Expansion bay swappable
for future use Dual fans Power for future use fans Power

Firewall NSA 5600 Firewall NSA 6600

Firewall throughput 9.0 Gbps Firewall throughput 12.0 Gbps
IPS throughput 3.0 Gbps IPS throughput 4.5 Gbps
Anti-malware throughput 1.7 Gbps Anti-malware throughput 3.0 Gbps
Full DPI throughput 1.6 Gbps Full DPI throughput 3.0 Gbps
IMIX throughput 2.4 Gbps IMIX throughput 3.5 Gbps
Maximum DPI connections 375,000 Maximum DPI connections 500,000
New connections/sec 60,000/sec New connections/sec 90,000/sec
Description SKU Description SKU
NSA 5600 firewall only 01-SSC-3830 NSA 6600 firewall only 01-SSC-3820
NSA 5600 TotalSecure (1-year) 01-SSC-3833 NSA 6600 TotalSecure (1-year) 01-SSC-3823
Reassembly-Free Deep Packet seek to confuse detection engines and attack, or other “match” event, at which
Inspection engine sneak malicious code into the network. point a pre-set action is taken.
The Dell SonicWALL Reassembly-Free Once a packet undergoes the In most cases, the connection is
Deep Packet Inspection (RFDPI) engine necessary pre-processing, including terminated and proper logging
provides superior threat protection SSL decryption, it is analyzed against and notification events are created.
and application control without a single, proprietary memory However, the engine can also be
compromising performance. It relies representation of three signature configured for inspection only or,
on streaming traffic payload inspection databases: intrusion attacks, malware in case of application detection,
to detect threats at Layers 3-7, and and applications. The connection to provide Layer 7 bandwidth
takes network streams through state is then advanced to represent the management services for the
extensive and repeated normalization position of the stream relative to these remainder of the application stream as
and decryption in order to neutralize databases until it encounters a state of soon as the application is identified.
advanced evasion techniques that

Packet assembly-based process Packet reassembly-free process

Packet
Proxy Scanning disassembly
Traffic in Traffic out Traffic in Traffic out

When proxy
Inspection time becomes full or Inspection capacity Inspection time Inspection capacity
content too large,
Less More files bypass Min Max Less More Min Max
scanning Reassembly-free packet
scanning without proxy
or content size limitations

Competitive architecture Dell SonicWALL architecture

Flexible, customizable deployment NSA series as central-site gateway

options – NSA series at-a-glance HA data link
Stateful high availability

HF link
Every Dell SonicWALL NSA appliance
utilizes a breakthrough, multi-core Internet

hardware design and RFDPI for internal

and external network protection
without compromising network
Internet Internet
performance. The NSA series NGFWs Dual ISP failover Multi-WAN redundancy

combine high-speed intrusion

prevention, file and content inspection,
NSA series as in-line NGFW solution
and powerful application intelligence
and control with an extensive array
of advanced networking and flexible
configuration features. The NSA series Full L2-L7
signature-based
offers an affordable platform that is inspection
application
easy to deploy and manage in a wide Internet
awareness User zone Administrative Servers
variety of large, branch office and
distributed network environments.
Security and protection are designed to protect against wide
classes of attacks, covering tens of
The dedicated, in-house Dell
thousands of individual threats with a
SonicWALL Threat Research Team
single signature.
works on researching and developing
counter-measures to deploy to the In addition to the countermeasures
firewalls in the field for up-to-date on the appliance, NSA appliances also
protection. The team leverages more have access to the Dell SonicWALL
than one million sensors across the CloudAV Service, which extends Protection Collection
globe for malware samples, and for the onboard signature intelligence
telemetry feedback on the latest threat with over 30 million signatures. This Creation Classification
information, which in turn is fed into CloudAV database is accessed via a
the intrusion prevention, anti-malware proprietary, light-weight protocol by
and application detection capabilities. the firewall to augment the inspection
done on the appliance. With Geo-IP
Dell SonicWALL NGFW customers
and botnet filtering capabilities, Dell
benefit from continuously updated
SonicWALL NGFWs are able to block
threat protection around the clock, with
traffic from dangerous domains or
new updates taking effect immediately
entire geographies in order to reduce
without reboots or interruptions. The
the risk profile of the network.
signatures resident on the appliances

Application intelligence
and control
Application intelligence informs
administrators of application traffic
traversing their network, so they can
schedule application controls based on
business priority, throttle unproductive
applications and block potentially
dangerous applications. Real-time
visualization identifies traffic anomalies
as they happen, enabling immediate
countermeasures against potential
inbound or outbound attacks or
performance bottlenecks.

