Latest News
Latest blogs and updates from SonicWall-Sales.com
SonicWall Support
SonicWall Support
Technical support is available to customers who have purchased SonicWall products with a valid maintenance contract.
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year.
The Support Portal enables you to:
- View knowledge base articles and technical documentation
- View and participate in the Community Forum discussions
- View video tutorials
- Access MySonicWall
- Learn about SonicWall professional services
- Review SonicWall Support services and warranty information
- Register at SonicWall University for training and certification
Important Security Notification
SonicWall’s Product Security Incident Response Team (PSIRT) team has identified and confirmed a critical vulnerability in certain older versions of its firewall firmware, and we want to ensure that you are aware and prepared to mitigate any potential risks. We have released a new firmware update that includes important security fixes.
KB Article: https://www.sonicwall.com/support/knowledge-base/p...
As part of SonicWall’s commitment to be fully transparent this is a communication notifying impacted customers that there is evidence of active exploitation of the vulnerability. SonicWall strongly advises SonicWall SOHO (Gen 5), Gen 6 and Gen 7 devices running SonicOS 7.0.1-5035 and previous versions to ensure that all access controls are correctly configured according to SonicWall's best practices. To minimize potential impact please restrict firewall management access to trusted sources or disable firewall WAN management access from Internet sources, then apply the patch as soon as possible. If you have any further questions on restricting/disabling WAN management access or require additional information, please contact your Authorized SonicWall Partner or SonicWall Technical Support.
More information on how to
do this can be found here: https://www.sonicwall.com/support/knowledge-base/h....
Gen | Impacted Models | Impacted Version | Latest Version (as of 23/08/24) |
Gen5 | SOHO | SonicOS 5.9.2.14-2o and earlier versions
|
5.9.2.14-13O |
Gen 6/6.5 | SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W | SonicOS 6.5.4.14-109n and earlier versions | 6.5.4.15-116n |
Gen 7 | TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700, NSv 270, NSv 470, NSv 870 | SonicOS 7.0.1-5035 and earlier versions | 7.0.1-5161 7.1.1-7058 7.1.2-7019 |
SonicWall Next-Generation Firewall Buyer’s Guide
Evolution of the Firewall
Cybercrime has undergone a radical transformation in the past two decades, and fortunately, firewalls have evolved in tandem. Modern next-generation firewalls come equipped with a diverse range of advanced security controls, deliver significantly enhanced performance, and offer a wide array of form factors. How do the latest generation of firewalls stack up against their predecessors? Let’s examine:
Access Control Lists (ACLs) or Stateless Firewall
Network ACLs have existed for a long time. They are used to filter network traffic. With ACLs, traffic can be allowed or denied in both inbound and outbound directions. Network ACLs are typically configured in routers, switches or servers using layer 2 to layer 4 rules based on IP addresses, MAC addresses and ports.
ACLs inspect individual packets but do not inspect flows or maintain state of the flow.
Stateful Firewall
Stateful firewall is different from ACLs or stateless firewall, mainly because they can inspect network connections all the way from layer 2 to layer 7. Stateful firewalls maintain the context of a given connection. This means packets are matched to connections they belong to, offering additional security to prevent hacking techniques like spoofing. Some stateful firewalls can also perform deep packet inspection and can be installed on dedicated hardware.
Zone-Based Firewall (ZBF)
A zone-based firewall is like stateful firewall, except it is configured using more advanced networking concepts. Instead of assigning rules based on connection and interfaces, an administrator would create zones and assign multiple interfaces to those zones. Some of the common zones used are LAN (private or trusted), WAN (public or untrusted) and DMZ (demilitarized zone). Multiple zones can have rules to fully inspect, allow or deny connections.
Unified Threat Management (UTM)
UTM firewalls were originally designed to consolidate multiple stand-alone security controls into a single appliance. Security controls (such as firewall, intrusion prevention, URL filtering and antivirus) are combined into a single operating system and management console. This solution is ideal for small and medium-sized businesses (SMBs) that do not have a big security budget or do not have high performance and scalability requirements.
Next-Generation Firewall (NGFW)
The concept of an NGFW was first defined by Gartner, publisher of the Magic Quadrant for Network Firewalls. NGFWs have the option to add all the security controls that are available in UTMs, as well as advanced controls such as VPN, user control, application control and sandboxing. Apart from advanced security controls, NGFWs are designed to support the high performance and scalability needs of large enterprises. The rest of this document will focus on NGFWs and different factors that enterprises should consider in their buying decision.
Essential NGFW Capabilities
Zone-Based Firewall (ZBF)
ZBFs offer stateful inspection with advanced network security features for large enterprise network infrastructure. A ZBF or stateful firewall is the foundation for any NGFW and a basic requirement to support other features. Choose ZBFs over stateful firewalls for enterprises with large networks, as it is easier to configure and define policies with ZBFs.
Virtual Private Network (VPN)
Distributed enterprises typically have remote branch offices that need secure access to the corporate network. The expansion in work-from-home (WFH) policies has also resulted in an unprecedented rate of employees working remotely. VPNs provide robust, secure access to corporate networks and resources, so it is essential to consider a VPN as part of your NGFW.
It is important to make sure the NGFW provides a comprehensive VPN solution with site-to-site and remote-access encryption. It should include advanced features such as route-based VPN and easy VPN with dynamic routing. A VPN is also important in case you are considering an SD-WAN solution.
VPN configuration should be simple. It needs to be managed from within the NGFW user interface with configuration wizards that provide step-by-step guidance in setting up the VPN tunnels. Enterprises should consider a VPN concentrator at the edge to manage both IPsec and SSL VPN connections.
