Latest News

In collaboration with Microsoft Threat Intelligence (MSTIC), SonicWall has identified a deceptive campaign to distribute a hacked and modified version of SonicWall’s SSL VPN NetExtender application that closely resembles the official SonicWall NetExtender software. NetExtender enables remote users to securely connect and run applications on the company network. Users can upload and download files, access network drives, and use other resources as if they were on the local network. Security solutions from SonicWall (GAV: Fake-NetExtender [Trojan]) and Microsoft (TrojanSpy:Win32/SilentRoute.A) will flag the installer as malicious and enable proactive defenses.

The website impersonating the legitimate NetExtender is hosting a Trojanized version of SonicWall’s actual NetExtender version 10.3.2.27 (the latest release version), digitally signed by “CITYLIGHT MEDIA PRIVATE LIMITED.”

The threat actor added code in the installed binaries of the fake NetExtender so that information related to VPN configuration is stolen and sent to a remote server.

Technical Details

The threat actor modified the following component files, which are part of the NetExtender installer, to execute the application and send configuration information to a remote server:

• NeService.exe (Modified file; digital signature is invalid)
• NetExtender.exe (Modified file; no digital signature)

Modifications to NeService.exe

This file is the SonicWall NetExtender Windows service used by the NetExtender application. It contains a function used to validate the digital certificates of NetExtender components. Upon successful validation, the program continues to execute; otherwise, it displays a validation failure message and exits.

In the malicious installer, this file is patched at all locations where the function results are evaluated. The patch bypasses the check, allowing execution to continue regardless of validation results.

Modifications to NetExtender.exe

Additional code was added to send VPN configuration information to a remote server with the IP address 132.196.198.163 over port 8080. Once the VPN configuration details are entered and the “Connect” button is clicked, the malicious code performs its own validation before sending the data to the remote server. Stolen configuration information includes the username, password, domain, and more.

Mitigation

SonicWall and Microsoft have acted quickly to take down the impersonating websites and have had the installer’s digital certificate revoked.

It is strongly recommended that users download SonicWall applications only from trusted sources: sonicwall.com or mysonicwall.com.

SonicWall Capture ATP with RTDMI™ detects the malicious installer, and SonicWall Managed Security Services identifies and blocks it as:

• GAV: Fake-NetExtender (Trojan)

Microsoft Defender Antivirus detects this as:

• "SilentRoute" Trojan ("TrojanSpy:Win32/SilentRoute.A")

IOCs

Sha256:

• d883c067f060e0f9643667d83ff7bc55a218151df600b18991b50a4ead513364 : Malicious NetExtender Installer
• 71110e641b60022f23f17ca6ded64d985579e2774d72bcff3fdbb3412cb91efd : Malicious NEService.exe
• e30793412d9aaa49ffe0dbaaf834b6ef6600541abea418b274290447ca2e168b: Malicious NetExtender.exe

Network:

• 132.196.198.163

DNS vs URL Filtering - What’s the Difference and Why it Matters.

Cyberattacks often begin with a single click. That’s why content filtering is more critical than ever in today’s digital landscape. But not all filtering technologies are the same and understanding the difference between DNS and URL filtering can help your organization build a smarter, layered security strategy for web access.

What is DNS Filtering?

DNS filtering works at the Domain Name System (DNS) level. This is the same system that translates a website (like linkedin.com) into the IP address your device uses to connect.

When DNS filtering is enabled, requests for malicious, risk, or non-compliant domains are blocked before a full connection is established.

Benefits of DNS Filtering:

• Fast and lightweight – stops threats before a page even loads
• Great for remote/hybrid work – protection travels with users
• Broad protection – blocks entire domains known for hosting malware, phishing, or botnets

What is URL Filtering?

URL filtering goes deeper. It analyzes the full web address (URL), including the specific page, folder, or file path, after DNS resolution.

This allows organizations to enforce more granular web access policies and send the entire URL for more in-depth evaluation.

Benefits of URL Filtering:

• Granular control – Send specific pages for further risk-based evaluation (e.g., example.com/ sports/basketball)
• Advanced Threat Protection – Stops users from accessing compromised subpages or dangerous downloads on otherwise “safe” domains

Why You Need Both

DNS filtering is your first line of defense by keeping users from even reaching known bad destinations. URL filtering is your second layer which analyzes deeper content on the fly to catch what DNS filtering didn’t.

Together they give you:

• Comprehensive threat coverage to prevent data loss and breaches
• Flexible policy-based controls based on user groups • A layered security approach that’s secures web access wherever your users are

The NSa 2800 and NSa 3800 are the next models due to be available in stock. These will replace the NSa 2700 and NSa 3700 respectively.