Dell SonicWALL Application Traffic

Analytics provide granular insight into
application traffic, bandwidth utilization
and security threats, as well as
powerful troubleshooting and forensics
capabilities. Additionally, secure Single
Sign-On (SSO) capabilities ease the
user experience, increase productivity
and reduce support calls.

The Dell SonicWALL Global

Management System (GMS®)
simplifies management of application
intelligence and control using an
intuitive, web-based interface.
Features

RFDPI engine
Feature Description
This high-performance, proprietary and patented inspection engine performs stream-
Reassembly-Free Deep Packet
based bi-directional traffic analysis, without proxying or buffering, to uncover intrusion
Inspection (RFDPI)
attempts, malware and identify application traffic regardless of port.
Scans for threats in both inbound and outbound traffic simultaneously to ensure that the
Bi-directional inspection network is not used to distribute malware, and does not become a launch platform for
attacks in case an infected machine is brought inside.
Proxy-less and non-buffering inspection technology provides ultra-low latency performance
Stream-based inspection for DPI of millions of simultaneous network streams without introducing file and stream size
limitations, and can be applied on common protocols as well as raw TCP streams.
The unique design of the RFDPI engine works with the multi-core architecture to provide
Highly parallel and scalable high DPI throughput and extremely high new session establishment rates to deal with
traffic spikes in demanding networks.
A single-pass DPI architecture simultaneously scans for malware, intrusions and
Single-pass inspection application identification, drastically reducing DPI latency and ensuring that all threat
information is correlated in a single architecture.
Capture ATP
Feature Description
The multi-engine sandbox platform, which includes virtualized sandboxing, full system
Multi-engine sandboxing emulation and hypervisor level analysis technology, executes suspicious code and
analyzes behavior, providing comprehensive visibility into malicious activity.
Analyzes a broad range of file types including executable programs (PE), DLL, PDFs, MS
Broad file type and size analysis Office documents, archives, JAR, and APK plus multiple operating systems (Windows,
Android, Mac OS X) and multi-browser environments.
When a file is identified as malicious, a signature is immediately deployed to firewalls
Rapid deployment of signatures with an active SonicWALL Capture subscription as well as GRID Gateway Anti-virus and
IPS signature databases plus URL, IP and domain reputation databases within 48 hours.
To prevent potentially malicious files from entering the network, files sent to the cloud
Block until verdict
for analysis can be held at the gateway until a verdict is determined.
Intrusion prevention
Feature Description
Tightly integrated intrusion prevention system (IPS) leverages signatures and other
Countermeasure-based protection countermeasures to scan packet payloads for vulnerabilities and exploits, covering a
broad spectrum of attacks and vulnerabilities.
The Dell SonicWALL Threat Research Team continuously researches and deploys updates
Automatic signature updates to an extensive list of IPS countermeasures that covers more than 50 attack categories. The
new updates take immediate effect without any reboot or service interruption required.
Bolsters internal security by segmenting the network into multiple security zones with
Intra-zone IPS protection
intrusion prevention, preventing threats from propagating across the zone boundaries.
Botnet command and control (CnC) Identifies and blocks command and control traffic originating from bots on the local network
detection and blocking to IPs and domains that are identified as propagating malware or are known CnC points.
Protocol abuse/anomaly detection
Identifies and blocks attacks that abuse protocols in an attempt to sneak past the IPS.
and prevention
Protects the network against zero-day attacks with constant updates against the latest
Zero-day protection
exploit methods and techniques that cover thousands of individual exploits.
Extensive stream normalization, decoding and other techniques ensure that threats do
Anti-evasion technology
not enter the network undetected by utilizing evasion techniques in Layers 2-7.
Threat prevention
Feature Description
The Dell SonicWALL RFDPI engine scans all inbound, outbound and intra-zone traffic
Network-based malware protection for viruses, Trojans, key loggers and other malware in files of unlimited length and size
across all ports and TCP streams.
A continuously updated database of over 30 million threat signatures resides in the Dell
CloudAV malware protection SonicWALL cloud servers and is referenced to augment the capabilities of the onboard
signature database, providing RFDPI with extensive coverage of threats.
Dell SonicWALL Capture Advance Threat Protection Service uses cloud-based, multi-
engine sandboxing, including full system emulation, virtualization and hypervisor level
Cloud-based sandboxing
techniques, to analyze suspicious files, detect malicious behavior and block unknown
and zero-day attacks at the gateway.
The Dell SonicWALL Threat Research Team analyzes new threats and releases
countermeasures 24 hours a day, 7 days a week. New threat updates are automatically
Around-the-clock security updates
pushed to firewalls in the field with active security services, and take effect immediately
without reboots or interruptions.
Decrypts and inspects SSL traffic on the fly, without proxying, for malware, intrusions
SSL decryption and inspection and data leakage, and applies application, URL and content control policies in order to
protect against threats hidden in SSL encrypted traffic.
The RFDPI engine is capable of scanning raw TCP streams on any port bi-directionally,
Bi-directional raw TCP inspection preventing attacks that try to sneak by outdated security systems that focus on securing
a few well-known ports.
Identifies common protocols such as HTTP/S, FTP, SMTP, SMBv1/v2 and others, which do
Extensive protocol support not send data in raw TCP, and decodes payloads for malware inspection, even if they do
not run on standard, well-known ports.
Automatically detect non-compliant endpoint machines and install the Dell Anti-Virus
Enforced Anti-Virus and and Anti-Spyware software* machine-by-machine across the network regardless
Anti-Spyware Client software of whether devices are inside the corporate network or outside connected via VPN.
Windows only.
*Requires the Dell SonicWALL Anti-Virus and Anti-Spyware Client software

