You're currently on:

SonicWall NSA UTM Firewall Appliances

SonicWall NSA Series firewalls have the features, throughput, and low price that you need to get your medium-sized organization or enterprise secure without breaking the budget. Whether you're looking for a classic like the NSA 3600 or the powerful new NSA 2650, we have the resources to help you compare, shop, & save on SonicWall's most advanced next generation firewalls. Check out our datasheets to compare specs, or chat in real time with a local, SonicWall-certified expert.

The SonicWall NSA Series is Best Used for:
• Small-Medium business networks
• Perfect for a VPN hub location
• Advanced WAN and hardware failover. 
Download SonicWall firewall Buyers Guide

Choose a SonicWall NSA Series

SonicWall NSA 2650

» Unlimited Users
» 12 x 1 Gigabit Ethernet Ports
» 4 x 2.5GbE SFP+ 4 x 2.5GbE SFP
» 600 Mbps DPI Throughput
» 1000 Site-to-Site Tunnels
» 2 SSL VPN Clients
» Optimized for DSL / Cable / FIOS
» 3.0 Gbps Throughput Speed
» Supports up to 48 SonicPoints

SonicWall NSA 3650

» Unlimited Users
» 12 x 1 Gigabit Ethernet Ports
» 4 x 2.5GbE SFP+ 8 x 2.5GbE SFP
» 2 x 10.5GbE SFP+
» 700 Mbps DPI Throughput
» 3000 Site-to-Site Tunnels
» 2 SSL VPN Clients
» Optimized for DSL / Cable / FIOS
» 3.75 Gbps Throughput Speed
» Supports up to 96 SonicPoints

SonicWall NSA 4650

» Unlimited Users
» 16 x 1 Gigabit Ethernet Ports
» 4 x 2.5GbE SFP, 4 x 2.5GbE SFP
» 2 x 10GbE SFP+
» 1.5 Gbps DPI Throughput
» 4000 Site-to-Site Tunnels
» 2 SSL VPN Clients
» Optimized for DSL / Cable / FIOS
» 6.0 Gbps Throughput Speed
» Supports up to 128 SonicPoints

SonicWall NSA 5650

» Unlimited Users
» 16 x 1 Gigabit Ethernet Ports
» 4 x 2.5GbE SFP+ 4 x 2.5GbE SFP
» 2 x 10GbE SFP+ + 2 x 10GbE
» 1.7 Gbps DPI Throughput
» 6000 Site-to-Site Tunnels
» 2 SSL VPN Clients
» Optimized for DSL / Cable / FIOS
» 6.25 Gbps Throughput Speed
» Supports up to 192 SonicPoints

SonicWall NSA 3600

» Unlimited Users
» 12 Gigabit Ethernet Ports
» 2 10GbE SFP+ 4 1GbE SFP
» 800 VPN Tunnels
» 2 SSL VPN Clients
» Optimized for DSL / Cable / FIOS
» 3.4 Gbps Throughput Speed
» Supports up to 48 SonicPoints

SonicWall NSA 4600

» Unlimited Users
» 12 Gigabit Ethernet Ports
» 2 10GbE SFP+ 4 1GbE SFP
» 1500 VPN Tunnels
» 2 SSL VPN Clients
» Optimized for DSL / Cable / FIOS
» 6 Gbps Throughput Speed
» Supports up to 64 SonicPoints

SonicWall NSA 5600

» Unlimited Users
» 12 Gigabit Ethernet Ports
» 2 10GbE SFP+ 4 1GbE SFP
» 4000 VPN Tunnels
» 2 SSL VPN Clients
» Optimized for DSL / Cable / FIOS
» 9 Gbps Throughput Speed
» Supports up to 96 SonicPoints

SonicWall NSA 6600

» Unlimited Users
» 12 Gigabit Ethernet Ports
» 4 10GbE SFP+ 8 1GbE SFP
» 6000 VPN Tunnels
» 2 SSL VPN Clients
» Optimized for DSL / Cable / FIOS
» 12 Gbps Throughput Speed
» Supports up to 96 SonicPoints
 