What is SonicWall NSa 2800 / NSa 3800?

The SonicWall NSa 2800 and NSa 3800 are high-performance next-generation firewalls (NGFWs) designed for medium to large enterprises, delivering best-in-class security efficacy, scalable performance, and simplified management at a low TCO. Built to handle high-speed encrypted traffic and advanced threat protection, these firewalls provide intrusion prevention, anti-malware, content filtering, and application control without compromising performance. With enterprise-grade security, secure SD-WAN, and cloud-based management, the NSa 2800 and NSa 3800 ensure seamless protection across distributed environments, reducing operational complexity and security costs. Get industry-leading security and efficiency while optimizing your cybersecurity investment.

Key Features:

• Cloud / Centralized Management (NSM) included
• Multiple licensing models
• Better TCO
• Best-in-class Threat Protection Throughput
• Zero-touch Provisioning and Simplified Management
• Zero-Trust Edge Support

Hardware, Deployment, Licensing & Support

How many ports are on the NSa2800 and NSa3800?

SonicWall NSa2800 has 16 x 1G Copper / Ethernet Interfaces and 3 x 10G SFP+ Interfaces, a total of 19 ports, along with a dedicated Management port and a Console port.

SonicWall NSa3800 has 24 x 1G Copper/Ethernet Interfaces and10 x 10 SFP+ Interfaces, a total of 34 ports, and a dedicated Management port and Console port.

Does NSa 2800/3800 have support for Redundant Power Supply?

Yes, both NSa2800 and NSa3800 support an optional Redundant power supply.

Do NSa2800 and NSa3800 support Cellular dongles?

Yes, SonicWall NSa2800 and NSa3800 support USB Cellular dongles – USB Type-A

Does the SonicWall Express App support SonicWall NSa2800 and NSa3800?

Yes, the SonicExpress mobile application supports the new SonicWall NSa2800 and NSa3800.

What are the new licensing options available with NSa2800 and NSa3800?

NSa2800 and NSa3800 can be purchased with three licensing tiers/bundles: EPSS- Essential Protection Service Suite, Advanced Protection Service Suite-APSS, and Managed Protection Service Suite-MPSS.

Both NSa2800 and NSa3800 can be purchased as hardware-only SKUs. Unlike the SonicWall TZ80, no subscription is necessary for them to function. However, we highly recommend licensing security services.

SonicWall NSa2800 and NSa3800 now include Centralized Management with every Support SKU, giving you seamless centralized configuration, change management, and zero-touch deployment—all at no extra cost! Simplify security, reduce IT overhead, and gain enterprise-level visibility with ease.

The following table provides detailed features for each of the service subscription licenses.

Table:1

+ Optional SKUs are available as add-ons or A-la-Carte for specific features/functions.

Settings Migration

Is a migration tool available for NSa2800 and NSa3800?

No, it is not required. The SonicWall NSa2800 and NSa3800 support migrating in-product / on-box settings from:

Export the settings/ EXP file from NSa2600/NSa2700 to NSa2800

Export the settings/ EXP file from NSa3600/NSa3650/NSa3700 to NSa 3800

With the introduction of NSM 3.0, we have a migration application on NSM that supports converting EXP/settings files from NSa2600/NSa2650 onto NSa2800.

Which models are supported for on-box migration experience on NSa2800 and NSa3800?

NSa2800 supports in-product / on-box migration experience from NSa2600 and NSa2700 firewall models running the latest software versions like 6.5.4.13-105n/above and 7.0.1-5145/above

What configurations are not supported during the migration?

Interfaces like U1, VLAN, WLAN, and Tunnel are not supported during the migration. We recommend performing export/import for simple settings migration cases for bulk settings migration assistance, such as address objects, address groups, service objects, service groups, access rules, NAT Policies, and Route Policies. An error is displayed for all unsupported migrations.

Note: The above-listed limitations will not apply when migrating settings from a NSa2700 to NSa2800 and a NSa3700 to NSa3800.

Cloud Management, Reporting and Analytics

Which version of NSM can manage NSa2800 and NSa3800?

NSM version 3.0 and above can manage the NSa2800 and NSa3800 firewalls.

Do I need to pay for Cloud / Centralized management separately?

The support SKU or the EPSS, the APSS or MPSS license bundle includes cloud management at no additional cost. The APSS and MPSS bundles also include advanced reporting and analytics. Please refer to Table 1 for more details.