Intrusion Prevention System
Intrusion Detection and (or) Prevention System (IDS/IPS) was originally developed as a stand-alone solution, which later became part of the NGFW stack. IPS within the NGFW provides an additional layer of needed security by stopping attacks that exploit vulnerabilities. The intrusion detection is done using signatures for known exploits, and is based on anomaly detection.
An IPS within the NGFW can be deployed in detection mode (alert only) or in prevention mode (alert and block). There is no performance penalty for detection mode compared to prevention mode. Initially configure the IPS in detection mode before moving to prevention mode to understand exploits, explore false positives and perform incident responses. An important aspect to look for in an IPS is the threat intelligence feed that keeps the signature database up to date in the NGFW.
Application Control
NGFWs came into fruition with the addition of application control, IPS and URL filtering, forming a single enterprise-class platform. Application Control allows enterprises to define firewall policies based on applications (e.g., Facebook, YouTube, Salesforce) and micro-applications (e.g., chat and IMs). Application Control gives granular control over network traffic based on user identity and email addresses while providing application-layer access control to regulate web browsing, file transfer, email exchange and email attachments. Look at the type of applications that are included in an NGFW database to make sure all the applications that are in use within the enterprise are supported.
Web Control (URL Filtering)
Web Control compares requested websites against a massive database containing millions of rated URLs, IP addresses and domains. It enables administrators to create and apply policies that allow or deny access to websites based on individual or group identity, or by time of day, using pre-defined categories. It also dynamically caches website ratings locally onto the NGFW for instantaneous response times. An NGFW should be able to do URL filtering based on business point of view (block based on category – business) as well as based on security (block based on reputation – security).
Consider NGFWs with threat intelligence feeds that are supported by a world-class research team for IPS, Application Control and Web Control to make sure your NGFW stops the latest threats.
Selecting Advanced NGFW Features
Network and Cloud Sandboxing
For effective zero-day threat protection, enterprises need NGFWs that include malware-analysis technologies and can detect evasive advanced threats. Sandboxing technology scans traffic and extracts suspicious code for analysis, but unlike other NGFW security controls, it also analyzes a broad range of file types and sizes in real time. This enables enterprises to stop zero-day and evasive threats that can slip through other security controls within an NGFW.
Enterprises need to consider solutions that offer both onpremises and cloud-delivered sandboxing based on their performance and privacy needs. This technology should be augmented with global threat intelligence infrastructure that rapidly deploys remediation signatures for newly identified threats to all NGFWs in the enterprise, thus preventing further infiltration.
Enterprises should consider sandboxing technology that examines every byte until the last byte before delivering a final verdict to allow or block. This avoids any false positives or negatives and ensures that highly elusive zero-day threats are blocked.
Multi-instance firewall
Multi-instance is a modern next-generation approach to legacy multi-tenancy that supports multiple firewalls with separate configuration on a single appliance. With this approach, each firewall instance is isolated with dedicated compute resources to avoid resource starvation.
This allows enterprises to use containerized architecture. Enterprises can run multiple independent firewall instances, software versions and configurations on the same hardware without managing different physical appliances.
Dedicated Threat Intelligence
As mentioned earlier, most of the security controls in an NGFW should be augmented by threat intelligence to keep them up-to-date on the latest threats and signatures, among other things. Threat intelligence feeds should be supported by a research team that gathers, analyzes and vets information round the clock and across the globe. Look for vendors with a dedicated team of cybersecurity professionals, advanced machine learning algorithms and security sensors that are spread around the globe to deliver up-to-date threat feeds that automatically block threats in nanoseconds. While looking into threat intelligence in NGFWs, it is important to consider DNS security that protects enterprises against malicious domains.
Networking Requirements
An enterprise-grade platform and operating system are at the core of any physical or virtual NGFW. There are many networking features within the operating system that make a big difference in evaluating and choosing your next NGFW. The following are a few that should be considered in enterprise deployments.
SD-WAN Security
SD-WAN technology allows organizations and enterprises with branch locations to build highly available and higherperformance WANs. By using low-cost internet access (broadband, 4G/5G/LTE, fiber), organizations can costeffectively replace expensive WAN connection technologies such as MPLS with SD-WAN. SD-WAN Security enables distributed enterprises to build high-performing networks across remote sites to protect against cyberattacks.
High Availability/Clustering
NGFWs should support Active/Passive with state synchronization in High Availability mode and Active/Active in clustering mode. It should also support the ability to offload the deep packet inspection load to passive appliance and to boost throughput.
Encrypted Traffic Inspection
This decrypts and inspects TLS/SSL encrypted traffic on the fly, without proxying. It also applies control policies to protect against threats hidden inside encrypted traffic. Enterprises should make sure that the NGFW supports the latest version of encryption protocols, such as TLS 1.3.
Management
Enterprise-wide management of NGFWs is one of the most important considerations. This involves the configuration of NGFWs and usability for day-to-day operations from a single-pane-of-glass console. This console needs to be able to manage most, if not all, security controls across multiple NGFWs deployed on-premises and in the cloud from a central location. Some of the important features that need to be considered are:
Unified Policy: This should provision layer 3 to layer 7 controls in a single rule base on every NGFW, providing admins with a centralized location for configuring policies.
Monitoring: Look for real-time monitoring, reporting and analytics to help troubleshoot, investigate risks and guide smart security policy decisions and actions.
Cloud and on-prem: Configuration and management of NGFWs should be available via the cloud or through an onpremises management system.
