Organizations of all sizes depend on their networks to access internal and external mission-critical applications. As advances in networking continue to provide tremendous benefits, organizations are increasingly challenged by sophisticated and financially-motivated attacks designed to disrupt communication, degrade performance and compromise data. Malicious attacks penetrate outdated stateful packet inspection firewalls with advanced application layer exploits. Point products add layers of security, but are costly, difficult to manage, limited in controlling network misuse and ineffective against the latest multipronged attacks.
By utilizing a unique multi-core design and patented Reassembly-Free Deep Packet Inspection® (RFDPI) technology, the SonicWall™ Network Security Appliance (NSA) Series of Next-Generation Firewalls offers complete protection without compromising network performance. The low latency NSA Series overcomes the limitations of existing security solutions by scanning the entirety of each packet for current internal and external threats in real-time. The NSA Series offers intrusion prevention, malware protection, and application intelligence, control and visualization, while delivering breakthrough performance. With advanced routing, stateful high-availability and high-speed IPSec and SSL VPN technology, the NSA Series adds security, reliability, functionality and productivity to branch offices, central sites and distributed mid-enterprise networks, while minimizing cost and complexity.
Comprised of the SonicWall NSA 220, NSA 220 Wireless-N, NSA 250M, NSA 250M Wireless-N, NSA 2400, NSA 3500 and NSA 4500, the NSA Series offers a scalable range of solutions designed to meet the network security needs of any organization.
Features and benefits
Next-Generation Firewall features integrate intrusion prevention, gateway anti-virus, anti-spyware and URL filtering with application intelligence and control, and SSL decryption to block threats from entering the network and provide granular application control without compromising performance. Scalable multi-core hardware and Reassembly-Free Deep Packet Inspection scans and eliminates threats of unlimited file sizes, with near-zero latency across thousands of connections at wire speed.
Scalable multi-core hardware and Reassembly-Free Deep Packet Inspection scans and eliminates threats of unlimited file sizes, with near-zero latency across thousands of connections at wire speed.
Application intelligence, control and visualization provides granular control and real-time visualization of applications to guarantee bandwidth prioritization and ensure maximum network security and productivity.
Stateful high availability and load balancing features maximize total network bandwidth and maintain seamless network uptime, delivering uninterrupted access to mission-critical resources, and ensuring that VPN tunnels and other network traffic will not be interrupted in the event of a failover.
High performance and lowered tco are achieved by using the processing power of multiple cores in unison to dramatically increase throughput and provide simultaneous inspection capabilities, while lowering power consumption.
Note:
SonicOS version
SonicOS 5.8.1.1
Stateful throughput: 750 Mbps
GAV performance: 140 Mbps
IPS performance: 250 Mbps
Full DPI performance: 130 Mbps
IMIX performance: 210 Mbps
Maximum connections: 110,000
Maximum DPI connections: 64,000
New connections/sec: 3,000
Nodes supported: Unrestricted
Denial of Service attack prevention: 22 classes of DoS, DDoS and scanning attacks
SonicPoints supported (maximum):24
VPN3DES/AES throughput: 200 Mbps
Site-to-site VPN tunnels: 50
Bundled Global VPN Client licenses (maximum):2 (25)Bundled SSL VPN licenses (maximum): 2 (15)
Secure Virtual Assist bundled (maximum): 1 30-day trial (5)
Encryption/authentication/DH group: DES, 3DES, AES (128, 192, 256-bit), MD5, SHA-1, SHA-2/DH Groups 1, 2, 5, 14
Key exchange: Key Exchange IKE, IKEv2, Manual Key, PKI (X.509), L2TP over IPSec
Route-based VPN: Yes (OSPzF, RIP)
Certificate support: Verisign, Thawte, Cybertrust, RSA Keon, Entrust, and Microsoft CA for Dell SonicWALL-to-Dell SonicWALL VPN, SCEP
Dead peer detection: Yes
DHCP over VPN: Yes
IPSec NAT Traversal: Yes
Redundant VPN gateway: Yes
Global VPN client platforms supported: Microsoft® Windows 2000, Windows XP, Microsoft® Vista 32/64-bit, Windows 7 32/64-bit
SSL VPN platforms supported: Microsoft® Windows 2000 / XP / Vista 32/64-bit / Windows 7, Mac 10.4+, Linux FC 3+ / Ubuntu 7+ / OpenSUSE
Mobile Connect platforms supported: iOS 4.2 and higher, Android™ 4.0 and higher
Security services
Deep Packet Inspection Service: Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention and Application Intelligence and Control
Content Filtering Service: (CFS) HTTP URL,HTTPS IP, keyword and content scanning ActiveX, Java Applet, and cookie blocking bandwidth management on filtering categories, allow/forbid lists
Gateway-enforced Client Anti-Virus and Anti-Spyware: McAfee®
Comprehensive Anti-Spam Service: Supported
Application Intelligence and Control: Application bandwidth management and control, prioritize or block application by signatures, control file transfers, scan for key words or phrases
DPI SSL: Provides the ability to decrypt HTTPS traffic transparently, scan this traffic for threats using Dell SonicWALL’s Deep Packet Inspection technology (GAV/AS/IPS/Application Intelligence/CFS), then re-encrypt the traffic and send it to its destination if no threats or vulnerabilities are found. This feature works for both clients and servers.