Comparison Between SonicWall NSA Firewall Appliance

Models:NSA 2600NSA 2650NSA 3600NSA 4600NSA 5600NSA 6600
Firewall
SonicOS VersionSonicOS 6.5
Security Processing Cores44681024
Interfaces8 x 1-GbE,
1 GbE Management,
1 Console
4 x 2.5-GbE SFP,
4 x 2.5-GbE,
12 x 1-GbE,
1 GbE Management,
1 Console
2 x 10-GbE SFP+,
4 x 1-GbE SFP,
12 x 1 GbE,
1 GbE Management,
1 Console
2 x 10-GbE SFP+,
4 x 1-GbE SFP,
12 x 1 GbE,
1 GbE Management,
1 Console
2 x 10-GbE SFP+,
4 x 1-GbE SFP,
12 x 1 GbE,
1 GbE Management,
1 Console
4 x 10-GbE SFP+,
8 x 1-GbE SFP,
8 x 1 GbE,
1 GbE Management,
1 Console
ManagementCLI, SSH, GUI, GMS
Expansion1 Expansion Slot (Rear)*, SD Card*1 Expansion Slot (Rear)*, 16 GB storage module1 Expansion Slot (Rear)*, SD Card*
SSO users30,00040,00040,00050,00060,00070,000
Maximum SonicPoints supported3248486496128
LoggingAnalyzer, Local Log, Syslog
Firewall/VPN PerformanceNSA 2600NSA 2650NSA 3600NSA 4600NSA 5600NSA 6600
Firewall Inspection Throughput11.9 Gbps3.0 Gbps3.4 Gbps6.0 Gbps9.0 Gbps12.0 Gbps
Full DPI Throughput2300 Mbps600 Mbps500 Mbps800 Mbps1.6 Gbps3.0 Gbps
Application Inspection Throughput2700 Mbps1.4 Gbps1.1 Gbps2.0 Gbps3.0 Gbps4.5 Gbps
IPS Throughput2700 Mbps1.4 Gbps1.1 Gbps2.0 Gbps3.0 Gbps4.5 Gbps
Anti-Malware Inspection Throughput2400 Mbps600 Mbps600 Mbps1.1 Gbps1.7 Gbps3.0 Gbps
IMIX Throughput3600 Mbps700 Mbps900 Mbps1.6 Gbps2.4 Gbps3.5 Gbps
SSL Inspection & Decription (DPI SSL)2200 Mbps300 Mbps300 Mbps500 Mbps800 Mbps1.3 Gbps
VPN Throughput31.1 Gbps1.5 Gbps1.5 Gbps3.0 Gbps4.5 Gbps5.0 Gbps
Connections per Second15,000/sec15,000/sec20,000/sec40,000/sec60,000/sec90,000/sec
Maximum Connections (SPI)500,0001,000,000750,0001,000,0001,500,0001,500,000
Maximum Connections (DPI)4250,000500,000375,000500,0001,000,0001,000,000
Maximum Connections (DPI)51,000/1,00012,000/13,5002,000/2,7503,000/4,5004,000/8,5006,000/10,500
VPNNSA 2600NSA 2650NSA 3600NSA 4600NSA 5600NSA 6600
Site-to-Site Tunnels2501,0001,0001,5004,0006,000
IPSec VPN clients (Maximum)10 (250)50 (1,000)50 (1,000)500 (3,000)2,000 (4,000)2,000 (6,000)
SSL VPN licenses (Maximum)2 (250)2 (350)2 (350)2 (500)2 (1,000)2 (1,500)
Encryption/AuthenticationDES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B Cryptography
Key ExchangeDiffie Hellman Groups 1, 2, 5, 14v
Route-Based VPNRIP, OSPF
NetworkingNSA 2600NSA 2650NSA 3600NSA 4600NSA 5600NSA 6600
IP Address AssignmentStatic (DHCP PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP Relay
NAT Modes1:1, many:1, 1:many, flexible NAT (overlapping IPS), PAT, transparent mode
VLAN Interfaces256256256256400500
Routing ProtocolsBGP, OSPF, RIPv1/v2, static routes, policy-based routing, multicast
QoSBandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p
AuthenticationLDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC)
VoIPFull H323-v1-5, SIP
StandardsTCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3
CertificationsICSA Firewall, ICSA Anti-Virus, FIPS 140-2, Common Criteria NDPP (Firewall and IPS), UC APL
High availabilityActive/Passive with State SyncActive/Passive with State Sync
Active/Active Clustering
Active/Passive with State Sync,
Active/Active DPI with State Sync,
Active/Active Clustering
HardwareNSA 2600NSA 2650NSA 3600NSA 4600NSA 5600NSA 6600
Power SupplySingle, Fixed 200WDual, redundant 120W (one included)Single, Fixed 250W
FansDual, FixedDual, redundant, hot swappable
Input Power100-240 VAC, 60-50 Hz
Max Power Consumption (W)49.474.374.386.790.9113.1
MTBF @25ºC in hours176,540146,789146,789139,783134,900116,477
MTBF @25ºC in years20.1516.7616.7615.9615.4013.30
Form Factor1U Rack Mountable
Dimensions1.75 x 19.1 x 17 in
(4.5 x 48.5 x 43 cm)
Weight10.1 lb (4.6 Kg)13.56 lb (6.15 kg)13.56 lb (6.15 Kg)13.56 lb (6.15 Kg)13.56 lb (6.15 Kg)14.93 lb (6.77 Kg)
WEEE Weight11 lb (5.0 Kg)14.24 lb (6.46 kg)14.24 lb (6.46 Kg)14.24 lb (6.46 Kg)14.24 lb (6.46 Kg)19.78 lb (8.97 Kg)
Shipping Weight14.3 lb (6.5 Kg)20.79 lb (9.43 kg)20.79 lb (9.43 Kg)20.79 lb (9.43 Kg)20.79 lb (9.43 Kg)26.12 lb (11.85 Kg)
Major RegulatoryFCC Class A, CE (EMC, LVD, RoHS), C-Tick, VCCI Class A, MSIP/KCC Class A, UL, cUL, TUV/GS, CB, Mexico CoC by UL, WEEE , REACH, ANATEL, BSMI, CU
Environment32°-105° F (0°-40° C)/-40° to 158° F (-40° to 70° C)
Humidity10-90% non-condensing.