Scalability: It should scale to any size organization, managing networks with up to thousands of firewall devices deployed across many locations.
Console: Enterprises should look for an NGFW that uses a single pane of glass to manage all security functions, such as IPS, URL filtering and others, from a single location.
Technology Integration
It is important to consider the type of technology integrations that the NGFW supports. This allows enterprises to protect their existing investments. Some of the technology integrations to consider are:
SIEM: Integration with security incident and event management enables rigorous investigation of cybersecurity threats and examination of anomalous data.
IaaS: It should integrate with all major IaaS providers to support multi-cloud deployments across AWS, Azure or GCP.
Automation: It should enable business process automation through synchronized catalogs, inventories, agreements and tickets.
Zero Trust Network Access (ZTNA): This augments the VPN to provide access to only sanctioned assets and networks while VPN provides layer 3 access.
NGFW Deployments
The three main deployments of NGFWs are based on the environment: physical, virtual and cloud.
Physical: Enterprises should consider physical appliances for on-premises deployments that require high performance and connectivity. Physical appliances can offer more than 100 Gbps throughput and 100 GbE connectivity. Appliances come in various form factors and performance levels for different deployment needs from data centers to remote offices.
Virtual: NGFWs can also be deployed in virtual environments. They can be managed using the same system that is used to manage physical appliances. There are a variety of virtual environments to consider when choosing a virtual appliance. It is important to make sure that your environment is supported.
Cloud: Many companies are moving their data centers and applications to the cloud. NGFWs have evolved to support a variety of private and public clouds, including AWS, Azure, GCP and VMWare. Even if your organization has not yet embraced the cloud, it is important to select a vendor that supports all the major public clouds.
Price-Performance Ratio and Support
Price-Performance Ratio
Apart from security features, price and performance should also be considered. Every vendor has different models that vary widely in performance, and each one has different price points and pricing models. For example, physical appliances may have a one-time big purchase price with a few minor yearly subscriptions, while most cloud firewalls are priced based on a yearly subscription.
Before getting into price/performance analysis, it is important to know the projected three-year or five-year total cost of ownership (TCO). Most vendors do not have an all-inclusive price; they will charge separately for appliance, licenses for different security controls and support. It is important to consider the cost of High Availability pairs and clustering in calculating TCO.
After determining the TCO, you can perform a price/ performance analysis across different vendors. Let us say the three-year TCO came to $250,000 and the NGFW throughput is 100 Gbps. In that instance, the price/performance ratio would be $250,000/100, or $2,500 per Gbps.
Support
Buying an NGFW is a significant and technically complex investment. You should not just look for basic support - you should choose a vendor that has excellent support ratings. Vendors provide many different support options, including simple phone support, on-site support and professional services. Enterprises can use professional services to help deploy, configure, tune and maintain their NGFWs to simplify operations. Support options also include availability by the number of days in a week and hours in a day, such as the examples shown below:
• Monday to Friday – 8 a.m. to 5 p.m. local time
• 24 hours and seven days a week (24/7)
• 24/7 with on-site support from a security professional
• 24/7 with continuous professional services support
NGFW Feature Comparison of Top Five Vendors
SonicWall | Cisco | Palo Alto | Fortinet | Check Point | |
Standard Security | |||||
Zone-based FW | Yes | Yes | Yes | Optional | Optional |
IPSec VPN | Yes | Yes | Yes | Yes | Yes |
Route-based VPN | Yes | Yes | Yes | Yes | Yes |
IPS | Yes | Yes | Yes | Yes | Yes |
App Control | Yes | Yes | Yes | Yes | Yes |
URL Filter | Yes | Yes | Yes | Yes | Yes |
Advanced Security | |||||
Sandboxing | Yes | Yes | Yes | Yes | Yes |
True Multi-tenancy | Yes, Multi-instance |
No, Virtual Systems |
No, Virtual Systems |
No, Virtual Systems |
No, Virtual Systems |
Inspect Encrypted | Yes | Yes | Yes | Yes | Yes |
Threat Intel | Yes | Yes | Yes | Yes | Yes |
Remote Access | |||||
VPN Client | IPSec & SSL VPN | IPSec & SSL VPN | IPSec & SSL VPN | IPSec & SSL VPN | IPSec & SSL VPN |
Mobile Client | Yes | Yes | Yes | Yes | Yes |
ZTNA | Separate | Separate | Separate | Separate | Separate |
Cloud and E-Mail | |||||
Cloud App Security | Yes | Yes | Yes | Yes | Yes |
E-Mail Protection | Yes | Yes | On Firewall | Yes | On Firewall |
Networking | |||||
HA/Clustering | Yes | Yes | Yes | Yes | Yes |
SD-WAN | Yes | Yes | Yes | Yes | Separate |
Switch management | Yes | Separate | No | Yes | No |
Wireless | Yes | Separate | No | Yes | No |
Management | |||||
Unified Policy | Yes | Yes | Yes | Yes | Yes |
Central Manager | Cloud & on-prem | Cloud & on-prem | Cloud & on-prem | Cloud & on-prem | Cloud & on-prem |
Single-pane-of-glass | Yes | Yes | Yes | Yes | Yes |
Conclusion and Next Steps
Getting the most out of your investment in a NGFW requires careful consideration of several factors to ensure stability, simplicity, and superior threat protection. Key consideration include:
- • Security Controls: IPS, Application Control, URL Filtering and others.
- • Advanced Security: Sandboxing, Zero Trust Network Access and others.
- • Network Size: This determines the number of NGFWs needed.
- • Virtual or Cloud: Enterprises with virtual and cloud environments need virtual and cloud NGFWs.
