Latest News

NSM (Network Security Manager) is now included with every Gen7/8 firewall with an active support subscription. Additional features are included in security/support bundles (like Advanced Protection Service Suite or Managed Protection Service Suite).

If you want to add or increase the storage time you can purchase SaaS 7, 30, 90 or 365 Days of Advanced Reporting and Analytics.

SaaS Reporting

Firewalls need active management. With MPSS, SonicWall experts handle the management of your Generation 7 or 8 firewall, ensuring you always have the best firewall configuration to defend against cyber threats.

SonicWall’s Managed Protection Security Suite (MPSS) brings the expertise of our SonicSentry team to manage and monitor your firewalls, becoming an extension of your team to help you maximise your resources and achieve better security. For MSPs, partnering with us for firewall management can help you grow your business without adding headcount, while also freeing your team to focus on more customer service-oriented tasks.

Managed Protection Security Suite Datasheet

As a prerequisite, a minimum level of configuration is required and a document is available to help. I would advise anyone to set their firewall to best practices and include these amendments.

MSS Managed Firewall Best Practice Configurations

Gen 7 pricing will be adjusted starting October 15, 2025, as we continue expanding our Gen 8 portfolio. While both Gen 7 and Gen 8 provide strong, modern capabilities, Gen 8 will be the platform for future innovations and extended lifecycle support.

Many of the new Gen 8 models are in stock (currently limited), but we're getting more in every week.

Added some discounted products - see home page promotions.

These mostly include some Essential renewal bundles, but also NSa 2700 offer.

Details here.

The SonicWall GEN8 TZ Series and GEN8 NSa Series firewalls introduce in-product migration capabilities that allow administrators to import configuration settings from supported legacy SonicWall firewalls. This greatly simplifies the upgrade process by eliminating the need for manual reconfiguration during hardware refresh or platform upgrade.

Settings Import Feature:

• Export/Import settings
• Devices must be entirely configured from scratch in a typical greenfield deployment (new setup). With GEN8 firewalls, you can import .exp configuration files from supported legacy devices, streamlining migration.
• The GEN8 TZ and NSa firewalls support in-product migration from select current and previous generation SonicWall firewalls.
• This feature is especially useful when upgrading from GEN6 or GEN7 models.

Key Benefits:

• Reduces time spent on manual configuration
• Maintains policy consistency across hardware generations
• Simplifies deployments and rollback planning

Pre-Requisites: The following devices are supported as source firewalls from which settings can be exported and imported to GEN8 TZs and NSa models:

SonicWall will retire the Essential Protection Service Suite (EPSS) effective August 1, 2025.

In today’s threat landscape — where cyberattacks use automation, AI, and advanced evasion — customers need a simple, effective solution. To address this, we’re simplifying our service portfolio to make it easier to deliver the protection your customers expect.

As of August 1, SonicWall will offer a single subscription bundle: the Advanced Protection Service Suite (APSS) — delivering best-in-class threat prevention at a low total cost of ownership.

Partners in the Service Provider Program can also choose the Managed Protection Service Suite (MPSS), which adds the firewall management expertise of the SonicSentry NOC. MPSS is currently available in NOAM, with global availability coming soon.

We encourage you to begin transitioning your customers to APSS or MPSS, both of which include advanced security, support, and SaaS-based reporting and analytics.

Device > Settings > Administration > Login / Multiple Administrators > Login security

Device > Settings > AdministrationLogin / Multiple Administrators > Login security

Device > Settings > Firmware and Settings

Device > Users > Settings > Authentication

Device > AppFlow > Flow Reporting > Settings

Device > Log > Settings

Device > Log > Name Resolution

Network > SSLVPN > Server Settings

Network > Firewall > Advanced > Settings

Network > Firewall > Advanced > Connections

Network > Firewall > Flood Protection > TCP > Layer 3 SYN Flood Protection - SYN Proxy

