SonicWall Gen 8 TZ Series
SonicWall TZ280
Enterprise-grade protection for your small to mid-size business or branch office.
Shop Now
SonicWall TZ380
Enterprise-grade protection for your small to mid-size business or branch office.
Shop Now
SonicWall TZ380 Wireless
Enterprise-grade protection for your small to mid-size business or branch office.
Shop Now
SonicWall TZ480
Enterprise-grade protection for your small to mid-size business or branch office.
Shop Now
SonicWall TZ580
Enterprise-grade protection for your small to mid-size business or branch office.
Shop Now
SonicWall TZ680
Enterprise-grade protection for your small to mid-size business or branch office.
Shop Now
Overview
The SonicWall TZ series of firewalls is designed specifically for the needs of SMBs and branch locations, delivering enterprise-class security without the enterprise-grade complexity. With Zero-Touch Deployment and simplified centralized management, installation and operation is easy. Detect sophisticated threats, including encrypted attacks, with advanced networking and security features, like the multi-engine Capture Advanced Threat Protection (ATP) cloud-based sandbox service with patented Real-Time Deep Memory Inspection (RTDMIâ„¢).
Simply plug in and enjoy the advanced protection of the cost-effective SonicWall TZ series firewall without worrying about complex management — or the next threat.
The Gen 8 TZ Series is highly scalable, with high port density of up to 10 ports. It features both in-built and an expandable storage of up to 512 GB, that enables various features including logging, reporting, caching, firmware backup and more. An optional second power supply provides added redundancy, to ensure continuous protection.
Features
Superior Performance
Prevent malicious threats without compromising performance. Deploy next-generation firewalls designed for small, midsize, and distributed enterprises and leverage industry-leading performance in threat prevention and DPI TLS/SSL (Decryption) to protect your networks
Low Total Cost of Ownership
Make SonicWall TZ firewall the start of enterprise savings. From reduced costs through zero-touch deployment to enabling SD-WAN and delivering threat block rates on par or better than competitors at a fraction of the cost, SonicWall TZ firewalls are security you can’t afford to be without.
Secure SD-WAN Technology
Leave MPLS behind for a more agile, secure, and cost-effective network optimized for today’s broadband-driven, cloud-infused landscape. Eliminate costs on SD-WAN appliances and licenses by leveraging the built-in secure SD-WAN technology in TZ firewalls.
Simplified Centralized Management
Increase efficiencies in deploying and managing distributed firewalls via configuration administration enhancements and bulk deployment capabilities, including auto-sync, multi-tenant commit and deploy, and bulk password change.
Advanced Reporting & Analytics
Increase insights and enhance visibility with reporting templates, real-time reports, customizable reports, schedule report capability, and tenant-based analytics.
Built-in ZTNA Connector
Increase secure access to private applications behind the firewalls using a built-in connector to Cloud Secure Edge, enabling compliance with a Zero-Trust framework.
Benefits
Advanced Threat Prevention with Deep Memory Inspection
- Get lightning-fast performance with security processors optimized for speed
- Gain a deeper level of threat prevention through Real-Time Deep Memory Inspection (RTDMIâ„¢)
- Leverage shared threat intelligence for continuously updated security
- Rely on a wide range of rich features in SonicWall’s powerful SonicOS operating system
Superior Performance
- Leverage multi-core, parallel-processing hardware architecture
- Achieve fast performance using gigabit and multi-gigabit Ethernet interfaces
- Take advantage of single-pass, stream-based inspection
- Inspect simultaneous network streams using deep packet inspection
Network Control and Flexibility
- Get your firewall up and running quickly with Zero-Touch Deployment
- Grow your distributed network while lowering costs with Secure SD-WAN
- Power your PoE-enabled devices with integrated PoE/PoE+ support
- Gain insight into and control over application usage across the network
Secure, Easy-to-Use Mobile Connectivity
- Access resources behind the firewall remotely and securely using native 802.11ac wireless SSL-VPN
- Connect from virtually any operating system
- Detect and remove hidden threats over the VPN connection
Compare Models
| Specifications | TZ280 SERIES | TZ380 SERIES | TZ480 SERIES | TZ580 SERIES | TZ680 SERIES |
|---|---|---|---|---|---|
| Interfaces | 8 * 1GbE Cu, 2*1G SFP, 1 console (Micro-USB), 1 USB (type-C) | 8 * 1GbE Cu, 2*5G/2.5G/1G SFP+, 1 console (Micro-USB), 1 USB (type-C) | 8 * 1GbE Cu, 2*5G/2.5G/1G SFP+, 1 console (MicroUSB), 1 USB (type-C) | 8 * 1GbE Cu, 2*5G/2.5G/1G SFP+, 1 console (Micro-USB), 1 USB (type-C) | 8 * 1GbE Cu, 2*10G SFP, 1 console (Micro-USB), 1 USB (type-C) |
| Wireless Support | 2x2 802.11ax (TZ280W) | 2x2 802.11ax (TZ380W) | N/A | N/A | N/A |
| Power over Ethernet (PoE) | 4 PoE+ (TZ 280P) | N/A | N/A | N/A | N/A |