- • Performance: Choose an NGFW with enough capacity so it will not be a bottleneck in the network.
- • Support options: There are many options: online, on-site and professional service. Choose the option that’s right for your team based on your team’s expertise and workload.
When it comes to solving business challenges, enterprises are generally eager to adopt new technologies such as cloud computing, workforce mobility and automation. But now, many enterprises are finding their digital transformation journey laden with new challenges, including a surge in the number of connected devices, millions of encrypted connections, increased bandwidth needs, continually evolving evasive attacks and increased operational costs.
SonicWall’s Gen 7 is our most secure and stable lineup yet. We’ve greatly increased performance, streamlined operations and upgraded features, all while offering industry-leading TCO. These NGFW have multiple 100/40/10 GbE interfaces that can process millions of connections. Their high-speed connectivity and large port density — coupled with superior IPS and TLS1.3 inspection support — make these firewalls an ideal threat protection platform for enterprise Internet edge and data center deployments. And the newly introduced multi-instance capability (modern multi-tenancy) allows MSSPs and enterprises to provide guaranteed performance, reliability and availability while adhering to service level agreements.
Learn More
• Next-Generation Firewall for Data Center
• Next-Generation Firewall for Internet Edge
• Next-Generation Firewall for Public Clouds
Important Notice: Subscription Increase, Cost-Saving Options & Upgrades
Subscription Increase
Due to the macroeconomic conditions of rising inflation and operating costs, SonicWall is initiating price adjustments for Gen 6 and Gen 7 SonicWall firewall security service subscriptions. The price increases on Gen6/Gen 6.5 are also due to product lifecycle cadence on older firewall generations after the release of a new generation.
All Gen 6 firewall security service SKUs will experience up to a 40% increase
while Gen 7 firewall security service SKUs will experience up to a 10% increase
effective August 1, 2024. There will be no price increase for any hardware or
hardware bundle SKUs.
Cost Saving Options
SonicWall understands the challenges and offers the following options to
mitigate the price increase:
- Our new SonicProtect subscription renewal offer is available with 3-year and 5-year terms. SonicProtect delivers the highest tier of security service on all generations of SonicWall. The per-year price of the SonicProtect subscription service SKU is substantially lower than the per-year price of the highest security service tier after the price increase. Since the price is locked down for the duration of the subscription term, customers can avoid subscription premiums on any services with new generation platforms during the subscription term. Learn more.
Upgrade Now: Take advantage of time-limited programs such as 3 & Free to move to Gen 7 at minimal costs.
Why Upgrade?
- New and enhanced security
features reduce the risks of ever-evolving threats
- Expanded capabilities in
management, logging, and reporting and analytics, including the new Cloud
Security Connector with SonicOS 7.1.2 to enable hybrid deployments
- Increased efficiencies from new
integration and automation features
- Higher security efficacy from
improved functionality and performance - watch our latest
webinar on vulnerability management and
firewall best practices for details.
SonicProtect Subscription
Description
What is a SonicProtect subscription?
SonicWall’s SonicProtect subscription offers superior threat protection and investment protection for all generations of SonicWall firewalls with a single security service subscription. SonicProtect subscriptions offer price protection on multi-year security services. Customers also benefit from discounted multi-year service subscription fees and the ability to avoid any premiums on subscriptions similar to those on newer generation platforms. It also offers the ability to predict OpEx spending related to security services. This program entitles our customers to the highest tier of security services available on a given platform, including our patented Real-Time Deep Memory Inspection (RTDMI™) and patented single-pass, low-latency, Reassembly-Free Deep Packet Inspection (RFDPI) engines.
What does SonicProtect offer?
A SonicProtect Subscription offers the highest tier of the security services bundle available of any model type series (hardware or virtual) firewall platform generation. In this example, SonicProtect offers Advanced Gateway Security Suite (AGSS) or Comprehensive Gateway Security Suite (CGSS) for Gen5, Gen6/6.5 firewall platforms, and Advanced Protection Security Suite (APSS) for Gen7 firewall platforms.The subscription will also transfer to the highest tier of the security service bundle for the upgrade replacement. For example, SonicProtect for the TZ400 (Gen6) family will offer AGSS for TZ400 hardware, and when the customer upgrades to the TZ470 (Gen7), the remainder of the subscription can be migrated to TZ470 with APSS.
What’s in it for our customers?
SonicProtect subscriptions are available in 3-year and 5-year terms, offering price protection with multi-year service subscriptions. Customers also benefit from discounted multi-year service subscription fees and the ability to avoid any premiums on similar subscriptions on newer generation platforms. Moreover, it also offers the ability to predict OpEx spending and the flexibility of planned CapEx spending with hardware or virtual upgrades to the newer generations.
DEPLOYMENT, LICENSING & SUPPORT
What deployment and use cases are supported?
SonicProtect subscriptions are available for all firewall use cases and deployment types. You can leverage these subscriptions for your existing and new deployments with the TZ series, NSa series, NSsp series, NSv series, Super Massive series, SOHO series, and the upcoming IoT Firewall.
What licensing models are available with SonicProtect?
The licensing model includes a single security service subscription available in 3-year and 5-year term periods. It offers the highest tier of security suite available on all generations of firewall platforms in a single band of family. For example, a 5-year SonicProtect subscription for the TZ400 model series can be used on the TZ400 until the end of support for that platform and then leveraged on the TZ470 or any other product introduced in the same series (TZ400).
Can a customer have a mixed deployment with existing subscriptions and SonicProtect?