Application intelligence and control

Feature Description
Controls applications, or individual application features, which are identified by the RFDPI
Application control engine against a continuously expanding database of over 3,500 application signatures,
to increase network security and enhance network productivity.
Controls custom applications by creating signatures based on specific parameters or
Custom application identification patterns unique to an application in its network communications, in order to gain further
control over the network.
Granularly allocate and regulate available bandwidth for critical applications or
Application bandwidth management
application categories while inhibiting nonessential application traffic.
Identifies bandwidth utilization and analyzes network behavior with real-time, on-box
On-box/off-box traffic visualization
application traffic visualization and off-box application traffic reporting via NetFlow/IPFix.
Controls applications, or specific components of an application, based on schedules,
Granular control user groups, exclusion lists and a range of actions with full SSO user identification
through LDAP/AD/Terminal Services/Citrix integration.
Content filtering
Feature Description
Enforce acceptable use policies and block access to websites containing information or
images that are objectionable or unproductive with Content Filtering Service. Extend policy
Inside/Outside content filtering
enforcement to block internet content for devices located outside the firewall perimeter
with the Content Filtering Client.

Block content using the predefined categories or any combination of categories. Filtering
Granular controls can be scheduled by time of day, such as during school or business hours, and applied to
individual users or groups.

All requested web sites are cross-referenced against a dynamically updated database in
Dynamic rating architecture
the cloud categorizing millions of URLs, IP addresses and domains in real time.

URL ratings are cached locally on the Dell SonicWALL firewall so that the response time
Web caching
for subsequent access to frequently visited sites is only a fraction of a second.

Enforced anti-virus and anti-spyware

Feature Description
A firewall’s gateway anti-virus solution provides the first layer of defense at the perimeter,
however viruses can still enter the network through laptops, thumb drives and other
Multi-layered protection
unprotected systems. Utilize a layered approach to anti-virus and anti-spyware
protection to extend to both client and server.

Ensure every computer accessing the network has the most recent version of anti-
Automated enforcement virus and anti-spyware signatures installed and active, eliminating the costs commonly
associated with desktop anti-virus and anti-spyware management.

Automated deployment and Machine-by-machine deployment and installation of anti-virus and anti-spyware clients
installation is automatic across the network, minimizing administrative overhead.

Always on, automatic virus Frequent anti-virus and anti-spyware updates are delivered transparently to all desktops
protection and file servers to improve end user productivity and decrease security management.

Powerful spyware protection scans and blocks the installation of a comprehensive array
Spyware protection of spyware programs on desktops and laptops before they transmit confidential data,
providing greater desktop security and performance.

Firewall and networking

Feature Description

All network traffic is inspected, analyzed and brought into compliance with firewall
Stateful Packet Inspection
access policies.

