You're currently on:

SonicWall E-Class Firewall Appliances

Next-Generation Unified Threat Management Firewall Appliance Geared for the Enterprise

The SonicWall E-Class Series is the industry's first multi-core Unified Threat Management (UTM) solution, delivering enterprise-class deep packet inspection without significantly impacting network throughput. Combining a powerful deep packet inspection firewall with multiple layers of protection technology and a suite of high availability features, the E-Class NSA E8500, E6500 appliances offer scalable solutions for large office deployments. Check our datasheets for technical specifications, compare pricing, & save.

The SonicWall E-Class NSA Series Features:

  • Multi-core Performance Architecture
  • Unified Threat Management Security Platform
  • Deployment Flexibility
  • Application Intelligence and Custom Control
  • Dynamic Protection
Download SonicWall firewall Buyers Guide

Browse SonicWall E-Class NSA Products

NSA E5500
» Unlimited Users
» 8 Gigabit Ethernet Ports
» 6,000 VPN Tunnels
» 2 SSL VPN Clients
» 2,000 IPSec VPN Clients
» Throughput: 5.0 Gbps
» 1.59 Gbps UTM Performance
» 1.69 Gbps GAV Throughput
» Supports up to 128 SonicPoints

nsa E8500
» Unlimited Users
» 4 Gigabit Ethernet Ports, 4 SFP ports
» 10,000 VPN Tunnels
» 2 SSL VPN Clients
» 2,000 IPSec VPN Clients
» Throughput: 8 Gbps
» 2.2 Gbps UTM Performance
» 2.25 Gbps GAV Throughput
» Supports up to 128 SonicPoints

Firewall Overview

NSA E6500

NSA E8500

Application Layer InspectionFull Layer 7Full Layer 7
Stateful Packet Inspection Firewall
Unlimited File Size Protection
Protocols Scanned50+50+
ICSA Firewall-zertifiziert
EAL 4+ zertifiziert

Security Services

NSA E6500

NSA E8500

Application IntelligenceOptional Service
Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention (GAV/IPS)Optional Service

Optional Service (for GAV)

(for IPS)

Enforced Client Anti-Virus & Anti-SpywareOptional ServiceOptional Service
Content & URL Filtering (CFS)Optional ServiceOptional Service
ViewPoint ReportingOptional ServiceOptional Service
Comprehensive Anti-Spam ServiceOptional ServiceOptional Service
E-Class 24x7 Support ServicesRequiredRequired

Firewall General

NSA E6500

NSA E8500

Interfaces8 Gbe, 1 HA4 Gbe, 4 SFP, 1 HA
Console Interface
USB PortsFutureFuture
Nodes SupportedUnrestrictedUnrestricted
Included SonicOS VersionEnhancedEnhanced
RAM1 Gb4 Gb
Visual Information Display (LCD Display)
Site-to-Site VPN Tunnels6,00010,000
Global VPN Clients (Bundled)2,0002,000
Global VPN Clients (Maximum)6,00010,000
SSL VPN NetExtender Clients (Bundled)22
SSL VPN NetExtender Clients (Maximum)5050
Unique Malware Threats Blocked1,000,000+1,000,000+
VLAN Interface (802.1q)256512

Firewall/VPN Performance

NSA E6500

NSA E8500

Stateful Throughput5.0 Gbps8.0 Gbps
UTM Performance1.59 Gbps2.2 Gbps
Gateway Anti-Virus Throughput1.69 Gbps2.25 Gbps
Intrusion Prevention Throughput2.30 Gbps3.7 Gbps
3DES/AES VPN Throughput2.7 Gbps4.0 Gbps


NSA E6500

NSA E8500

LoggingViewPoint®, Local Log, SyslogViewPoint®, Local Log, Syslog
AuthenticationXAUTH/RADIUS, Active Directory, SSO, LDAP, Internal User DatabaseXAUTH/RADIUS, Active Directory, SSO, LDAP, Internal User Database
Single Sign-On
Voice over IP (VoIP) Security
Zone Security
Dynamic RoutingOSPF, RIPOSPF, RIP
Policy-based Routing
Route-based VPN
Integrated Wireless Switch & Controller
Layer 2 Wireless Bridging
Stateful High Availability
WAN/WAN Failover
Load Balancing
Active/Active UTM
Dynamic Bandwith Management
Object-based Management
Policy-based NAT
Inbound Load Balancing
Quality of Service (QoS)
SSL Control
IPv6 Ready

Pricing - Buy Now

NSA E6500
NSA E8500
Optional Service - Optional Upgrade (must be purchased separately)
- Feature Included
E-Class NSA
The SonicWall® E-Class Network Security Appliance (NSA) Series is the industry's first multi-core Unified Threat Management (UTM) solution, delivering enterprise-class Reassembly-Free Deep Packet Inspection™ without significantly impacting network throughput. Combining a powerful deep packet inspection firewall with multiple layers of protection technology and a suite of high availability features, the E-Class NSA E7500, E6500 and E5500 appliances offer a broad range of scalable solutions for enterprise deployments in distributed environments, campus networks and data centers.