SonicProtect can co-exist with all existing security services for each product generation. Customers can have some firewalls with Comprehensive Gateway Security Suite (CGSS), Advanced Gateway Security Suite (AGSS), Essential Protection Security Suite (EPSS) and Advanced Protection Security Suite (APSS), and, at the renewal, they can procure the new SonicProtect subscription if it meets their business requirements.
Can the customer’s existing partners offer this new subscription?
Starting in July 2024, SonicProtect will be available globally to all SonicWall channel partners. Customers can renew existing platforms with the new SonicProtect subscription if it meets their business requirements.
Does the new SonicProtect subscription work with the newly introduced SonicPlatform?
As customers migrate to SonicPlatform, these subscriptions will migrate as a part of their active deployment. There is no restriction or difference in support compared to existing security services.
Is there any restriction on the number of SonicProtect subscriptions in a single tenant or deployment?
Procuring this new SonicProtect subscription is free of limit or maximum count restriction. Customers can renew all their install-base/deployed firewalls with the new SonicProtect subscription if it meets their business requirements.
With SonicProtect, what’s the last date for the subscription?
As with other security services offered by SonicWall, the last date of subscription or service expiration is based on the date of registration and the term period of the subscription. For example, if a 5-year SonicProtect subscription is activated on July 11, 2024, it will expire on July 10, 2029.
Can the SonicProtect subscription be used with my latest generation firewalls (Gen7)?
Yes, a SonicProtect subscription can be used with any generation firewalls, including Gen7 TZ, NSa, NSsp, and NSv series firewalls. For example, if a SonicProtect subscription for a 5-year period is activated on an NSsp 15700 on July 11, 2024, it will expire on July 10, 2029.
Can the SonicProtect subscription be used on a firewall platform that will soon be out of support?
Yes, a SonicProtect subscription can be used with any generation firewalls, including legacy Gen5, 6, and 6.5 firewalls. For example, if a 5-year SonicProtect subscription is activated on a TZ 400 on July 11, 2024, it will expire on that TZ400 on April 16, 2026, based on the product life cycle and the platform’s End-of-Support date. The remainder of the subscription will continue on a Gen7 470 or any newer platform in the TZ400 family until July 10, 2029.
Does the SonicProtect subscription include a hardware upgrade to a new firewall in the same family?
No, a SonicProtect subscription is only a security service license. Customers can upgrade the firewall platform based on any offer or the SonicWall Customer loyalty program. As a part of our loyalty program, we offer special SKUs for hardware purchases with no attached services or subscriptions. Please get in touch with your SonicWall partner or sales team to procure hardware for Secure Upgrade Appliance Only SKUs.
Does the SonicProtect subscription allow upgrading the firewall to a higher category/product family?
We understand that business outcomes and bandwidth may change in today’s dynamic landscape, and our goal with SonicProtect subscriptions is to offer complete investment protection. In Q4CY24, we will have program updates to SonicProtect subscriptions, allowing additional flexibility to move to higher-tier hardware or virtual and cloud-delivered services from SonicWall. Stay tuned for more updates. At launch in July 2024, the program will be designed to allow subscription transfer to any product in the same product family.
Does the SonicProtect subscription offer a term period higher than five years?
We understand the value of a SonicProtect subscription and the need for a longer term. At launch in July 2024, we will only offer a 3-year and 5-year term. We will reevaluate the need to provide a longer term in future program revisions.
Does the SonicProtect subscription offer a term period lower than three years?
No. At launch in July 2024, we will only offer a 3-year and 5-year term periods. For 1-year and 2-year term options, you can use the regular subscription SKUs to procure the desired term and security services.
Can the SonicProtect subscription be stacked to achieve higher term periods?
No. SonicProtect subscriptions cannot be stacked or added to achieve higher term periods.
ORDERABILITY & ACTIVATION
When will the new SonicProtect subscription be orderable?
SonicProtect subscription SKUs will be available to all our channel partners via global pricelists on July 1, 2024
When can SonicProtect subscriptions be activated?
SonicProtect subscription SKUs will be orderable on July 1, 2024, and can be activated on or after July 15, 2024
Can SonicProtect subscriptions be activated on firewalls with a term period expiring before July 15, 2024?
SonicProtect subscription SKUs cannot be activated before July 15, 2024. If a firewall subscription expires before that date, please work with your SonicWall sales team to request an extension of existing services until July 15, 2024. Please share the purchase details of the SonicProtect subscription to support the extension request.
SonicPlatform program is subject to additional terms and conditions available on our support page.
