Dell NSA 3600 User Manual

SonicWall Network Security
Appliance (NSA) Series

Industry-validated security effectiveness and performance
for mid-sized networks

The SonicWall Network Security

Appliance (NSA) series provides mid-

sized networks, branch ofces and

distributed enterprises with advanced
threat prevention in a high-performance
security platform. Combining next-

generation rewall technology with

our patented* Reassembly-Free Deep
Packet Inspection (RFDPI) engine on a
multi-core architecture, the NSA series
offers the security, performance and
control organizations require.

Superior threat prevention and
performance

NSA series next-generation rewalls

(NGFWs) integrate a series of advanced
security technologies to deliver a
superior level of threat prevention.
Our patented single-pass RFDPI
threat prevention engine examines
every byte of every packet, inspecting

both inbound and outbound trafc

simultaneously. The NSA series
leverages on-box capabilities including
intrusion prevention, anti-malware

and web/URL ltering in addition to

cloud-based services such as CloudAV
and SonicWall Capture multi-engine
sandboxing to block zero-day threats
at the gateway. Unlike other security

products that cannot inspect large les
for hidden threats, NSA rewalls scan
les of any size across all ports and

protocols. The security architecture in
SonicWall NGFWs has been validated
as one of the industry’s best for security
effectiveness by NSS Labs which
awarded SonicWall its “Recommended”
rating for the fourth consecutive year.

Going beyond intrusion prevention,

anti-malware and web ltering,

SonicWall NGFWs provide a further
level of protection by decrypting and
inspecting SSL/TLS encrypted web

trafc for hidden threats in real time.

With the continued growth of encrypted

web trafc, organizations are effectively

blind to an estimated one-third of their

network trafc. This makes SSL/TLS

decryption and inspection a critical
component of any security solution.

When organizations activate deep
packet inspection functions such as
intrusion prevention, anti-virus, anti­spyware, SSL decryption/inspection

and others on their rewalls network

performance often slows down,
sometimes dramatically. NSA series

rewalls feature a multi-core hardware

architecture that utilizes specialized
security microprocessors. Combined
with our RFDPI engine, this unique
design eliminates the performance
degradation networks experience

with other rewalls.

In today’s security environment it’s not
enough to rely on solely on outside
parties for threat information. That’s why
SonicWall formed its own in-house threat
research team more than 15 years ago.

This dedicated team gathers, analyzes

and vets data from over one million
sensors in its Global Response Intelligent
Defense (GRID) network. SonicWall also
participates in industry collaboration
efforts and engages with threat research
communities to gather and share
samples of attacks and vulnerabilities.

Benets:

Superior threat prevention
and performance

• Patented reassembly-free deep
packet inspection technology

• On-box and cloud-based
threat prevention

• SSL/TLS decryption and inspection

• Industry-validated security
effectiveness

• Multi-core hardware architecture

• Dedicated in-house threat
research team

Network control and exibility

• Powerful SonicOS operating system

• Application intelligence and control

• Network segmentation with VLANs

• Wireless network security

Easy deployment, setup and
ongoing management

• Tightly integrated solution

• Centralized management

• Scalability through multiple
hardware platforms

• Low total cost of ownership

*U.S. Patents 7,310,815; 7,600,257; 7,738,380; 7,835,361; 7,991,723

This shared threat intelligence is used

to develop real-time countermeasures
that are automatically deployed to our

customers’ rewalls.

Network control and exibility

At the core of the NSA series is SonicOS,
SonicWall’s feature-rich operating
system. SonicOS provides organizations

with the network control and exibility

they require through application
intelligence and control, real-time
visualization, an intrusion prevention
system (IPS) featuring sophisticated anti­evasion technology, high-speed virtual
private networking (VPN) and other
robust security features.

Using application intelligence and
control, network administrators can
identify and categorize productive
applications from those that are
unproductive or potentially dangerous,

and control that trafc through powerful

application-level policies on both a per­user and a per-group basis (along with
schedules and exception lists). Business­critical applications can be prioritized
and allocated more bandwidth
while non-essential applications are
bandwidth-limited. Real-time monitoring

and visualization provides a graphical
representation of applications, users and
bandwidth usage for granular insight

into trafc across the network.

For organizations that require advanced

exibility in their network design,

SonicOS offers the tools to securely
segment the network through the use
of virtual LANs (VLANs) which enable
network administrators to create a virtual
LAN interface that allows for network
separation into one or more logical
groups. Administrators create rules that
determine the level of communication
with devices on other VLANs.

Built into every NSA series rewall is a

wireless access controller that enables
organizations to extend the network
perimeter securely through the use of
wireless technology. Together, SonicWall

rewalls and SonicPoint 802.11ac

wireless access points create a wireless
network security solution that combines

industry-leading next-generation rewall

technology with high-speed wireless for
enterprise-class network security and
performance across the wireless network.

