SonicWall Gen 8 NSa Series
SonicWall NSa 2800
Unrivaled threat prevention in a high-performance security platform.
Shop Now
SonicWall NSa 3800
Unrivaled threat prevention in a high-performance security platform.
Shop Now
SonicWall NSa 4800
Unrivaled threat prevention in a high-performance security platform.
Shop Now
SonicWall NSa 5800
Unrivaled threat prevention in a high-performance security platform.
Shop Now
Overview
SonicWall's latest mid-range next-gen firewalls, Network Security Appliance (NSa) Series, offers medium and large enterprises industry-leading threat prevention performance at the lowest total cost of ownership in their class. The firewalls are the cornerstones of the threat protection solution that includes simplified centralized firewall management, Zero Trust enablement, flexible licensing with an option of managed firewall services, and an embedded cyber warranty for risk mitigation.
The Gen 8 firewalls deliver comprehensive security features such as intrusion prevention, VPN, application control, malware analysis, URL filtering, DNS Security, GeoIP and Botnet services, protecting the perimeter from advanced threats without becoming a bottleneck.
Features
Superior Performance
Prevent malicious threats without compromising performance. Deploy next-generation firewalls designed for small, midsize, and distributed enterprises and leverage industry-leading performance in threat prevention and DPI TLS/SSL (Decryption) to protect your networks
Low Total Cost of Ownership
Make SonicWall NSa firewall the start of enterprise savings. From reduced costs through zero-touch deployment to enabling SD-WAN and delivering threat block rates on par or better than competitors at a fraction of the cost, SonicWall TZ firewalls are security you can’t afford to be without.
Secure SD-WAN Technology
Leave MPLS behind for a more agile, secure, and cost-effective network optimized for today’s broadband-driven, cloud-infused landscape. Eliminate costs on SD-WAN appliances and licenses by leveraging the built-in secure SD-WAN technology in NSa firewalls.
Simplified Centralized Management
Increase efficiencies in deploying and managing distributed firewalls via configuration administration enhancements and bulk deployment capabilities, including auto-sync, multi-tenant commit and deploy, and bulk password change.
Advanced Reporting & Analytics
Increase insights and enhance visibility with reporting templates, real-time reports, customizable reports, schedule report capability, and tenant-based analytics.
Built-in ZTNA Connector
Increase secure access to private applications behind the firewalls using a built-in connector to Cloud Secure Edge, enabling compliance with a Zero-Trust framework.
Benefits
Advanced Threat Prevention with Deep Memory Inspection
- Get lightning-fast performance with security processors optimized for speed
- Gain a deeper level of threat prevention through Real-Time Deep Memory Inspection (RTDMIâ„¢)
- Leverage shared threat intelligence for continuously updated security
- Rely on a wide range of rich features in SonicWall’s powerful SonicOS operating system
Superior Performance
- Leverage multi-core, parallel-processing hardware architecture
- Achieve fast performance using gigabit and multi-gigabit Ethernet interfaces
- Take advantage of single-pass, stream-based inspection
- Inspect simultaneous network streams using deep packet inspection
Network Control and Flexibility
- Get your firewall up and running quickly with Zero-Touch Deployment
- Grow your distributed network while lowering costs with Secure SD-WAN
- Gain insight into and control over application usage across the network
Secure, Easy-to-Use Mobile Connectivity
- Connect from virtually any operating system
- Detect and remove hidden threats over the VPN connection
Compare Models
| Specifications | NSa 2800 | NSa 3800 | NSa 4800 | NSa 5800 |
|---|---|---|---|---|
| Interfaces | 16x 1GbE,3x 10/5/2.5/1G SFP/SFP+,2x USB (type-A),1 Console,1 Mgmt. port | 24x 1GbE,10x 10/5/2.5/1G SFP/SFP+,2x USB (type-A),1 Console,1 Mgmt. port | 24x 1GbE,8x 10/5/2.5/1G SFP/SFP+,2x USB (type-A),1 Console,1 Mgmt. port | 24x 1GbE,8x 10/5/2.5/1G SFP/SFP+,2x USB (type-A),1 Console,1 Mgmt. port |
