Professional Documents
Culture Documents
Sonicwall Network Security Appliance (Nsa) Series
Sonicwall Network Security Appliance (Nsa) Series
a ted S
c
ti n an SL
d
io
va s
de spec
anti-e phi
in
s
cry tion
IPS with so
Patented
ption
single pass
RFDPI
engine
e ti
N
al t w o
-
n
m
si
st
w a rk-b a s e d a s
re w a
ex it h c l o u d
n
ti o
N
t-g n
en e
e r at p r ev
i o n t h r e at
Network Security Appliance 2600 Network Security Appliance 3600/4600
The Dell SonicWALL NSA 2600 is designed to address the The Dell SonicWALL NSA 3600/4600 is ideal for branch
needs of growing small organizations, branch offices and office and small- to medium-sized corporate environments
school campuses. concerned about throughput capacity and performance.
Expansion bay
Dual fans Power for future use Dual fans Power
Dual hot
Expansion bay Expansion bay swappable
for future use Dual fans Power for future use fans Power
Packet
Proxy Scanning disassembly
Traffic in Traffic out Traffic in Traffic out
When proxy
Inspection time becomes full or Inspection capacity Inspection time Inspection capacity
content too large,
Less More files bypass Min Max Less More Min Max
scanning Reassembly-free packet
scanning without proxy
or content size limitations
HF link
Every Dell SonicWALL NSA appliance
utilizes a breakthrough, multi-core Internet
Application intelligence
and control
Application intelligence informs
administrators of application traffic
traversing their network, so they can
schedule application controls based on
business priority, throttle unproductive
applications and block potentially
dangerous applications. Real-time
visualization identifies traffic anomalies
as they happen, enabling immediate
countermeasures against potential
inbound or outbound attacks or
performance bottlenecks.
RFDPI engine
Feature Description
This high-performance, proprietary and patented inspection engine performs stream-
Reassembly-Free Deep Packet
based bi-directional traffic analysis, without proxying or buffering, to uncover intrusion
Inspection (RFDPI)
attempts, malware and identify application traffic regardless of port.
Scans for threats in both inbound and outbound traffic simultaneously to ensure that the
Bi-directional inspection network is not used to distribute malware, and does not become a launch platform for
attacks in case an infected machine is brought inside.
Proxy-less and non-buffering inspection technology provides ultra-low latency performance
Stream-based inspection for DPI of millions of simultaneous network streams without introducing file and stream size
limitations, and can be applied on common protocols as well as raw TCP streams.
The unique design of the RFDPI engine works with the multi-core architecture to provide
Highly parallel and scalable high DPI throughput and extremely high new session establishment rates to deal with
traffic spikes in demanding networks.
A single-pass DPI architecture simultaneously scans for malware, intrusions and
Single-pass inspection application identification, drastically reducing DPI latency and ensuring that all threat
information is correlated in a single architecture.
Capture ATP
Feature Description
The multi-engine sandbox platform, which includes virtualized sandboxing, full system
Multi-engine sandboxing emulation and hypervisor level analysis technology, executes suspicious code and
analyzes behavior, providing comprehensive visibility into malicious activity.
Analyzes a broad range of file types including executable programs (PE), DLL, PDFs, MS
Broad file type and size analysis Office documents, archives, JAR, and APK plus multiple operating systems (Windows,
Android, Mac OS X) and multi-browser environments.
When a file is identified as malicious, a signature is immediately deployed to firewalls
Rapid deployment of signatures with an active SonicWALL Capture subscription as well as GRID Gateway Anti-virus and
IPS signature databases plus URL, IP and domain reputation databases within 48 hours.
To prevent potentially malicious files from entering the network, files sent to the cloud
Block until verdict
for analysis can be held at the gateway until a verdict is determined.
Intrusion prevention
Feature Description
Tightly integrated intrusion prevention system (IPS) leverages signatures and other
Countermeasure-based protection countermeasures to scan packet payloads for vulnerabilities and exploits, covering a
broad spectrum of attacks and vulnerabilities.
The Dell SonicWALL Threat Research Team continuously researches and deploys updates
Automatic signature updates to an extensive list of IPS countermeasures that covers more than 50 attack categories. The
new updates take immediate effect without any reboot or service interruption required.
Bolsters internal security by segmenting the network into multiple security zones with
Intra-zone IPS protection
intrusion prevention, preventing threats from propagating across the zone boundaries.
Botnet command and control (CnC) Identifies and blocks command and control traffic originating from bots on the local network
detection and blocking to IPs and domains that are identified as propagating malware or are known CnC points.