Network > Firewall > Flood Protection > UDP

Network > Firewall > Flood Protection > ICMP

Network > VoIP > Settings

Policy > Security Services > Gateway Anti-Virus

Policy > Security Services > Anti-Spyware

Policy > Security Services > Intrusion Prevention

Policy > Capture ATP > Settings > Basic

Policy > Security Services > Geo-IP Filter

Policy > Security Services > Botnet Fiter

Policy > Security Services > App Control

Policy > Security Services > App Control > Signatures

Objects > Match Objects > URI Lists

Objects > Profile Objects > Content Filter > CFS Default Profile > Settings > URI List

Objects > Profile Objects > Content Filter > CFS Default Profile > Settings > Category

Objects > Profile Objects > Content Filter > CFS Default Profile > Settings > Reputation

Objects > Profile Objects > Content Filter > CFS Default Profile > Advanced

Policy > Rules and Policies > Content Filter Rules > CFS Default Policy

In collaboration with Microsoft Threat Intelligence (MSTIC), SonicWall has identified a deceptive campaign to distribute a hacked and modified version of SonicWall’s SSL VPN NetExtender application that closely resembles the official SonicWall NetExtender software. NetExtender enables remote users to securely connect and run applications on the company network. Users can upload and download files, access network drives, and use other resources as if they were on the local network. Security solutions from SonicWall (GAV: Fake-NetExtender [Trojan]) and Microsoft (TrojanSpy:Win32/SilentRoute.A) will flag the installer as malicious and enable proactive defenses.

The website impersonating the legitimate NetExtender is hosting a Trojanized version of SonicWall’s actual NetExtender version 10.3.2.27 (the latest release version), digitally signed by “CITYLIGHT MEDIA PRIVATE LIMITED.”

The threat actor added code in the installed binaries of the fake NetExtender so that information related to VPN configuration is stolen and sent to a remote server.

Technical Details

The threat actor modified the following component files, which are part of the NetExtender installer, to execute the application and send configuration information to a remote server:

• NeService.exe (Modified file; digital signature is invalid)
• NetExtender.exe (Modified file; no digital signature)

Modifications to NeService.exe

This file is the SonicWall NetExtender Windows service used by the NetExtender application. It contains a function used to validate the digital certificates of NetExtender components. Upon successful validation, the program continues to execute; otherwise, it displays a validation failure message and exits.

In the malicious installer, this file is patched at all locations where the function results are evaluated. The patch bypasses the check, allowing execution to continue regardless of validation results.

Modifications to NetExtender.exe

Additional code was added to send VPN configuration information to a remote server with the IP address 132.196.198.163 over port 8080. Once the VPN configuration details are entered and the “Connect” button is clicked, the malicious code performs its own validation before sending the data to the remote server. Stolen configuration information includes the username, password, domain, and more.

Mitigation

SonicWall and Microsoft have acted quickly to take down the impersonating websites and have had the installer’s digital certificate revoked.

It is strongly recommended that users download SonicWall applications only from trusted sources: sonicwall.com or mysonicwall.com.

SonicWall Capture ATP with RTDMI™ detects the malicious installer, and SonicWall Managed Security Services identifies and blocks it as:

• GAV: Fake-NetExtender (Trojan)

Microsoft Defender Antivirus detects this as:

• "SilentRoute" Trojan ("TrojanSpy:Win32/SilentRoute.A")

IOCs

Sha256:

• d883c067f060e0f9643667d83ff7bc55a218151df600b18991b50a4ead513364 : Malicious NetExtender Installer
• 71110e641b60022f23f17ca6ded64d985579e2774d72bcff3fdbb3412cb91efd : Malicious NEService.exe
• e30793412d9aaa49ffe0dbaaf834b6ef6600541abea418b274290447ca2e168b: Malicious NetExtender.exe

Network:

• 132.196.198.163

DNS vs URL Filtering - What’s the Difference and Why it Matters.

Cyberattacks often begin with a single click. That’s why content filtering is more critical than ever in today’s digital landscape. But not all filtering technologies are the same and understanding the difference between DNS and URL filtering can help your organization build a smarter, layered security strategy for web access.

What is DNS Filtering?

DNS filtering works at the Domain Name System (DNS) level. This is the same system that translates a website (like linkedin.com) into the IP address your device uses to connect.