SYN Flood protection provides a defense against DOS attacks using both Layer 3 SYN proxy
DDoS/DoS attack protection and Layer 2 SYN blacklisting technologies. Additionally, it provides the ability to protect
against DOS/DDoS through UDP/ICMP flood protection and connection rate limiting.

The NSA series can be deployed in traditional NAT, Layer 2 Bridge, Wire Mode and
Flexible deployment options
Network Tap modes.

The NSA series supports IPv6, the internet protocol that increases the number of available
IPv6 support IP addresses. NSA series firewalls have achieved IPv6 Ready Phase 1/2 as well as ICSA Labs
enterprise certification which includes IPv6 testing.
Firewall and networking con't
Feature Description
The NSA series supports Active/Passive with state synchronization, Active/Active DPI
High availability/clustering and Active/Active Clustering high availability modes. Active/Active DPI offloads the Deep
Packet Inspection load to cores on the passive appliance to boost throughput.
Load balances multiple WAN interfaces using Round Robin, Spillover or Percentage-
WAN load balancing
based methods.
Creates routes based on protocol to direct traffic to a preferred WAN connection with the
Policy-based routing
ability to fail back to a secondary WAN in the event of an outage.
Guarantees critical communications with 802.1p and DSCP tagging, and remapping of
Advanced QoS
VoIP traffic on the network.
H.323 gatekeeper and SIP Blocks spam calls by requiring that all incoming calls are authorized and authenticated by
proxy support H.323 gatekeeper or SIP proxy.
Management and reporting
Feature Description
The Dell SonicWALL GMS monitors, configures and reports on multiple Dell SonicWALL
Global Management System appliances through a single management console with an intuitive interface to reduce
management costs and complexity.
An intuitive, web-based interface allows quick and convenient configuration in addition
Powerful, single device management
to a comprehensive CLI and support for SNMPv2/3.
Exports application traffic analytics and usage data for real-time and historical
Application flow reporting
monitoring and reporting with tools such as Dell SonicWALL GMS or Analyzer.
Virtual Private Networking
Feature Description
IPSec VPN for site-to-site High-performance IPSec VPN allows the NSA series to act as a VPN concentrator for
connectivity thousands of other large sites, branch offices or home offices.
SSL VPN and IPSec client Utilizes clientless SSL VPN technology or an easy-to-manage IPSec client for easy access
remote access to email, files, computers, intranet sites and applications from a variety of platforms.
When using multiple WANs, a primary and secondary VPN can be configured to allow
Redundant VPN gateway
seamless automatic failover and failback of all VPN sessions.
The ability to perform dynamic routing over VPN links ensures continuous uptime in
Route-based VPN the event of a temporary VPN tunnel failure, by seamlessly re-routing traffic between
endpoints through alternate routes.
Content/context awareness
Feature Description
User identification and activity are made available through seamless AD/LDAP/Citrix/Terminal
User activity tracking
Services SSO integration combined with extensive information obtained through DPI.
Identifies and controls network traffic going to or coming from specific countries to
GeoIP country traffic identification either protect against attacks from known or suspected origins of threat activity, or to
investigate suspicious traffic originating from the network.
Prevents data leakage by identifying and controlling content crossing the network
Regular Expression DPI filtering
through regular expression matching.
 SonicOS feature summary