Product Family
Firewall Family |
Supported Platforms |
IoT & SOHO Series (Gen5, Gen6, Gen7) |
SOHO, SOHO W, new IoT FW (launching Q4 CY24) |
TZ 200 family (Gen6, Gen6.5, Gen7) |
SOHO 250, SOHO 250W, TZ 270, TZ 270W |
TZ 300 family (Gen6, Gen6.5, Gen7) |
TZ 300P, TZ 350, TZ 350W, TZ 370, TZ 370W |
TZ 400 family (Gen6, Gen6.5, Gen7) |
TZ 400, TZ 400W, TZ 470, TZ 470W |
TZ 500 family (Gen6, Gen6.5, Gen7) |
TZ 500, TZ 500W, TZ 570, TZ 570W, TZ 570P |
TZ 600 family (Gen6, Gen6.5, Gen7) |
TZ 600, TZ 600P, TZ 670 |
NSa 2000 family (Gen6, Gen6.5, Gen7) |
NSa 2600, NSa 2650, NSa 2700 |
NSa 3000 family (Gen6, Gen6.5, Gen7) |
NSa 3600, NSa 3650, NSa 3700 |
NSa 4000 family (Gen6, Gen6.5, Gen7) |
NSa 4600, NSa 4650, NSa 4700 |
NSa 5000 family (Gen6, Gen6.5, Gen7) |
NSa 5600, NSa 5650, NSa 5700 |
NSa 6000 family (Gen6, Gen6.5, Gen7) |
NSa 6600, NSa 6650, NSa 6700 |
NSsp 10K family (Gen6, Gen6.5, Gen7) |
SuperMassive 9200, NSa 9250, NSsp 10700 |
NSsp 11K family (Gen6, Gen6.5, Gen7) |
SuperMassive 9400, NSa 9450, NSsp 11700 |
NSsp 13K family (Gen6, Gen6.5, Gen7) |
SuperMassive 9600, NSa 9650, SuperMassive 9800, NSsp 12400, NSsp 13700 |
NSsp 15K family (Gen6, Gen6.5, Gen7) |
NSsp 12800, NSsp 15700 |
NSv – XS family (Gen6, Gen6.5, Gen7) |
NSv 10, NSv 25, NSv 50, NSv 100 |
NSv – S family (Gen6, Gen6.5, Gen7) |
NSv 200, NSv 270 |
NSv – M family (Gen6, Gen6.5, Gen7) |
NSv 300, NSv 400, NSv 470 |
NSv – L family (Gen6, Gen6.5, Gen7) |
NSv 800, NSv 1600, NSv 870 |
|
"3&FREE" Promotion has returned!
SonicWall’s Bigger and Better 3 & Free promotion is here!
We’ve expanded our ever-popular 3 & Free promotion to a bigger range of products, leading to better opportunities for you. When your customers purchase a 3-Year Essential Protection Service Suite, they can get one of our Gen 7 next-generation firewalls — and this includes every single Gen 7 firewall, from the TZ 370 and up—for free!
Best of all, we aren’t limiting this deal to current SonicWall end users: Trading in a legacy SonicWall or competitor firewall will get them their free, eligible firewall upgrade.
Our Essential Protection Service Suite (EPSS) includes:
- Capture ATP
- Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention Services (IPS) and Application Firewall Services
- Content Filtering Services (CFS), Comprehensive Anti-Spam
- 24x7 support with firmware
ELIGIBLE PRODUCT | REPLACEMENT PRODUCT |
TZ 105, SOHO, SOHO 250, TZ 205, TZ 300, TZ 350, TZ 215, TZ 400, TZ 500, TZ 600 | TZ 370, TZ 470, TZ 570, TZ 670 |
TZ 400, TZ 500, TZ 600, NSa 2600, NSa 2650 | TZ 570, TZ 670 |
TZ 400, TZ 500, TZ 600, NSa 2600, NSa 2650, NSa 3600, NSa 3650 | NSa 2700 |
NSa 2600, NSa 2650, NSa 3600, NSa 3650, NSa 4600, NSa 4650 | NSa 3700 |
NSa 3500, NSa 3600, NSa 3650, NSa 4500, NSa 4600,NSa 4650, NSa 5000, NSa E5500, NSa 5600, NSa 5650, NSa 6600, NSa 6650 | NSa 4700 |
NSa 4500, NSa 4600, NSa 4650,NSa 5000, NSa E5500, NSa 5600, NSa 5650, NSa E6500, NSa 6600, NSa 6650, NSa E7500, NSa E7510, NSa E8500, NSa E8510 | NSa 5700 |
NSa 5000, NSa E5500, NSa 5600, NSa 5650, NSa E6500, NSa 6600, NSa 6650, SM 9200, NSa 9250, SM 9400, NSa 9450 | NSa 6700 |
COMPETITOR PRODUCT TRADE-IN | TZ 370, TZ 470, TZ 570, TZ 670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, 11700, 13700, 15700 |
New TZ270 Promotion - moving from SOHO / SOHO 250 models.
SonicWall’s limited-time ‘3 & Free’ promotion is available for existing SonicWall customers of the Gen 6.0 SOHO or Gen 6.5 SOHO 250, or other Gen 5 models.
Get a free Gen 7 SonicWall TZ270 when you trade in your SOHO or Gen 5 TZ firewall and buy three years of either Advanced Protection Service Suite (APSS) or Essential Protection Service Suite (EPSS).
With this upgrade, you’ll gain:
- SonicOS 7 Advanced Security
- Vastly improved DPI, VLAN, and IPsec VPN performance.
TZ270 offer 3.5 times firewall, DPI and IPSec VPN performance over SOHO 250 firewalls and more than 6 times over SOHO (Gen 5). - Greater port density. TZ270 next-generation firewalls supports eight ports while SOHO 250 and SOHO Gen 5 support five.
- 5G Support
Important Note: This 3 & Free Partner Promotion is a SonicWall replacement promotion. This is NOT for competitive replacement. PROMOTIONAL PRODUCTS CAN ONLY BE REGISTERED WITH SERIAL NUMBER ENTRY OF AN ELIGIBLE REPLACEMENT PRODUCT. Upgrade Product Eligibility is a limited version of the Secure Update Matrix for this promotion.
What can I upgrade?
ELIGIBLE PRODUCT | REPLACEMENT |
TZ100, TZ105, TZ150, SOHO, SOHO W, SOHO250, SOHO250 W, TZ170, TZ180, TZ190, TZ200, TZ205, TZ210, TZ215 | TZ270 |
Products: https://www.sonicwall-sales.com/tz270-3-and-free-t...