When DNS filtering is enabled, requests for malicious, risk, or non-compliant domains are blocked before a full connection is established.

Benefits of DNS Filtering:

• Fast and lightweight – stops threats before a page even loads
• Great for remote/hybrid work – protection travels with users
• Broad protection – blocks entire domains known for hosting malware, phishing, or botnets

What is URL Filtering?

URL filtering goes deeper. It analyzes the full web address (URL), including the specific page, folder, or file path, after DNS resolution.

This allows organizations to enforce more granular web access policies and send the entire URL for more in-depth evaluation.

Benefits of URL Filtering:

• Granular control – Send specific pages for further risk-based evaluation (e.g., example.com/ sports/basketball)
• Advanced Threat Protection – Stops users from accessing compromised subpages or dangerous downloads on otherwise “safe” domains

Why You Need Both

DNS filtering is your first line of defense by keeping users from even reaching known bad destinations. URL filtering is your second layer which analyzes deeper content on the fly to catch what DNS filtering didn’t.

Together they give you:

• Comprehensive threat coverage to prevent data loss and breaches
• Flexible policy-based controls based on user groups • A layered security approach that’s secures web access wherever your users are

The NSa 2800 and NSa 3800 are the next models due to be available in stock. These will replace the NSa 2700 and NSa 3700 respectively.

What is SonicWall NSa 2800 / NSa 3800?

The SonicWall NSa 2800 and NSa 3800 are high-performance next-generation firewalls (NGFWs) designed for medium to large enterprises, delivering best-in-class security efficacy, scalable performance, and simplified management at a low TCO. Built to handle high-speed encrypted traffic and advanced threat protection, these firewalls provide intrusion prevention, anti-malware, content filtering, and application control without compromising performance. With enterprise-grade security, secure SD-WAN, and cloud-based management, the NSa 2800 and NSa 3800 ensure seamless protection across distributed environments, reducing operational complexity and security costs. Get industry-leading security and efficiency while optimizing your cybersecurity investment.

Key Features:

• Cloud / Centralized Management (NSM) included
• Multiple licensing models
• Better TCO
• Best-in-class Threat Protection Throughput
• Zero-touch Provisioning and Simplified Management
• Zero-Trust Edge Support

Hardware, Deployment, Licensing & Support

How many ports are on the NSa2800 and NSa3800?

SonicWall NSa2800 has 16 x 1G Copper / Ethernet Interfaces and 3 x 10G SFP+ Interfaces, a total of 19 ports, along with a dedicated Management port and a Console port.

SonicWall NSa3800 has 24 x 1G Copper/Ethernet Interfaces and10 x 10 SFP+ Interfaces, a total of 34 ports, and a dedicated Management port and Console port.

Does NSa 2800/3800 have support for Redundant Power Supply?

Yes, both NSa2800 and NSa3800 support an optional Redundant power supply.

Do NSa2800 and NSa3800 support Cellular dongles?

Yes, SonicWall NSa2800 and NSa3800 support USB Cellular dongles – USB Type-A

Does the SonicWall Express App support SonicWall NSa2800 and NSa3800?

Yes, the SonicExpress mobile application supports the new SonicWall NSa2800 and NSa3800.

What are the new licensing options available with NSa2800 and NSa3800?

NSa2800 and NSa3800 can be purchased with three licensing tiers/bundles: EPSS- Essential Protection Service Suite, Advanced Protection Service Suite-APSS, and Managed Protection Service Suite-MPSS.

Both NSa2800 and NSa3800 can be purchased as hardware-only SKUs. Unlike the SonicWall TZ80, no subscription is necessary for them to function. However, we highly recommend licensing security services.

SonicWall NSa2800 and NSa3800 now include Centralized Management with every Support SKU, giving you seamless centralized configuration, change management, and zero-touch deployment—all at no extra cost! Simplify security, reduce IT overhead, and gain enterprise-level visibility with ease.

The following table provides detailed features for each of the service subscription licenses.

Table:1

+ Optional SKUs are available as add-ons or A-la-Carte for specific features/functions.