Firewall Web content filtering VoIP

• Reassembly-Free Deep Packet • URL filtering • Granular QoS control
Inspection • Anti-proxy technology • Bandwidth management
• Deep packet inspection for SSL • Keyword blocking • DPI for VoIP traffic
• Stateful packet inspection • Bandwidth manage CFS rating • H.323 gatekeeper and SIP proxy
• Stealth mode categories support
• Common Access Card (CAC) support • Unified policy model with app control
• DOS attack protection • 56 content filtering categories Management and monitoring
• UDP/ICMP/SYN flood protection • Content Filtering Client • Web GUI
• SSL decryption and inspection • Command line interface (CLI)
• IPv6 security VPN • SNMPv2/v3
• IPSec VPN for site-to-site connectivity • Centralized management and
Intrusion prevention • SSL VPN and IPSec client remote reporting
• Signature-based scanning access • Logging
• Automatic signature updates • Redundant VPN gateway • Netflow/IPFix exporting
• Bidirectional inspection engine • Mobile Connect for iOS, Mac OS X, • App traffic visualization
• Granular IPS rule capability Windows, Chrome, Android and • Centralized policy management
• GeoIP and reputation-based filtering Kindle Fire • Single Sign-On (SSO)
• Regular expression matching • Route-based VPN (OSPF, RIP) • Terminal service/Citrix support
• BlueCoat Security Analytics Platform
Anti-malware Networking
• Application and bandwidth
• Stream-based malware scanning • Jumbo frames
visualization
• Gateway anti-virus • Layer-2 network discovery
• IPv4 and IPv6 Management
• Gateway anti-spyware • IPv6
• Bi-directional inspection • Path MTU discovery
IPv6
• No file size limitation • Enhanced logging • IPv6 filtering
• Cloud malware database • VLAN trunking • 6rd (rapid deployment)
• RSTP (Rapid Spanning Tree Protocol) • DHCP prefix delegation
Application control • Port mirroring • Wire mode
• Application control • Layer-2 QoS • BGP
• Application component blocking • Port security
• Application bandwidth management • Dynamic routing Capture ATP
• Custom application signature creation • SonicPoint wireless controller • Cloud-based multi-engine analysis
• Data leakage prevention • Policy-based routing • Virtualized sandboxing
• Application reporting over • Advanced NAT • Hypervisor level analysis
NetFlow/IPFIX • DHCP server • Full system emulation
• User activity tracking (SSO) • Bandwidth management • Broad file type examination
• Comprehensive application • Link aggregation • Automated and manual submission
signature database • Port redundancy • Real-time threat intelligence updates
• A/P high availability with state sync • Auto-block capability
• A/A clustering
• Inbound/outbound load balancing
• L2 bridge, wire mode, tap mode,
NAT mode
NSA series system specifications
NSA 2600 NSA 3600 NSA 4600 NSA 5600 NSA 6600
Operating system SonicOS 6.2.2
Security processing cores 4 x 800 MHz 6 x 800 MHz 8 x 1.1 GHz 10 x 1.3 GHz 24 x 1.0 GHz
10 GbE interfaces — 2 x 10-GbE SFP+ 4 x 10-GbE SFP+
8 x 1-GbE SFP,
4 x 1-GbE SFP,