What cloud management services are included in each of the bundles?

NSa2800 and NSa3800 Support SKU include Support and Cloud Management with 7-day alerting. 7-day alerting refers to firewall UP/DOWN event reporting.

EPSS includes selective security services with 7 days of Basic Reporting.

APSS includes all the security services with Advanced cloud reporting and analytics for 7 days of data.

MPSS includes all security services, firewall-managed services, and 30 days of Advanced cloud reporting and analytics.

Are the flex packages available for cloud reporting?

We offer flex packages to add 30/90/365 days of Advanced Analytics and Reporting.

What is new in NSM 3.0?

NSM 3.0 brings in exciting new features. Please refer to the NSM 3.0 FAQ for more details:https://www.sonicwall.com/support/knowledge-base/250425105502713

Orderability & Activation

Is subscription mandatory for NSa2800 and NSa3800 to operate?

No, SonicWall NSa2800 and NSa3800 will operate as designed, even without any active service on the firewall, though this is not recommended.

What licenses besides EPSS, APSS, and MPSS hardware bundles are available?

Renewal SKUs for EPSS, APSS, MPSS, and flex SKUs for NSM Advanced reporting and analytics are available.

Customer Loyalty & Technology Migration Programs

Are NSa2800 and NSa3800 part of the Customer Loyalty Program?

Yes, buyers can use Secure Upgrade Plus to upgrade from their legacy firewalls to NSa2800/NSa3800 and qualify for special offers.

Are NSa2800 and NSa3800 of the SonicProtect Subscription Program?

Businesses can leverage SonicProtect Subscription on the 2600/3600 firewalls and upgrade to NSa2800/NSa3800 to enable cost protection and lock prices on multi-year APSS services.

Is 3&Free available for NSa2800 and NSa3800?

Yes, buyers can leverage the 3&Free promotional program with Cloud Secure Edge (CSE).

Raised Gen 6/6.5 renewal pricing: Announced 10th February, effective 1st May. 20% price increase on Gen 6/6.5 renewal SKUs. Please note that this is just a notification and will not be effective until May.

Gen 6 firewalls were launched in 2013 and Gen 6.5 firewalls launched in 2017 and are both approaching the end of support. Price adjustments are necessary for these appliances due to inflationary, logistical, and operational costs associated with maintaining legacy products.

Beat the increase and buy renewals before 1st May, or upgrade to a new Gen 7.

Subscriptions

Upgrades

How our more advanced DNS filtering capabilities add a layer of security to help Gen 7 customers avoid malicious websites, filter inappropriate content and improve performance.

With the internet now an integral part of our lives, ensuring a safe and secure online experience has never been more crucial. But as cyber threats continuously evolve and hackers grow more sophisticated, traditional security measures may no longer suffice. This is where DNS filtering, powered by SonicWall, both emerges as the first line of defense and interlocks with your firewall protection.

As part of the recent SonicOS 7.1 feature release, which focused on increasing threat protection, SonicWall introduced more advanced DNS filtering capabilities than were seen in previous generations. In the past, DNS security was limited to DNS Tunnel Detection and DNS Sinkholes. With the release of SonicOS 7.1, DNS filtering inspects DNS traffic in real time and provides the ability to block threats before they can reach your network.

The Significance of DNS Filtering

Layers of defense are necessary to safeguard critical business assets and information. DNS filtering acts as a robust shield against cyber threats by leveraging SonicWall’s advanced algorithms and real-time updates, which ensure that the latest threats are promptly identified and blocked. The deep packet inspection capabilities in SonicWall NGFWs discovers hidden threats in the headers and contents of data packets, while DNS filtering prevents users from reaching dangerous or unproductive sites and applications.

By accurately separating the harmless from the malicious, our solution fortifies your network, allowing your business to flourish without disruptions caused by cyber threats. Here are the three key ways DNS filtering accomplishes this:

Safeguarding Against Malicious Websites

The number of websites online today is mind-boggling — and some pose serious risks to unsuspecting users. These websites harbor malware, phishing scams and other threats. DNS filtering acts as a critical shield, intercepting users' DNS requests and cross-referencing them against a database of known malicious domains. By doing so, it effectively blocks users from accessing these suspicious websites, thus securing them from potential harm.