Settings Migration

Is a migration tool available for NSa2800 and NSa3800?

No, it is not required. The SonicWall NSa2800 and NSa3800 support migrating in-product / on-box settings from:

Export the settings/ EXP file from NSa2600/NSa2700 to NSa2800

Export the settings/ EXP file from NSa3600/NSa3650/NSa3700 to NSa 3800

With the introduction of NSM 3.0, we have a migration application on NSM that supports converting EXP/settings files from NSa2600/NSa2650 onto NSa2800.

Which models are supported for on-box migration experience on NSa2800 and NSa3800?

NSa2800 supports in-product / on-box migration experience from NSa2600 and NSa2700 firewall models running the latest software versions like 6.5.4.13-105n/above and 7.0.1-5145/above

What configurations are not supported during the migration?

Interfaces like U1, VLAN, WLAN, and Tunnel are not supported during the migration. We recommend performing export/import for simple settings migration cases for bulk settings migration assistance, such as address objects, address groups, service objects, service groups, access rules, NAT Policies, and Route Policies. An error is displayed for all unsupported migrations.

Note: The above-listed limitations will not apply when migrating settings from a NSa2700 to NSa2800 and a NSa3700 to NSa3800.

Cloud Management, Reporting and Analytics

Which version of NSM can manage NSa2800 and NSa3800?

NSM version 3.0 and above can manage the NSa2800 and NSa3800 firewalls.

Do I need to pay for Cloud / Centralized management separately?

The support SKU or the EPSS, the APSS or MPSS license bundle includes cloud management at no additional cost. The APSS and MPSS bundles also include advanced reporting and analytics. Please refer to Table 1 for more details.

What cloud management services are included in each of the bundles?

NSa2800 and NSa3800 Support SKU include Support and Cloud Management with 7-day alerting. 7-day alerting refers to firewall UP/DOWN event reporting.

EPSS includes selective security services with 7 days of Basic Reporting.

APSS includes all the security services with Advanced cloud reporting and analytics for 7 days of data.

MPSS includes all security services, firewall-managed services, and 30 days of Advanced cloud reporting and analytics.

Are the flex packages available for cloud reporting?

We offer flex packages to add 30/90/365 days of Advanced Analytics and Reporting.

What is new in NSM 3.0?

NSM 3.0 brings in exciting new features. Please refer to the NSM 3.0 FAQ for more details:https://www.sonicwall.com/support/knowledge-base/250425105502713

Orderability & Activation

Is subscription mandatory for NSa2800 and NSa3800 to operate?

No, SonicWall NSa2800 and NSa3800 will operate as designed, even without any active service on the firewall, though this is not recommended.

What licenses besides EPSS, APSS, and MPSS hardware bundles are available?

Renewal SKUs for EPSS, APSS, MPSS, and flex SKUs for NSM Advanced reporting and analytics are available.

Customer Loyalty & Technology Migration Programs

Are NSa2800 and NSa3800 part of the Customer Loyalty Program?

Yes, buyers can use Secure Upgrade Plus to upgrade from their legacy firewalls to NSa2800/NSa3800 and qualify for special offers.

Are NSa2800 and NSa3800 of the SonicProtect Subscription Program?

Businesses can leverage SonicProtect Subscription on the 2600/3600 firewalls and upgrade to NSa2800/NSa3800 to enable cost protection and lock prices on multi-year APSS services.

Is 3&Free available for NSa2800 and NSa3800?

Yes, buyers can leverage the 3&Free promotional program with Cloud Secure Edge (CSE).

Raised Gen 6/6.5 renewal pricing: Announced 10th February, effective 1st May. 20% price increase on Gen 6/6.5 renewal SKUs. Please note that this is just a notification and will not be effective until May.

Gen 6 firewalls were launched in 2013 and Gen 6.5 firewalls launched in 2017 and are both approaching the end of support. Price adjustments are necessary for these appliances due to inflationary, logistical, and operational costs associated with maintaining legacy products.

Beat the increase and buy renewals before 1st May, or upgrade to a new Gen 7.

Subscriptions

Upgrades