| Storage /(expansion) | N/A | (Optional: Up to 512 GB) | (Optional: Up to 512 GB) | (Optional: Up to 512 GB) | (Optional: Up to 512 GB) |
| Centralized Management | Network Security Manager (NSM) 3.0 and above, CLI, SSH, Web UI, REST APIs | Network Security Manager (NSM) 3.0 and above, CLI, SSH, Web UI, REST APIs | Network Security Manager (NSM) 3.0 and above, CLI, SSH, Web UI, REST APIs | Network Security Manager (NSM) 3.0 and above, CLI, SSH, Web UI, REST APIs | Network Security Manager (NSM) 3.0 and above, CLI, SSH, Web UI, REST APIs |
| Logical VLAN and tunnel interfaces (maximum) | 64 | 128 | 128 | 256 | 256 |
| SAML Single Sign-On (SSO) Users1 | 1,000 | 1,000 | 2,500 | 2,500 | 2,500 |
| Access points supported (maximum) | 16 | 16 | 32 | 32 | 32 |
| Western NRG TLS/SSL inspection and decryption throughput9 | 75 Mbps | 150 Mbps | 250 Mbps | 300 Mbps | 400 Mbps |
| Western NRG threat prevention throughput9 | 500 Mbps | 1.2 Gbps | 1.35 Gbps | 1.1 Gbps | 1.5 Gbps |
| Firewall inspection throughput2 | 2.5 Gbps | 3.5 Gbps | 4 Gbps | 4.5 Gbps | 5 Gbps |
| Threat prevention throughput3 | 1 Gbps | 1.5 Gbps | 2 Gbps | 2.2 Gbps | 2.5 Gbps |
| Application inspection throughput3 | 1.5 Gbps | 2 Gbps | 2.2 Gbps | 2.5 Gbps | 3 Gbps |
| IPS throughput3 | 1.5 Gbps | 2 Gbps | 2.2 Gbps | 2.5 Gbps | 3 Gbps |
| Anti-malware inspection throughput3 | 1 Gbps | 2 Gbps | 2.1 Gbps | 2.3 Gbps | 2.5 Gbps |
| TLS/SSL inspection and decryption throughput3 | 430 Mbps | 600 Mbps | 650 Mbps | 750 Mbps | 800 Mbps |
| IPSEC VPN throughput4 | 1.2 Gbps | 1.6 Gbps | 2 Gbps | 2.2 Gbps | 2.5 Gbps |
| Connections per second | 12,000 | 15,000 | 18,000 | 20,000 | 26,000 |
| Maximum connections (SPI) | 1,000,000 | 1,100,000 | 1,200,000 | 1,400,000 | 1,600,000 |
| Maximum connections (DPI) | 200,000 | 250,000 | 350,000 | 500,000 | 600,000 |
| Maximum connections (TLS) | 35,000 | 250,000 | 350,000 | 500,000 | 600,000 |
| Site-to-site VPN tunnels | 200 | 200 | 200 | 250 | 250 |
| IPSec VPN clients (maximum) | 5 (200) | 5 (200) | 5 (200) | 10 (500) | 10 (500) |
| SSL-VPN licenses (maximum) | 1 (50) | 2 (100) | 2 (150) | 2 (200) | 2 (250) |
| Encryption/authentication | AES (128, 192, 256-bit)/MD5, SHA-256, SHA-384, Suite B Cryptography | AES (128, 192, 256-bit)/MD5, SHA-256, SHA-384, Suite B Cryptography | AES (128, 192, 256-bit)/MD5, SHA-256, SHA-384, Suite B Cryptography | AES (128, 192, 256-bit)/MD5, SHA-256, SHA-384, Suite B Cryptography | AES (128, 192, 256-bit)/MD5, SHA-256, SHA-384, Suite B Cryptography |
| Key exchange | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v |
| Route-based VPN | RIP, OSPF, BGP | RIP, OSPF, BGP | RIP, OSPF, BGP | RIP, OSPF, BGP | RIP, OSPF, BGP |
| Deep Packet inspection services | Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, TLS Decryption | Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, TLS Decryption | Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, TLS Decryption | Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, TLS Decryption | Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, TLS Decryption |
| Content Filtering Service (CFS) | Reputation-based URL filtering, HTTP URL, HTTPS IP, keyword and content scanning, Comprehensive filtering based on file types such as ActiveX, Java, Cookies for privacy, allow/forbid lists | Reputation-based URL filtering, HTTP URL, HTTPS IP, keyword and content scanning, Comprehensive filtering based on file types such as ActiveX, Java, Cookies for privacy, allow/forbid lists | Reputation-based URL filtering, HTTP URL, HTTPS IP, keyword and content scanning, Comprehensive filtering based on file types such as ActiveX, Java, Cookies for privacy, allow/forbid lists | Reputation-based URL filtering, HTTP URL, HTTPS IP, keyword and content scanning, Comprehensive filtering based on file types such as ActiveX, Java, Cookies for privacy, allow/forbid lists | Reputation-based URL filtering, HTTP URL, HTTPS IP, keyword and content scanning, Comprehensive filtering based on file types such as ActiveX, Java, Cookies for privacy, allow/forbid lists |
| High availability | Active/Standby with stateful synchronization | Active/Standby with stateful synchronization | Active/Standby with stateful synchronization | Active/Standby with stateful synchronization | Active/Standby with stateful synchronization |
| Redundant power supply | N/A | 1 (Optional) | 1 (Optional) | 1 (Optional) | 1 (Optional) |
Notes:
- SAML Single Sign-On is available with the upcoming SonicOS 8.1, releasing soon. Supporting models include: TZ 80, TZ 280, TZ 380, TZ 380W, TZ 480, TZ580, TZ 680, NSa 2800, NSa 3800, NSa 4800, and NSa 5800.
- Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services.
- Threat Prevention/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Keysight HTTP performance test tools. Testing throughput measured with Gateway AV, Anti-Spyware, IPS and Application Control enabled.
- VPN throughput measured with UDP traffic using 1418 byte packet size AESGMAC16-256 Encryption adhering to RFC 2544. All specifications, features, and availabilities are subject to change.
- Throughput numbers based upon real-world examples / what you can expect for the average network.