The SonicWall Network Security appliance (NSa) series provides mid-sized networks, branch offices and distributed enterprises with advanced threat prevention in a high-performance security platform. Combining next-generation firewall technology with our patentpending Real-Time Deep Memory Inspection (RTDMI) and patented Reassembly-Free Deep Packet Inspection (RFDPI) engines on a multi-core architecture, the NSa series offers the security, performance and control organizations require.
- Superior threat prevention
- High-performance architecture
- Network control and flexibility
- 802.11ac Wave 2 wireless
- Broad mobility support
- High port density
*** This product is a promotional upgrade - for customers upgrading from earlier SonicWall firewalls, or from competitive products
Firewall Product Features
Warranty & Support
|Hardware overview||NSa 3650|
|Operating system||SonicOS 6.5.x|
|Security processing cores||4
|Interfaces||2 x 10-GbE SFP+, 8 x 2.5-GbE SFP, 4 x 2.5-GbE, 12 x 1-GbE, 1 GbE Management, 1 Console|
|Expansion||1 Expasion Slot (Rear) *
|Management||CLI, SSH, Web UI, Capture Security Center, GMS, REST APIs|
|Single Sign On (SSO) Users||50,000|
|Access points supported (max)||96|
|Logging||Analyzer, Local Log, Syslog, IPFIX, NetFlow|
|Firewall inspection throughput1||3.75 Gbps|
|Threat Prevention throughput2 (Max Security)||1.75 Gbps|
|Application inspection throughput2||2.1 Gbps|
|IPS throughput2||1.8 Gbps|
|Anti-malware inspection throughput2||1.5 Gbps|
|IMIX throughput3||900 Mbps|
|TLS/SSL inspection and decryption throughput (DPI SSL)2||320 Mbps|
|VPN throughput2||1.5 Gbps|
|Connections per second||14,000|
|Maximum connections (SPI)||2,000,000|
|Maximum connections (DPI)||750,000|
|Maximum connections (DPI SSL)||24,000|
|Default connections (DPI/DPI SSL)4||625,000/15,000|
|Site-to-site VPN tunnels||3,000|
|IPSec VPN clients (maximum)||500 (3,000)|
|SSL VPN licenses (maximum)||2 (500)|
|Encryption/authentication||DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B Cryptography|
|Key exchange||Diffie Hellman Groups 1, 2, 5, 14v
|Route-based VPN||RIP, OSPF, BGP|
|IP address assignment||Static (DHCP, PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP Relay|
|NAT modes||1:1, many:1, 1:many, flexible NAT (overlapping IPS), PAT, transparent mode|
|Routing protocols||BGP, OSPF, RIPv1/v2, static routes, policy-based routing|
|QoS||Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p|
|Authentication||LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC)|
|VoIP||Full H.323-v1-5, SIP|
|Standards||TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3|
||ICSA Firewall, ICSA Anti-Virus, FIPS 140-2, Common Criteria NDPP (Firewall and IPS), UC APL, USGv6, CsFC|
|High Availability||Active/Passive with State Sync, Active/Active Clustering|
|Power supply||Dual, redundant 120W (one included)|
||100-240 VAC, 50-60 Hz|
|Maximum power consumption (W)||46
|MTBF @25ºC in hours||156,681|
|MTBF @25ºC in years||17.9|
||1U Rack Mountable|
|Dimensions||16.9 x 12.8 x 1.8 in (43 x 32.5 x 4.5 cm)|
|Weight||11.7 lb (5.3 kg)|
|WEEE weight||12.3 lb (5.6 kg)|
|Shipping weight||17.2 lb (7.8 kg)|
|Major regulatory||FCC Class A, CE (EMC, LVD, RoHS), C-Tick, VCCI Class A, MSIP/KCC Class A, UL, cUL, TUV/GS, CB, Mexico CoC by UL, WEEE , REACH, ANATEL, BSMI|
|Environment(Operatin/Storage)||32°-105° F (0°-40° C)/-40° to 158° F (-40° to 70° C)|
1Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services.