Firewall as a Service Providers
When looking at your options for improving your company’s cybersecurity, you might see firewall as a service mentioned as a popular solution that businesses are using today. With so many options on the market, we know finding the right firewall for your business based on your size and what type of business you run can be an overwhelming decision. Firewall as a service providers can support you in protecting your business for many years to come, so keep reading to discover what firewall-as-a-service is and whether it’s a good option for your business needs.
What is Firewall as a Service?
Firewall as a service providers offer you a security solution that’s cloud-based and will help to improve your IT infrastructure and security. It’s a next-generation firewall, similar to SonicWall firewalls, and will offer features such as advanced threat protection and web filtering. It can still offer many of the same benefits as a hardware firewall but offers you the chance to scale your protection as you need to and support your growing business. As the firewall is based in the cloud, you’ll be able to tailor it to your current needs and ensure your security concerns are overcome at all times.
How Does Firewall as a Service Work?
In the same way as a SonicWall business firewall will work to filter your network traffic to protect your business from threats, firewall as a service works to protect your company from both inside and outside cybersecurity threats. You’ll want to check the exact features that are offered with the firewall you purchase, but most modern firewalls will come with network monitoring, Internet Protocol security, packet filtering, and many other advanced features. They can identify malware and other threats before it is too late, and you put your business at huge risk.
Firewall as a service will be positioned between your business network and the internet. When traffic tries to get into your network, it will inspect the traffic to detect and then address any threats. It analyses information as it goes into the network, ensuring that it picks up on any malicious data and unusual behaviours before reaching your network. This advanced type of firewall also usually offers deep packet inspection, which can alert threat response teams of any data within the packet and ensure dangerous data doesn’t reach your system. As we now see more companies than ever working in a decentralised manner, moving to the cloud has become a natural choice for many business owners. You can protect your business network even when people are working remotely and ensure that you can continue with your everyday tasks without disruption thanks to FWaaS.
What Type of Companies Can Benefit from Firewall as a Service?
If you are looking to purchase a SonicWall firewall or another type of cybersecurity protection, you might be wondering if you could benefit from firewall as a service. There are many reasons that companies are opting to use this type of firewall. It allows customers to move their security inspection to a cloud-based operation, which gives you more freedom if you are expanding your business. Now that things have resettled after the global pandemic, you might be aiming to expand your business operations this year. If that’s the case, you might find this to be the perfect solution to offer you the firewall throughput you need.
Hardware firewalls sometimes need extra attention and maintenance. Many companies just don’t have the time or resources to look after and manage a firewall like this, which is why firewall as a service can be a very good option. The provider will be able to manage the settings of your firewall and save you time worrying about the settings of your security protection. The range of devices that can be used on your network will also increase with FWaaS, allowing your employees to work from home safely. We’ve been very impressed by the improvements and developments in this technology over recent years, working to support companies that still allow employees to work remotely. No matter the shape and size of your business, you need to protect your network to remain competitive year after year.
Are you looking to improve your cybersecurity and protect your business from threats this year? The number of risks to business owners has only continued to increase in recent years, which is why we encourage businesses of all shapes and sizes to invest in a firewall that will offer them adequate protection and support based on their unique needs. Firewall as a service is a great option for many companies, but we encourage you to review the options on our site to find the solution that’s best for you. Contact us today for more information about the firewalls we offer or take a look through our site to see our full product range.
SonicWall Legal Documentation
SONICWALL LEGAL DOCUMENTS AND NOTICES DIRECTORY
Refer to the directory of links for access to our legal documents and notices that govern the use of this website, and the use of products and services offered by SonicWall. For your convenience, below are commonly used contact points.
https://www.sonicwall.com/legal/
Proxy Server Firewall
We can’t hide away from it, the threat landscape that organisations now face is huge, and businesses can no longer take any chances with the data and sensitive information they hold on their internal networks falling into the wrong hands.
This is where firewalls come in.
Firewalls are a great piece of software that helps to provide a barrier between your network and computer. Filtering traffic and only allowing the good to pass through, blocking what it believes to be malicious or a threat.
By controlling the flow of traffic in such a way, the SonicWall firewall allows you to monitor and have confidence that your systems are protected from cyber-attacks.
A proxy firewall then takes this level of protection one step further.
What is a proxy firewall?
Decrypting and inspecting application traffic firewall proxy servers are an advanced firewall security system that goes above and beyond to protect your network. Monitoring network traffic and running protocols against every type of application it supports, every device within your organisation must establish a connection through the proxy server to create a new, secure network connection.
Also known as an application or gateway firewall, a proxy firewall works by securing the connection between your internal network and the public internet. For example, access to the internet is gained through the proxy gateway (firewall), where the gateway will evaluate all external requests against set and predetermined security rules. Based on this information, it will then decide to allow the request or block and contain the request.
To ensure complete security, the proxy firewall server will also have its own IP address and receive data packets through proxies. It provides a single point that allows your security or IT team to assess the threat level of application protocols.
Proxy firewalls will check:
- Domain name system
- FTP
- HTTP
- Internet control message protocol
- Simple mail transfer protocol
Checking these across the application, transport, and network layer, proxy and firewall software are all designed to strengthen network security.
Proxy Firewall Server
The features of a proxy server include:
- Can reduce bandwidth demands with caching.
- Codes, filters, logs, and controls requests to secure networks and prevent unauthorised access.
- Filters all information to secure the network.
- Can integrate with other security solutions to offer enhanced security control.
- Protects against cyberattacks attempting to infiltrate the network.
- Helps to enforce security policies.
- Inspects layer traffic.
- Prevents unauthorised access to the network.