Protocol abuse/anomaly detection
Identifies and blocks attacks that abuse protocols in an attempt to sneak past the IPS.
and prevention
Protects the network against zero-day attacks with constant updates against the latest
Zero-day protection
exploit methods and techniques that cover thousands of individual exploits.
Extensive stream normalization, decoding and other techniques ensure that threats do
Anti-evasion technology
not enter the network undetected by utilizing evasion techniques in Layers 2-7.
Threat prevention
Feature Description
The Dell SonicWALL RFDPI engine scans all inbound, outbound and intra-zone traffic
Network-based malware protection for viruses, Trojans, key loggers and other malware in files of unlimited length and size
across all ports and TCP streams.
A continuously updated database of over 30 million threat signatures resides in the Dell
CloudAV malware protection SonicWALL cloud servers and is referenced to augment the capabilities of the onboard
signature database, providing RFDPI with extensive coverage of threats.
Dell SonicWALL Capture Advance Threat Protection Service uses cloud-based, multi-
engine sandboxing, including full system emulation, virtualization and hypervisor level
Cloud-based sandboxing
techniques, to analyze suspicious files, detect malicious behavior and block unknown
and zero-day attacks at the gateway.
The Dell SonicWALL Threat Research Team analyzes new threats and releases
countermeasures 24 hours a day, 7 days a week. New threat updates are automatically
Around-the-clock security updates
pushed to firewalls in the field with active security services, and take effect immediately
without reboots or interruptions.
Decrypts and inspects SSL traffic on the fly, without proxying, for malware, intrusions
SSL decryption and inspection and data leakage, and applies application, URL and content control policies in order to
protect against threats hidden in SSL encrypted traffic.
The RFDPI engine is capable of scanning raw TCP streams on any port bi-directionally,
Bi-directional raw TCP inspection preventing attacks that try to sneak by outdated security systems that focus on securing
a few well-known ports.
Identifies common protocols such as HTTP/S, FTP, SMTP, SMBv1/v2 and others, which do
Extensive protocol support not send data in raw TCP, and decodes payloads for malware inspection, even if they do
not run on standard, well-known ports.
Automatically detect non-compliant endpoint machines and install the Dell Anti-Virus
Enforced Anti-Virus and and Anti-Spyware software* machine-by-machine across the network regardless
Anti-Spyware Client software of whether devices are inside the corporate network or outside connected via VPN.
Windows only.
*Requires the Dell SonicWALL Anti-Virus and Anti-Spyware Client software
Block content using the predefined categories or any combination of categories. Filtering
Granular controls can be scheduled by time of day, such as during school or business hours, and applied to
individual users or groups.
All requested web sites are cross-referenced against a dynamically updated database in
Dynamic rating architecture
the cloud categorizing millions of URLs, IP addresses and domains in real time.
URL ratings are cached locally on the Dell SonicWALL firewall so that the response time
Web caching
for subsequent access to frequently visited sites is only a fraction of a second.
Ensure every computer accessing the network has the most recent version of anti-
Automated enforcement virus and anti-spyware signatures installed and active, eliminating the costs commonly
associated with desktop anti-virus and anti-spyware management.
Automated deployment and Machine-by-machine deployment and installation of anti-virus and anti-spyware clients
installation is automatic across the network, minimizing administrative overhead.
Always on, automatic virus Frequent anti-virus and anti-spyware updates are delivered transparently to all desktops
protection and file servers to improve end user productivity and decrease security management.
Powerful spyware protection scans and blocks the installation of a comprehensive array
Spyware protection of spyware programs on desktops and laptops before they transmit confidential data,
providing greater desktop security and performance.
All network traffic is inspected, analyzed and brought into compliance with firewall
Stateful Packet Inspection
access policies.
SYN Flood protection provides a defense against DOS attacks using both Layer 3 SYN proxy
DDoS/DoS attack protection and Layer 2 SYN blacklisting technologies. Additionally, it provides the ability to protect
against DOS/DDoS through UDP/ICMP flood protection and connection rate limiting.
The NSA series can be deployed in traditional NAT, Layer 2 Bridge, Wire Mode and
Flexible deployment options
Network Tap modes.
The NSA series supports IPv6, the internet protocol that increases the number of available
IPv6 support IP addresses. NSA series firewalls have achieved IPv6 Ready Phase 1/2 as well as ICSA Labs
enterprise certification which includes IPv6 testing.