2Threat Prevention/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs. Threat Prevention throughput measured with Gateway AV, Anti-Spyware, IPS and Application Control enabled. DPI SSL performance measured on HTTPS traffic with IPS enabled.
3VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544. All specifications, features and availability are subject to change.
4For every 125,000 DPI connections reduced, the number of available DPI SSL connections increases by 3,000 except for NSa 9250 and above.
5Active/Active Clustering and Active/Active DPI with State Sync require purchase of Expanded License.
*Future use. All specifications, features and availability are subject to change.
- Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention and Application Intelligence and Control Service subscription
- Content Filtering Service subscription
- 24x7 Support subscription
- Capture Advanced Threat Protection (ATP) Service subscription (click for datasheet)
At a glance
Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention, Application Intelligence and Control Service - CGSS & AGSS
- Real-time gateway anti-virus engine that scans for viruses, worms, Trojans and other Internet threats in real-time.
- Dynamic spyware protection blocks the installation of malicious spyware and disrupts existing spyware communications.
- Powerful intrusion prevention protects against an array of network-based threats such as worms, Trojans and other malicious code.
- Application intelligence and control provides application classification and policy enforcement.
- Dynamically updated signature database for continuous threat protection.
Content Filtering Service (CFS) - CGSS & AGSS
- Comprehensive content filtering provides control of internal access to inappropriate, unproductive and potentially illegal web content.
- Website ratings cached locally on SonicWall firewalls make response time to frequently visited sites virtually instantaneous.
- Dynamically updated rating architecture cross-references all requested websites against a database in the cloud containing millions of URLs, IP addresses and domains and then compares each rating to the local policy setting.
24x7 Support - CGSS & AGSS
- Software and firmware updates and upgrades maintain network security to keep your solution as good as new.
- Around-the-clock access to chat, telephone, email and web-based support for basic configuration and troubleshooting assistance.
- Advance Exchange hardware replacement in the event of failure.
- Annual subscription to SonicWall’s Service Bulletins and access to electronic support tools and moderated discussion groups.
Capture Advanced Threat Protection (Capture ATP) - AGSS
- Block zero-day attacks before they enter your network.
- Rapidly deploy remediation signatures to other network security appliances.
- Establish advanced protection against the changing threat landscape.
- Analyze a broad range of file types.
- SonicWall NSa 3650 [01-SSC-1937] £2981.00
- SonicWall NSa 3650 TotalSecure - Advanced Edition (1 Year) [01-SSC-4081] £5104.00
- SonicWall NSa 3650 High Availability (HA) Unit [01-SSC-3215] £2376.00
- SonicWall NSA 3650 Secure Upgrade Plus - Advanced Edition (2 Years) [01-SSC-4079] £5104.00
- SonicWall NSA 3650 Secure Upgrade Plus - Advanced Edition (3 Years) [01-SSC-4082] £6597.00
1. SonicWall support subscriptions & renewals
2. SonicWall security subscriptions & renewals
- Advanced Gateway Security Suite for NSA 2650 (1 Year) [01-SSC-1783] £1582.00
- Gateway Anti-Malware, Intrusion Prevention and Application Control for NSA 2650 (1 Year) [01-SSC-1976] £556.00
- SonicWall Capture Advanced Threat Protection Service for NSA 2650 (1 Year) [01-SSC-1935] £369.00
- Content Filtering Service Premium Business Edition for NSA 2650 (1 Year) [01-SSC-1970] £742.00
- SonicWall Comprehensive Anti-Spam Service for NSA 2650 (1 Year) [01-SSC-2001] £742.00
3. SonicWall remote access client licences
4. SonicWall add-ons & replacements
- NSa 2650 High Availability Conversion License to Standalone Unit [01-SSC-2317] £559.00
5. SonicWall centralised management & reporting
- SonicWall GMS 5 Node Software License [01-SSC-7680] £1414.00