SonicWall E-Class NSAs are engineered to be the most scalable, reliable and highest performing multifunction threat appliances in their class. The E-Class NSA Series delivers powerful threat prevention against a vast spectrum of network attacks with unprecedented speed. This speed of protection is enabled through the NSA multi-core architecture, a parallel performance design for ultra-high-speed threat protection and deployment scalability. Taking protection to new levels of control is Application Intelligence Service, a set of customizable protection tools that empowers administrators with precise control over network traffic. Operational reliability is delivered through a high availability suite of features at the hardware and system level to optimize uptime and improve security coverage.

The NSA Series is a key part of SonicWall's portfolio of enterprise-class products and services for network security, email protection and secure remote access. All E-Class solutions offer outstanding protection and performance while delivering elegant simplicity and unparalleled value. SonicWall's E-Class delivers the high performance protection required by enterprise-class networks in a solution that is engineered to drive the cost and complexity out of running a secure network.

E-Class Network Security Appliance Architecture:

Comprehensive, Integrated Best-of-Breed Threat Protection:

Unified Threat Management Load Balancing Single processor designs that include multiple protection technologies are severely limited by a single centralized processor. SonicWall UTM load balancing integrates a high-speed deep packet inspection and traffic classification engine onto multiple security cores inspecting applications, files and content-based traffic in real time without significantly impacting performance or scalability. This enables the scanning and control of threats for enterprise-class networks that carry bandwidth intensive and latency sensitive applications.

Competitive Architecture - Single-processor Core

SonicWall Architecture - UTM Load Balancing

Unified Threat Management Engine:

The SonicWall E-Class NSA UTM engine delivers the first scalable application layer inspection engine that can analyze files and content of any size in real time without reassembling packets or application content. This means of inspection is designed specifically for real-time applications and latency sensitive traffic, delivering complete control and inspection without having to proxy connections. Using this engine design, high-speed network traffic is inspected more efficiently and reliably for an improved end user experience.

Competitive Architecture - Packet Assembly-based Process

SonicWall Architecture - Packet Re-assembly-free Process

Flexible, Customizable Deployment Options:

Central-site Gateway: Deployed as a Central-site Gateway the NSA Series provides a high-speed scalable platform, providing network segmentation and security using VLAN's and security zones. Redundancy features include WAN Load balancing, ISP fail-over and stateful high availability.

Layer 2 Bridge: Mode Layer 2 bridge mode provides inline intrusion detection and prevention, adds an additional level of zone-based security to network segments or business units and simplifies layered security. Additionally, this enables administrators to limit access to sensitive data by specific business unit or database server.

SonicWall NSA Series Central-site Gateway Topology and In-Line UTM Solution Topology

Multi-layer Protection:

Remote Site Protection: The E-Class NSA Series incorporates ultra-high performance Virtual Private Networks (VPNs) that easily scales to thousands of end points and branch offices. Innovative SonicWall Clean VPN™ technology prevents vulnerabilities and malicious code by decontaminating traffic before it enters the corporate network, in real time and without user intervention.

SonicWall E-Class NSA Series Remote Site Protection Topology

Gateway Protection: Easily integrated into existing environments, E-Class NSAs centralize gateway-level protection across all incoming and outgoing applications, files and content-based traffic, while controlling bandwidth and applications, without significantly impacting performance or scalability.

Internal Protection: The highly-configurable E-Class NSA Series extends protection over the internal network by inspecting traffic over LAN interfaces and VLANs. Specifically designed for LAN network threats, the E-Class NSA Series monitors and responds to internally spreading malware, denial of service attacks, exploited software vulnerabilities, confidential documents, policy violations and network misuse.

Desktop and Server Protection: In addition to network and gateway based protection, the E-Class NSA Series provides additional end point protection for workstations and servers through an enforced anti-virus and antispyware client with advanced heuristics. This enforced client solution delivers network access control by restricting Internet access on end points that do not have the latest signature or engine updates. When enforcement is enabled on the appliance, each end point is directed to download the enforced anti-virus and anti-spyware client without any administrator intervention, automating the deployment of end point security.

Centralized Policy Management: The SonicWall Global Management System (GMS) provides flexible, powerful and intuitive tools to centrally manage E-Class NSA configurations across distributed enterprises, view real-time monitoring metrics and integrate policy and compliance reporting.


Dynamic Protection

Dynamic threat protection, content filtering and application intelligence services are continually updated on a 24x7 basis to maximize security and decrease cost. IT productivity is increased by eliminating ad-hoc patch management for servers and workstations, automating the application of new protection signatures and removing the necessity to manually update security policies.