Firewall and networking con't
Feature Description
The NSA series supports Active/Passive with state synchronization, Active/Active DPI
High availability/clustering and Active/Active Clustering high availability modes. Active/Active DPI offloads the Deep
Packet Inspection load to cores on the passive appliance to boost throughput.
Load balances multiple WAN interfaces using Round Robin, Spillover or Percentage-
WAN load balancing
based methods.
Creates routes based on protocol to direct traffic to a preferred WAN connection with the
Policy-based routing
ability to fail back to a secondary WAN in the event of an outage.
Guarantees critical communications with 802.1p and DSCP tagging, and remapping of
Advanced QoS
VoIP traffic on the network.
H.323 gatekeeper and SIP Blocks spam calls by requiring that all incoming calls are authorized and authenticated by
proxy support H.323 gatekeeper or SIP proxy.
Management and reporting
Feature Description
The Dell SonicWALL GMS monitors, configures and reports on multiple Dell SonicWALL
Global Management System appliances through a single management console with an intuitive interface to reduce
management costs and complexity.
An intuitive, web-based interface allows quick and convenient configuration in addition
Powerful, single device management
to a comprehensive CLI and support for SNMPv2/3.
Exports application traffic analytics and usage data for real-time and historical
Application flow reporting
monitoring and reporting with tools such as Dell SonicWALL GMS or Analyzer.
Virtual Private Networking
Feature Description
IPSec VPN for site-to-site High-performance IPSec VPN allows the NSA series to act as a VPN concentrator for
connectivity thousands of other large sites, branch offices or home offices.
SSL VPN and IPSec client Utilizes clientless SSL VPN technology or an easy-to-manage IPSec client for easy access
remote access to email, files, computers, intranet sites and applications from a variety of platforms.
When using multiple WANs, a primary and secondary VPN can be configured to allow
Redundant VPN gateway
seamless automatic failover and failback of all VPN sessions.
The ability to perform dynamic routing over VPN links ensures continuous uptime in
Route-based VPN the event of a temporary VPN tunnel failure, by seamlessly re-routing traffic between
endpoints through alternate routes.
Content/context awareness
Feature Description
User identification and activity are made available through seamless AD/LDAP/Citrix/Terminal
User activity tracking
Services SSO integration combined with extensive information obtained through DPI.
Identifies and controls network traffic going to or coming from specific countries to
GeoIP country traffic identification either protect against attacks from known or suspected origins of threat activity, or to
investigate suspicious traffic originating from the network.
Prevents data leakage by identifying and controlling content crossing the network
Regular Expression DPI filtering
through regular expression matching.
SonicOS feature summary
1
Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services.
2
Full DPI/GatewayAV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with
multiple flows through multiple port pairs.
3
VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544. All specifications, features and availability are subject to change.
*Future use.
NSA series ordering information
Product SKU
NSA 2600 TotalSecure (1-year) 01-SSC-3863
NSA 3600 TotalSecure (1-year) 01-SSC-3853
NSA 4600 TotalSecure (1-year) 01-SSC-3843
NSA 5600 TotalSecure (1-year) 01-SSC-3833
NSA 6600 TotalSecure (1-year) 01-SSC-3823
NSA 2600 security and support subscriptions SKU
Advanced Gateway Security Suite – Capture ATP, Threat Prevention, Content Filtering and 24x7 Support for NSA 2600 (1-year) 01-SSC-1470
Capture Advanced Threat Protection for NSA 2600 (1-year) 01-SSC-1475
Threat Prevention–Intrusion Prevention, Gateway Anti-Virus, Gateway Anti-Spyware, Cloud Anti-Virus for NSA 2600 (1-year) 01-SSC-4459
Silver 24x7 Support for NSA 2600 (1-year) 01-SSC-4314