Benefits of a Firewall Proxy Server
Enhanced Security – due to validating users rather than just devices. Designed to prevent spoofing attacks and can also detect DDoS attacks.
Improved Reporting – you and your teams have the capabilities to examine the entire network and monitor data centrally. Providing you with vital security information.
Assess Threats – can proactively evaluate data packets that could negatively impact your network. As these types of firewalls use deep packet inspection, you can discover advanced threats, check network traffic validity, and put the right protocols in place to stop these attacks before they pose a risk to your business.
Control – you have a higher level of control with a Sonic firewall and firewall proxy server, as you can configure the network to users, assign groups, set permissions, and control what functions individuals can perform.
Provides a single point of access – allowing you to effectively detect threats and check network validity through centralised application activity and one single server.
Promote Policies – as well as ensure compliance, proxy firewalls can also help fine-tune network needs and policies.
Things to be aware of
Like with any new piece of software or security feature you look to integrate into your systems and network, it’s essential that you check that it is compatible.
This is extremely important for a proxy firewall, as running outdated servers will cause the proxy firewall server to run slowly, which, in turn, will negatively affect performance.
In addition, due to the new connections being added, you may experience bottlenecks in traffic flow, which again will slow down performance, creating a single point of failure. To counteract this, it’s vital to ensure that all software and systems are up-to-date and that all firewalls and security software are configured and encrypted, leaving no ports exposed.
As the firewall limits the applications a network can support, hence increasing security levels, it’s also essential to bear in mind that this can, at times, impact speed and functionality.
When choosing the best firewall solution, base your decision on what is right for your business. Think about the size of your company, the security software’s ability to scale with you, the resources you have available, and the level of protection required.
SonicWall firewall and firewall proxy servers are the most secure forms of firewall available; by filtering information at the application layer, you can have peace of mind that your network is protected 24/7.
To find out more, call us today at 0330 1340 230 or email your questions to enquiries@sonicwall-sales.com; we’d be happy to help.
Get the most out of SonicWall Support
Jean-Pier Talbot has uploaded an excellent video explaining "How to work with [SonicWall[ tech support".
There is some really good information, and tips to get the best experience.
Firewall Throughput
The digital world and cybersecurity industry have both continued to expand at a rapid pace in recent years. Firewall throughput is a term you may have heard mentioned when looking at your firewall options, but you may not fully understand what this term means and how it impacts you. Today we’re going to share our complete guide to firewall throughput to help you find the right firewall solution for your business needs in the future. SonicWall firewalls are an excellent option for small and medium-sized businesses looking to improve their cybersecurity this year, so take a look through our site for more information about how you can protect your business.
What is Firewall Throughput?
Firewall throughput is a term that’s used to describe the volume of traffic that a firewall is able to handle. This is measured in megabits per second (mbps) or could also be reviewed in gigabits per second (gbps). It’s important to keep in mind that it’s not as simple as just measuring the throughput. There are many factors which will impact this figure, such as the type of traffic and the services that are being run on your firewall. Firewall throughput can help to improve your network cybersecurity and performance, preventing bottlenecks and other issues from forming.
A misconception we see often is that firewall throughput is the same as bandwidth. Bandwidth is the term used to describe the maximum data transfer rate within a network or an internet connection, but when we talk about firewall throughput, it’s referring to the traffic that your firewall can process. These two figures are related, but they don’t work exactly the same, and therefore you need to understand how they impact each other in order to ensure you are fully protecting your network.
How Do You Calculate Firewall Throughput?
As part of our firewall throughput explained guide, we want you to be able to understand how this figure is calculated. It’s typically calculated by looking at the number of bytes your firewall can process in a certain unit of time. This can be a very complex calculation to make, with application control and the number of sessions taking place at one time impacting the figure. Should malware be present, this will also impact the throughput firewall rate. You’ll find firewall throughput calculators which can help you to estimate the firewall’s capacity, but you’ll need to keep in mind that these figures will be estimated and won’t take into account the variables we’ve mentioned here. SonicWall firewalls will have varying firewall throughput rates based on the conditions they are working in, so every business will have different results.
What is NGFW Throughput?
As you start to look at the best SonicWall business firewall options for your needs, you might see the term NGFW throughput used. Next-generation firewalls offer you a new level of protection when compared to traditional SonicWall firewall options. They offer additional features that can improve your cybersecurity greatly, such as application control and automation. It’s important to note that these types of firewalls and their new features can improve the throughput. This is why you’ll often see this quoted as a different figure, as they have different results from regular firewall throughput.
What Businesses Need a Firewall?
All businesses today could benefit from a firewall to offer them projection when operating online. The firewall throughput that you require will vary based on your unique needs, but it’s important to ensure that any firewall you purchase has the features that you require to keep your business operating securely. Nearly all companies today work with computer systems and online to some extent, which puts you at risk all day, every day. A firewall is a small investment to make to protect your business operations and ensure that you remain in compliance with industry standards too.
On our site, you’ll find firewall options to fit every business. Our team will be happy to discuss more about the SonicWall firewall solutions we offer and share the benefits of each product. We can discuss the firewall throughput if this is something you are concerned about, to ensure that the performance level meets your expectations. We know that there are many terms used when looking at firewalls for the first time and this can be very overwhelming for some people. We’ll be here to break it down into simpler terms to ensure you find the right protection for your needs.
Are you looking to improve your cybersecurity this year? If so, take a look through our full range of firewalls and products designed to improve your network security. Our team will be here to answer any questions you have about the firewall throughput of the products on our site, so don’t hesitate to get in touch with us today to discuss this topic further with our team of experts.