1 GbE interfaces 8 x 1 GbE 8 x 1 GbE
12 x 1 GbE
(1 LAN Bypass pair)
Management interfaces 1 GbE, 1 Console
Memory (RAM) 2.0 GB 4.0 GB
Expansion 1 Expansion Slot (Rear)*, SD Card*
Firewall inspection throughput1 1.9 Gbps 3.4 Gbps 6.0 Gbps 9.0 Gbps 12.0 Gbps
Full DPI throughput2 300 Mbps 500 Mbps 800 Mbps 1.6 Gbps 3.0 Gbps
Application inspection throughput2 700 Mbps 1.1 Gbps 2.0 Gbps 3.0 Gbps 4.5 Gbps
IPS throughput2 700 Mbps 1.1 Gbps 2.0 Gbps 3.0 Gbps 4.5 Gbps
Anti-malware inspection throughput2 400 Mbps 600 Mbps 1.1 Gbps 1.7 Gbps 3.0 Gbps
IMIX throughput3 600 Mbps 900 Mbps 1.6 Gbps 2.4 Gbps 3.5 Gbps
SSL Inspection and Decryption (DPI SSL)2 200 Mbps 300 Mbps 500 Mbps 800 Mbps 1.3 Gbps
VPN throughput3 1.1 Gbps 1.5 Gbps 3.0 Gbps 4.5 Gbps 5.0 Gbps
Connections per second 15,000/sec 20,000/sec 40,000/sec 60,000/sec 90,000/sec
Maximum connections (SPI) 225,000 325,000 400,000 562,500 750,000
Maximum connections (DPI) 125,000 175,000 200,000 375,000 500,000
SonicPoints supported (Maximum) 32 48 64 96 128
Single Sign On (SSO) Users 30,000 40,000 50,000 60,000 70,000
VPN NSA 2600 NSA 3600 NSA 4600 NSA 5600 NSA 6600
Site-to-site tunnels 250 1,000 3,000 4,000 6,000
IPSec VPN clients (Maximum) 10 (250) 50 (1,000) 500 (3,000) 2,000 (4,000) 2,000 (6,000)
SSL VPN licenses (Maximum) 2 (250) 2 (350) 2 (500) 2 (1000) 2 (1500)
Encryption/Authentication DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B Cryptography
Key exchange Diffie Hellman Groups 1, 2, 5, 14
Route-based VPN RIP, OSPF
Networking NSA 2600 NSA 3600 NSA 4600 NSA 5600 NSA 6600
IP address assignment Static (DHCP PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP Relay
NAT modes 1:1, many:1, 1:many, flexible NAT (overlapping IPS), PAT, transparent mode
VLAN interfaces 256 256 256 400 500
Routing protocols BGP, OSPF, RIPv1/v2, static routes, policy-based routing, multicast
QoS Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p
XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix,
Authentication
Common Access Card (CAC)
VoIP Full H323-v1-5, SIP
Standards TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3
Certifications ICSA Firewall, ICSA Anti-Virus, FIPS 140-2, Common Criteria NDPP (Firewall and IPS), UC APL
Hardware NSA 2600 NSA 3600 NSA 4600 NSA 5600 NSA 6600
Power supply 200W Single, Fixed 250W
Dual, redundant,
Fans Dual, Fixed
hot swappable
Input power 100-240 VAC, 60-50 Hz
Maximum power consumption (W) 49.4 74.3 86.7 90.9 113.1
Form factor 1U Rack Mountable
1.75 x 10.25 x 17 in 1.75 x 19.1 x 17 in
Dimensions
(4.5 x 26 x 43 cm) (4.5 x 48.5 x 43 cm)
Weight 10.1 lb (4.6 kg) 13.56 lb (6.15 Kg) 14.93 lb (6.77 Kg)
WEEE weight 11.0 lb (5.0 kg) 14.24 lb (6.46 Kg) 19.78 lb (8.97 Kg)
Shipping weight 14.3 lb (6.5 kg) 20.79lb (9.43 Kg) 26.12 lb (11.85 Kg)
FCC Class A, CE (EMC, LVD, RoHS), C-Tick, VCCI Class A, MSIP/KCC Class A, UL, cUL, TUV/GS, CB,
Major regulatory
Mexico CoC by UL, WEEE , REACH, ANATEL, BSMI, CU
Environment 32-105 F, 0-40 deg C
Humidity 10-90% non-condensing
MTBF (Years) 20.2 16.8 16.0 15.4 13.3