Easy deployment, setup and

ongoing management

Like all SonicWall rewalls, the NSA

series tightly integrates key security,

connectivity and exibility technologies

into a single, comprehensive solution.

This includes SonicPoint wireless

access points and the SonicWall WAN
Acceleration Appliance (WXA) series,
both of which are automatically detected
and provisioned by the managing

NSA rewall. Consolidating multiple

capabilities eliminates the need to
purchase and install point products that
don’t always work well together. This
reduces the effort it takes to deploy the

solution into the network and congure

it, saving both time and money.

Ongoing management and monitoring
of network security are handled centrally

through the rewall or through the

SonicWall Global Management System
(GMS), providing network administrators
with a single pane of glass from which
to manage all aspects of the network.

Together, the simplied deployment

and setup along with the ease of
management enable organizations to
lower their total cost of ownership and
realize a high return on investment.

d

e

t

a

c

i

t

s

n

i

o

i

h

s

p

a

o

v

s

e

-

i

h

t

t

i

n

a

w

S

P

I

N

m

a

l

N

e

x

t

-

g

e

2

Patented

single pass

e

t

w

w

o

r

a

r

e

w

n

e

r

a

t

i

RFDPI

engine

k

-

b

a

i

t

c

h

o

n

h

t

S

S

L

a

n

d

d

e

i

n

c

s

r

p

y

p

e

c

t

i

t

o

i

o

n

n

-

i

t

t

s

n

i

a

d

e

s

o

l

e

r

s

s

a

d

u

e

r

p

t

a

n

o

i

t

n

e

v

Network Security Appliance 2600

The SonicWall NSA 2600 is designed to address the

needs of growing small organizations, branch ofces and

school campuses.

Network Security Appliance 3600/4600

The SonicWall NSA 3600/4600 is ideal for branch ofce and

small- to medium-sized corporate environments concerned
about throughput capacity and performance.

Dual
USB ports

Console

8 x 1GbE
ports

1GbE

Expansion
module

management

Dual fans Power

Firewall NSA 2600

Firewall throughput 1.9 Gbp s

IPS throughput 700 Mbps

Anti-malware throughput 400 Mbps

Full DPI throughput 300 Mbps

IMIX throughput 600 Mbps

Maximum DPI connections 125,000

New connections/sec 15,000/sec

Description SKU

NSA 2600 rewall only 01-SSC-3860

NSA 2600 TotalSecure (1-year) 01-SSC-3863

Dual
USB ports

Console

2 x 10GbE
SFP+ por t s

1GbE
management

12 x 1GbE
ports

4 x 1GbE
SFP ports

Expansion bay
for future use

Firewall NSA 3600 NSA 4600

Firewall throughput 3.4 Gbps 6.0 Gbps

IPS throughput 1.1 Gb ps 2.0 Gbps

Anti-malware throughput 600 Mbps 1.1 Gb ps

Full DPI throughput 500 Mbps 800 Mbps

IMIX throughput 900 Mbps 1.6 Gbps

Maximum DPI connections 175,000 200,000

New connections/sec 20,000/sec 40,000/sec

Description SKU

Firewall only 01-SSC-3850 01-SSC-3840

TotalSecure (1-year) 01-SSC-3853 01-SSC-3843

Dual fans Power

3

Network Security Appliance 5600

The SonicWall NSA 5600 is ideal for distributed,

branch ofce and corporate environments needing
signicant throughput.

Network Security Appliance 6600

The SonicWall NSA 6600 is ideal for large distributed and

corporate central site environments requiring high throughput
capacity and performance.

Dual
USB ports

Console

2 x 10GbE
SPF+ ports

1GbE
management

12 x 1GbE
ports

4 x 1GbE

SPF ports

Expansion bay
for future use Power

Firewall throughput 9.0 Gbps

IPS throughput 3.0 Gbps

Anti-malware throughput 1.7 Gbps

Full DPI throughput 1.6 Gb ps

IMIX throughput 2.4 Gbps

Maximum DPI connections 375,000

New connections/sec 60,000/sec

Description SKU

NSA 5600 rewall only 01-SSC-3830

NSA 5600 TotalSecure (1-year) 01-SSC-3833

Dual fans

Firewall NSA 5600

Dual
USB ports

Console

4 x 10GbE
SFP+ por t s

1GbE
management

Expansion bay
for future use

Firewall throughput 12.0 Gbps

IPS throughput 4.5 Gbps

Anti-malware throughput 3.0 Gbps

Full DPI throughput 3.0 Gbps

IMIX throughput 3.5 Gbps

Maximum DPI connections 500,000

New connections/sec 90,000/sec

Description SKU

NSA 6600 rewall only 01-SSC-3820

NSA 6600 TotalSecure (1-year) 01-SSC-3823

Dual hot
swappable fans Power

Firewall NSA 6600

8 x 1GbE
ports

4 x 1GbE
SFP ports

4