With DNS filtering, you can:

• Prevent inadvertent encounters with malicious websites
• Mitigate identity theft, financial loss, and the compromise of sensitive information
• Proactively block access to known malicious domains, reducing the risk of malware infections and other cyberattacks

Filtering Inappropriate Content

Apart from protecting against malicious websites, DNS filtering also serves as an effective means of filtering out inappropriate content. This aspect is particularly essential for those charged with safeguarding children and maintaining a safe online environment. DNS filtering empowers schools, parents and other guardians to establish filters that restrict access to adult content, violence and other unsuitable material. This feature provides peace of mind and cultivates a more nurturing online experience for kids and teens.

With DNS filtering, you can:

• Gain an additional layer of protection by blocking access to websites hosting explicit content, violence, or objectionable material
• Personalize filters to align with a specific set of needs or values, ensuring children are shielded from inappropriate content while ensuring access to age-appropriate materials relevant to coursework

Enhancing Network Performance

Another advantage of DNS filtering is its positive impact on network performance. By blocking access to unnecessary or undesirable websites, it reduces bandwidth consumption and optimizes internet speeds. This proves particularly beneficial in corporate environments, where unknowingly accessing sites can jeopardize network performance and security.

DNS filtering guarantees that only necessary and trusted websites are accessible, promoting a more efficient utilization of network resources.

With DNS filtering, you can:

• Prevent access to websites that consume excessive bandwidth or pose security risks
• Maximize internet speeds for critical tasks and applications

In conclusion, DNS filtering, supported by robust SonicWall capabilities, plays a vital role in maintaining a secure and productive online environment. By safeguarding against malicious websites, filtering inappropriate content and improving network performance, DNS filtering offers immense benefits to both individuals and organizations. In an era where cyber threats continue to grow in sophistication, DNS filtering offers a proactive way to combat potential risks.

Take Action Now: Deploy DNS Filtering Service

Don’t let cyber threats hinder your business potential. Secure your online journey today with our DNS Filtering Service, backed by the top-notch protection and unparalleled ease of use SonicWall is known for.

SonicWall’s 3 & Free promotion is here to stay and now includes Cloud Secure Edge (CSE) licenses along with free Gen 7 next-generation firewalls. When you purchase any 3-year Advanced Protection Services Suite (APSS) or Essential Protection Services Suite (EPSS), you get more than just cutting-edge firewalls for free —you also gain access to comprehensive protection from evolving modern threats, both inside and outside your network with CSE.

As today’s businesses rely more heavily on cloud environments and mobile devices, traditional security models based on perimeter defenses are no longer sufficient. CSE offers a transformative approach, replacing outdated VPN and network security methods. This cloud-delivered solution offers seamless, secure access to resources from any device, anywhere, without sacrificing performance or user experience. With CSE, SonicWall empowers your organization to embrace mobility and cloud adoption.

Now with each and every firewall from SonicWall, CSE seamlessly enables your users to securely access any resource from any device regardless of their physical location. Whether your users are working remotely, on the go, or within your organization’s premises, CSE ensures reliable and secure access, all while protecting against web-based and device threats.

Take advantage of SonicWall’s industry-leading Secure Service Edge (SSE) solution and secure your users no matter where they are. With the 3 & Free promotion now including CSE, it’s easier than ever to protect your network and workforce in today’s digital landscape.

Cloud Secure Edge User License Count

Datasheet: https://www.sonicwall.com/resources/datasheet/3-free-program

We, at SonicWall-Sales.com wishes everyone a very happy Christmas and prosperous New Year.

This year we will be running a reduced service between Christmas and the New Year. For hardware orders, the main warehouse is operating as follows:

Thank you to all our customers for a great 2024 together. We're going to be here for you again in 2025!

SONICWALL TZ80 IN STOCK >>>

SonicWall TZ80 Overview

SonicWall TZ80 is the perfect-fit subscription-based NGFW for small offices & home offices (SOHO). The firewall delivers high-security efficacy at a low TCO, the flexibility to meet changing security needs, rapid time-to-value, and a strong security posture. With best-in-class threat protection throughput, TZ80 creates a strong return on investment. Businesses can also transition from enabling basic secure connectivity to advanced protection, matching their dynamic security requirements. The firewall supports Zero Trust Access by Cloud Secure Edge integration, enabling authenticated access of private resources behind the firewall. TZ80 also drives quick onboarding and ease-of-use via zero-touch provisioning and simplified management.

TZ80 delivers:

• Superior encrypted threat prevention and performance
• Low TCO through ease of deployment and single pane of glass management
• Real-time network control and visibility while maintaining

How does SonicWall TZ80 security work?

TZ80 addresses the growing trends in hybrid and remote workplaces, multi-cloud deployments, perimeter-less network security, IoT or connected devices, and compact form-factor appliances. TZ80 delivers a solution that meets the need for automated, real-time breach detection and prevention with a best in-class threat protection performance and high reliability platform.