Content Filtering Premium Business Edition for NSA 2600 (1-year) 01-SSC-4465
Enforced Client Anti-Virus & Anti-Spyware — Kaspersky Based on user count
Comprehensive Anti-Spam Service for NSA 2600 (1-year) 01-SSC-4471
NSA 3600 security and support subscriptions SKU
Advanced Gateway Security Suite – Capture ATP, Threat Prevention, Content Filtering and 24x7 Support for NSA 3600 (1-year) 01-SSC-1480
Capture Advanced Threat Protection for NSA 3600 (1-year) 01-SSC-1485
Threat Prevention–Intrusion Prevention, Gateway Anti-Virus, Gateway Anti-Spyware, Cloud Anti-Virus for NSA 3600 (1-year) 01-SSC-4435
Silver 24x7 Support for NSA 3600 (1-year) 01-SSC-4302
Content Filtering Premium Business Edition for NSA 3600 (1-year) 01-SSC-4441
Enforced Client Anti-Virus & Anti-Spyware — Kaspersky Based on user count
Comprehensive Anti-Spam Service for NSA 3600 (1-year) 01-SSC-4447
NSA 4600 security and support subscriptions SKU
Advanced Gateway Security Suite – Capture ATP, Threat Prevention, Content Filtering and 24x7 Support for NSA 4600 (1-year) 01-SSC-1490
Capture Advanced Threat Protection for NSA 4600 (1-year) 01-SSC-1495
Threat Prevention–Intrusion Prevention, Gateway Anti-Virus, Gateway Anti-Spyware, Cloud Anti-Virus for NSA 4600 (1-year) 01-SSC-4411
Silver 24x7 Support for NSA 4600 (1-year) 01-SSC-4290
Content Filtering Premium Business Edition for NSA 4600 (1-year) 01-SSC-4417
Enforced Client Anti-Virus & Anti-Spyware — Kaspersky Based on user count
Comprehensive Anti-Spam Service for NSA 4600 (1-year) 01-SSC-4423
NSA 5600 security and support subscriptions SKU
Advanced Gateway Security Suite – Capture ATP, Threat Prevention, Content Filtering and 24x7 Support for NSA 5600 (1-year) 01-SSC-1550
Capture Advanced Threat Protection for NSA 5600 (1-year) 01-SSC-1555
Threat Prevention – Intrusion Prevention, Gateway Anti-Virus, Gateway Anti-Spyware, Cloud Anti-Virus for NSA 5600 (1-year) 01-SSC-4240
Gold 24x7 Support for NSA 5600 (1-year) 01-SSC-4284
Content Filtering Premium Business Edition for NSA 5600 (1-year) 01-SSC-4246
Enforced Client Anti-Virus & Anti-Spyware — Kaspersky Based on user count
Comprehensive Anti-Spam Service for NSA 5600 (1-year) 01-SSC-4252
NSA 6600 security and support subscriptions SKU
Advanced Gateway Security Suite – Capture ATP, Threat Prevention, Content Filtering and 24x7 Support for NSA 6600 (1-year) 01-SSC-1560
Capture Advanced Threat Protection for NSA 6600 (1-year) 01-SSC-1565
Threat Prevention–Intrusion Prevention, Gateway Anti-Virus, Gateway Anti-Spyware, Cloud Anti-Virus for NSA 6600 (1-year) 01-SSC-4216
Gold 24x7 Support for NSA 6600 (1-year) 01-SSC-4278
Content Filtering Premium Business Edition for NSA 6600 (1-year) 01-SSC-4222
Enforced Client Anti-Virus & Anti-Spyware — Kaspersky Based on user count
Comprehensive Anti-Spam Service for NSA 6600 (1-year) 01-SSC-4228
Modules and accessories* SKU
10GBASE-SR SFP+ Short Reach Module 01-SSC-9785
10GBASE-LR SFP+ Long Reach Module 01-SSC-9786
10GBASE SFP+ 1M Twinax Cable 01-SSC-9787
10GBASE SFP+ 3M Twinax Cable 01-SSC-9788
1000BASE-SX SFP Short Haul Module 01-SSC-9789
1000BASE-LX SFP Long Haul Module 01-SSC-9790
1000BASE-T SFP Copper Module 01-SSC-9791
Management and reporting SKU
Dell SonicWALL GMS 10 Node Software License 01-SSC-3363
Dell SonicWALL GMS E-Class 24x7 Software Support for 10 node (1-year) 01-SSC-6514
*Please consult with a Dell Security Solutions SE for a complete list of supported SFP and SFP+ modules
Regulatory model numbers:
NSA 2600–1RK29-0A9
NSA 3600–1RK26-0A2
NSA 4600–1RK26-0A3
NSA 5600–1RK26-0A4
NSA 6600–1RK27-0A5
Dell
5455 Great America Parkway, Santa Clara, CA 95054 © 2016 Dell Inc. ALL RIGHTS RESERVED. Dell and Dell Security logo and products—as identified in this
www.dell.com/security document—are trademarks or registered trademarks of Dell, Inc. in the U.S.A. and/or other countries. All
If you are located outside North America, you can other trademarks and registered trademarks are property of their respective owners.
find local office information on our web site. Datasheet-SonicWALL-NetworkSecurityAppliance-NoMT-US-CW-20879