Notes:
1 Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services.
2 Full DPI/GatewayAV/Anti- Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs.
3 VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544. All specifications, features and availability are subject to change.
4 For every 125,000 DPI connections reduced, the number of available DPI SSL connections increases by 750.
All specifications, features and availability are subject to change.
*Future use.

Organizations of all sizes depend on their networks to access internal and external mission-critical applications. As advances in networking continue to provide tremendous benefit to organizations, they are increasingly challenged by sophisticated and financially-motivated attacks designed to disrupt communication, degrade performance and compromise data.

Malicious attacks penetrate outdated stateful packet inspection firewalls by exploiting higher network levels. Point products add layers of security, but are costly, difficult to manage, limited in controlling network misuse and ineffective against the latest multipronged attacks.

The SonicWall Network Security Appliance (NSA) Series revolutionizes network security, utilizing a breakthrough multi-core design and patented Reassembly-Free Deep Packet Inspection™ (RFDPI) technology* offering complete protection without compromising network performance. This platform was first made available on the SonicWall E-Class NSA Series, and it is now available for mid-sized organizations.

The NSA Series overcomes the limitations of existing security solutions by scanning the entirety of each packet for current internal and external threats in real time. Built on a high-speed multi-core processing platform, the NSA Series enables deep packet inspection without adversely impacting the performance of mission-critical networks and applications.

The NSA Series applies next-generation Unified Threat Management (UTM) against a comprehensive array of attacks, combining intrusion prevention, anti-virus and antispyware with the application-level control of SonicWall Application Intelligence Service. With advanced routing, stateful high-availability and high-speed IPSec and SSL VPN technology, the NSA Series adds security, reliability, functionality and productivity to branch offices, central sites and distributed mid-enterprise networks, while minimizing cost and complexity.

Comprised of the SonicWall NSA 220, NSA 240, , NSA 250M, NSA 2400, NSA 3600 and NSA 4600, the NSA Series offers a scalable range of solutions designed to meet the network security needs of any organization.

Features and Benefits

SonicWall's next generation security incorporates a new level of UTM that integrates intrusion prevention, gateway anti-virus and anti-spyware and features the Application Intelligence Service suite of configurable tools to prevent data leakage and offer granular application control.Advanced routing services and networking features incorporate advanced networking and security technology including 802.1q VLANs, Multi-WAN failover, zone and object-based management, load balancing, advanced NAT modes and more, providing granular configuration flexibility and comprehensive protection at the administrator's discretion.
Scalable multi-core hardware and Reassembly-Free Deep Packet Inspection scans and eliminates threats of unlimited file sizes, and provides virtually unrestricted concurrent connections with uncompromising speed. The NSA 240 can be configured using primary or secondary modem or 3G wireless interfaces for futureproofed extensibility.
Standards-based Voice over IP (VoIP) capabilities provide the highest levels of security for every element of the VoIP infrastructure, from communications equipment to VoIP-ready devices such as SIP Proxies, H.323 Gatekeepers and Call Servers.
Stateful High Availability and load balancing features in SonicOS 5.5 Enhanced maximize total network bandwidth and maintain seamless network uptime, delivering uninterrupted access to mission-critical resources, and ensuring that VPN tunnels and other network traffic will not be interrupted in the event of a failover.
Secure distributed wireless LAN services enable the appliance to function as a secure wireless switch and controller that automatically detects and configures SonicPoints,™ SonicWall wireless access points, for secure remote access in distributed network environments.
High performance and lowered TCO are achieved by using the processing power of multiple cores in unison to dramatically increase throughput and provide simultaneous inspection capabilities, while lowering power consumption.Onboard Quality of Service (QoS) features use industry standard 802.1p and Differentiated Services Code Points (DSCP) Class of Service (CoS) designators to provide powerful and flexible bandwidth management that is vital for VoIP, multimedia content and business-critical applications.