1
Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services.
2
Full DPI/GatewayAV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with
multiple flows through multiple port pairs.
3
VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544. All specifications, features and availability are subject to change.
*Future use.
NSA series ordering information
Product SKU
NSA 2600 TotalSecure (1-year) 01-SSC-3863
NSA 3600 TotalSecure (1-year) 01-SSC-3853
NSA 4600 TotalSecure (1-year) 01-SSC-3843
NSA 5600 TotalSecure (1-year) 01-SSC-3833
NSA 6600 TotalSecure (1-year) 01-SSC-3823
NSA 2600 security and support subscriptions SKU
Advanced Gateway Security Suite – Capture ATP, Threat Prevention, Content Filtering and 24x7 Support for NSA 2600 (1-year) 01-SSC-1470
Capture Advanced Threat Protection for NSA 2600 (1-year) 01-SSC-1475
Threat Prevention–Intrusion Prevention, Gateway Anti-Virus, Gateway Anti-Spyware, Cloud Anti-Virus for NSA 2600 (1-year) 01-SSC-4459
Silver 24x7 Support for NSA 2600 (1-year) 01-SSC-4314
Content Filtering Premium Business Edition for NSA 2600 (1-year) 01-SSC-4465
Enforced Client Anti-Virus & Anti-Spyware — Kaspersky Based on user count
Comprehensive Anti-Spam Service for NSA 2600 (1-year) 01-SSC-4471
NSA 3600 security and support subscriptions SKU
Advanced Gateway Security Suite – Capture ATP, Threat Prevention, Content Filtering and 24x7 Support for NSA 3600 (1-year) 01-SSC-1480
Capture Advanced Threat Protection for NSA 3600 (1-year) 01-SSC-1485
Threat Prevention–Intrusion Prevention, Gateway Anti-Virus, Gateway Anti-Spyware, Cloud Anti-Virus for NSA 3600 (1-year) 01-SSC-4435
Silver 24x7 Support for NSA 3600 (1-year) 01-SSC-4302
Content Filtering Premium Business Edition for NSA 3600 (1-year) 01-SSC-4441
Enforced Client Anti-Virus & Anti-Spyware — Kaspersky Based on user count
Comprehensive Anti-Spam Service for NSA 3600 (1-year) 01-SSC-4447
NSA 4600 security and support subscriptions SKU
Advanced Gateway Security Suite – Capture ATP, Threat Prevention, Content Filtering and 24x7 Support for NSA 4600 (1-year) 01-SSC-1490
Capture Advanced Threat Protection for NSA 4600 (1-year) 01-SSC-1495
Threat Prevention–Intrusion Prevention, Gateway Anti-Virus, Gateway Anti-Spyware, Cloud Anti-Virus for NSA 4600 (1-year) 01-SSC-4411
Silver 24x7 Support for NSA 4600 (1-year) 01-SSC-4290
Content Filtering Premium Business Edition for NSA 4600 (1-year) 01-SSC-4417
Enforced Client Anti-Virus & Anti-Spyware — Kaspersky Based on user count
Comprehensive Anti-Spam Service for NSA 4600 (1-year) 01-SSC-4423
NSA 5600 security and support subscriptions SKU
Advanced Gateway Security Suite – Capture ATP, Threat Prevention, Content Filtering and 24x7 Support for NSA 5600 (1-year) 01-SSC-1550
Capture Advanced Threat Protection for NSA 5600 (1-year) 01-SSC-1555
Threat Prevention – Intrusion Prevention, Gateway Anti-Virus, Gateway Anti-Spyware, Cloud Anti-Virus for NSA 5600 (1-year) 01-SSC-4240
Gold 24x7 Support for NSA 5600 (1-year) 01-SSC-4284
Content Filtering Premium Business Edition for NSA 5600 (1-year) 01-SSC-4246
Enforced Client Anti-Virus & Anti-Spyware — Kaspersky Based on user count
Comprehensive Anti-Spam Service for NSA 5600 (1-year) 01-SSC-4252
NSA 6600 security and support subscriptions SKU
Advanced Gateway Security Suite – Capture ATP, Threat Prevention, Content Filtering and 24x7 Support for NSA 6600 (1-year) 01-SSC-1560
Capture Advanced Threat Protection for NSA 6600 (1-year) 01-SSC-1565
Threat Prevention–Intrusion Prevention, Gateway Anti-Virus, Gateway Anti-Spyware, Cloud Anti-Virus for NSA 6600 (1-year) 01-SSC-4216
Gold 24x7 Support for NSA 6600 (1-year) 01-SSC-4278
Content Filtering Premium Business Edition for NSA 6600 (1-year) 01-SSC-4222
Enforced Client Anti-Virus & Anti-Spyware — Kaspersky Based on user count
Comprehensive Anti-Spam Service for NSA 6600 (1-year) 01-SSC-4228
Modules and accessories* SKU
10GBASE-SR SFP+ Short Reach Module 01-SSC-9785
10GBASE-LR SFP+ Long Reach Module 01-SSC-9786
10GBASE SFP+ 1M Twinax Cable 01-SSC-9787
10GBASE SFP+ 3M Twinax Cable 01-SSC-9788
1000BASE-SX SFP Short Haul Module 01-SSC-9789
1000BASE-LX SFP Long Haul Module 01-SSC-9790
1000BASE-T SFP Copper Module 01-SSC-9791
Management and reporting SKU
Dell SonicWALL GMS 10 Node Software License 01-SSC-3363
Dell SonicWALL GMS E-Class 24x7 Software Support for 10 node (1-year) 01-SSC-6514

*Please consult with a Dell Security Solutions SE for a complete list of supported SFP and SFP+ modules
Regulatory model numbers:
NSA 2600–1RK29-0A9

NSA 3600–1RK26-0A2

NSA 4600–1RK26-0A3

NSA 5600–1RK26-0A4

NSA 6600–1RK27-0A5

Dell
5455 Great America Parkway, Santa Clara, CA 95054 © 2016 Dell Inc. ALL RIGHTS RESERVED. Dell and Dell Security logo and products—as identified in this
www.dell.com/security document—are trademarks or registered trademarks of Dell, Inc. in the U.S.A. and/or other countries. All
If you are located outside North America, you can other trademarks and registered trademarks are property of their respective owners.
find local office information on our web site. Datasheet-SonicWALL-NetworkSecurityAppliance-NoMT-US-CW-20879