Benefits

• Better TCO on firewall inspection throughput
• Best-in-class threat protection throughput
• Licensing models for secure connectivity, advanced threat protection and managed protection services
• Zero-touch provisioning
• Remote and automatic configuration
• Bulk provisioning
• Harmonize on-box and cloud management UI/UX
• Rich monitoring and reporting features
• Support zero-trust with integrated Cloud Secure Connector

Why TZ80?

• Low total cost of ownership, small form-factor – ideal for rural broadband, SOHO, IoT, events and hospitality, store-in-store deployments
• No performance impact with advanced threat protection and VPN services
• 2.5x to 4x performance improvements over legacy SOHO offerings
• Scalable SaaS management with model configuration template
• Automated synchronization between on-box and Cloud management
• Comprehensive reporting and analytics
• Zero-touch deployment
• Consistent performance and high reliability
• ZTNA & SSE support

Use Cases

• Small office, home office (SOHO) - The hybrid and remote workplace environment needs to secure connectivity, and seamless zero trust access. TZ80 combines SD-WAN and Zero Trust Network Access (ZTNA) capabilities to enable threat prevention, secure connectivity, and secure private application access.
• IoT Gateway - The hybrid and remote workplace environment needs to secure connectivity, and easy zero trust access. IoT devices are not usually designed with security in mind but are usually used in communications on untrusted cellular and wireless networks. TZ80 can secure the IoT deployments with its threat protection, performance and SD-WAN and scalable management capabilities.
• MicroSMB - MicroSMBs face budget constraints to protect against malware and other cyberthreats. They also run the risk of being part of a supply chain attack. TZ80, with a low TCO, allows for micro and macro network segmentation, and use DPI to detect and block malicious traffic.
• Rural broadband - Businesses in rural broadband environments are not immune to cyberthreats. The remote landscape plus skill gap and high costs of maintaining secure infrastructure renders them even more vulnerable. TZ80 with its best in class threat protection and performance, and centralized management.
• Events & Hospitality - Conferences require east-west and north-south secure connectivity for their exhibitions and booths. They also need rapid security deployment. TZ80 allows simplified deployment for a micro-perimeter security and zero trust access to private networks and applications.
• Service Providers - Service Providers for retail, healthcare, financial services, hospitality (including restaurants) and public safety. Transportation and trade shows, managing remote users and with a remote workforce require an easy-to-manage and easy-to-deploy security solution. TZ80 supports NSM 2.6 and above to deliver zero touch provisioning and bulk management for ease-of-management.
• Other use-cases: Pop-up stores, short-term offices or meeting centres, interactive kiosks (store within a store), storage spaces and remote or mobile workforce.

Licensing Model

TZ80 is a subscription-based model with 1, 3, and 5-year terms.

SONICWALL TZ80 IN STOCK >>>

From 1st November 2024 SonicWall have increased the Secure Upgrade bundles - both 2 and 3 years by 2% to 5%.

Full list of increases:

SonicWall Support

Technical support is available to customers who have purchased SonicWall products with a valid maintenance contract.

The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year.

The Support Portal enables you to:

• View knowledge base articles and technical documentation
• View and participate in the Community Forum discussions
• View video tutorials
• Access MySonicWall
• Learn about SonicWall professional services
• Review SonicWall Support services and warranty information
• Register at SonicWall University for training and certification

SonicWall’s Product Security Incident Response Team (PSIRT) team has identified and confirmed a critical vulnerability in certain older versions of its firewall firmware, and we want to ensure that you are aware and prepared to mitigate any potential risks. We have released a new firmware update that includes important security fixes.

‌KB Article: https://www.sonicwall.com/support/knowledge-base/p...

‌As part of SonicWall’s commitment to be fully transparent this is a communication notifying impacted customers that there is evidence of active exploitation of the vulnerability. SonicWall strongly advises SonicWall SOHO (Gen 5), Gen 6 and Gen 7 devices running SonicOS 7.0.1-5035 and previous versions to ensure that all access controls are correctly configured according to SonicWall's best practices. To minimize potential impact please restrict firewall management access to trusted sources or disable firewall WAN management access from Internet sources, then apply the patch as soon as possible. If you have any further questions on restricting/disabling WAN management access or require additional information, please contact your Authorized SonicWall Partner or SonicWall Technical Support.

More information on how to

do this can be found here: https://www.sonicwall.com/support/knowledge-base/h....