| Storage /(expansion) | 128 GB (Up to 512 GB) | 256 GB (Up to 512 GB) | 256 GB (Up to 1 TB) | 256 GB (Up to 1 TB) |
| Centralized Management | Network Security Manager (NSM) 3.0 and above, CLI, SSH, Web UI, REST APIs | Network Security Manager (NSM) 3.0 and above, CLI, SSH, Web UI, REST APIs | Network Security Manager (NSM) 3.0 and above, CLI, SSH, Web UI, REST APIs | Network Security Manager (NSM) 3.0 and above, CLI, SSH, Web UI, REST APIs |
| Logical VLAN and tunnel interfaces (maximum) | 256 | 256 | 512 | 512 |
| SAML Single Sign-On (SSO) Users1 | 40,000 | 40,000 | 50,000 | 50,000 |
| Access points supported (maximum) | 512 | 512 | 512 | 512 |
| Western NRG TLS/SSL inspection and decryption throughput5 | 900 Mbps | 1.5 Gbps | 2 Gbps | 3.5 Gbps |
| Western NRG threat prevention throughput5 | 2 Gbps | 2.6 Gbps | 4.3 Gbps | 8 Gbps |
| Firewall inspection throughput2 | 8 Gbps | 12 Gbps | 20 Gbps | 30 Gbps |
| Threat prevention throughput3 | 6 Gbps | 8 Gbps | 13 Gbps | 24 Gbps |
| Application inspection throughput3 | 7 Gbps | 9 Gbps | 13 Gbps | 24 Gbps |
| IPS throughput3 | 7 Gbps | 8 Gbps | 13 Gbps | 24 Gbps |
| Anti-malware inspection throughput3 | 6 Gbps | 8 Gbps | 13 Gbps | 24 Gbps |
| TLS/SSL inspection and decryption throughput3 | 1.8 Gbps | 3 Gbps | 4.2 Gbps | 8 Gbps |
| IPSEC VPN throughput4 | 5.5 Gbps | 8 Gbps | 11 Gbps | 21 Gbps |
| Connections per second | 50,000 | 90,000 | 140,000 | 240,000 |
| Maximum connections (SPI) | 2,000,000 | 3,000,000 | 6,000,000 | 8,000,000 |
| Maximum connections (DPI) | 1,000,000 | 1,200,000 | 3,000,000 | 5,000,000 |
| Maximum connections (TLS) | 150,000 | 300,000 | 600,000 | 750,000 |
| Site-to-site VPN tunnels | 2,000 | 3,000 | 4,000 | 6,000 |
| IPSec VPN clients (maximum) | 50 (1,000) | 50 (1,000) | 500 (3,000) | 2,000 (4,000) |
| SSL-VPN licenses (maximum) | 2 (500) | 2 (500) | 2 (1,000) | 2 (1,500) |
| Encryption/authentication | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B Cryptography | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B Cryptography | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B Cryptography | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B Cryptography |
| Key exchange | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v |
| Route-based VPN | RIP, OSPF, BGP | RIP, OSPF, BGP | RIP, OSPF, BGP | RIP, OSPF, BGP |
| Deep Packet inspection services | Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, TLS Decryption | Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, TLS Decryption | Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, TLS Decryption | Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, TLS Decryption |
| Content Filtering Service (CFS) | Reputation-based URL filtering, HTTP URL, HTTPS IP, keyword and content scanning, Comprehensive filtering based on file types such as ActiveX, Java, Cookies for privacy, allow/forbid lists | Reputation-based URL filtering, HTTP URL, HTTPS IP, keyword and content scanning, Comprehensive filtering based on file types such as ActiveX, Java, Cookies for privacy, allow/forbid lists | Reputation-based URL filtering, HTTP URL, HTTPS IP, keyword and content scanning, Comprehensive filtering based on file types such as ActiveX, Java, Cookies for privacy, allow/forbid lists | Reputation-based URL filtering, HTTP URL, HTTPS IP, keyword and content scanning, Comprehensive filtering based on file types such as ActiveX, Java, Cookies for privacy, allow/forbid lists |
| High availability | Active/Passive with stateful synchronization | Active/Passive with stateful synchronization | Active/Passive with stateful synchronization | Active/Passive with stateful synchronization |
Notes:
- SAML Single Sign-On is available on SonicOS 8.1 and above.
- Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services.
- Threat Prevention/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Keysight HTTP performance test tools. Testing throughput measured with Gateway AV, Anti-Spyware, IPS and Application Control enabled.
- VPN throughput measured with UDP traffic using 1418 byte packet size AESGMAC16-256 Encryption adhering to RFC 2544. All specifications, features and availability are subject to change.
- Throughput numbers based upon real-world examples / what you can expect for the average network.