NSA Series DS_US CG3500 Sonicwall 5000 4500 3500 2400 240

User Manual: CG3500

Open the PDF directly: View PDF PDF.
Page Count: 4

DownloadNSA Series DS_US CG3500 Sonicwall-nsa-5000-4500-3500-2400-240
Open PDF In BrowserView PDF
The SonicWALL Network Security Appliance Series
N E T WO R K SECU R I T Y

■

SonicWALL’s next
generation security

■

Scalable multi-core
hardware and
reassembly-free deep
packet inspection

■

Stateful high availability
and load balancing
features

■

High performance
and lowered TCO

■

Advanced routing services
and networking features

■

Standards-based Voice
over IP (VoIP)

■

Secure distributed wireless
LAN services

■

Onboard Quality of
Service (QoS)

Next Generation Unified Threat Management Protection

Organizations of all sizes depend on their networks to access internal and external mission-critical
applications. As advances in networking continue to provide tremendous benefit to organizations,
they are increasingly challenged by sophisticated and financially-motivated attacks designed to
disrupt communication, degrade performance and compromise data.
Malicious attacks penetrate outdated stateful packet inspection firewalls by exploiting higher network
levels. Point products add layers of security, but are costly, difficult to manage, limited in controlling
network misuse and ineffective against the latest multipronged attacks. The SonicWALL® Network
Security Appliance (NSA) Series revolutionizes network security, utilizing a breakthrough multi-core
design and patented Reassembly-Free Deep Packet Inspection™ (RFDPI) technology* offering
complete protection without compromising network performance. This platform was first made
available on the SonicWALL E-Class NSA Series, and it is now available for mid-sized organizations.
The NSA Series overcomes the limitations of existing security solutions by scanning the entirety of
each packet for current internal and external threats in real time. Built on a high-speed multi-core
processing platform, the NSA Series enables deep packet inspection without adversely impacting
the performance of mission-critical networks and applications.
The NSA Series applies next-generation Unified Threat Management (UTM) against a
comprehensive array of attacks, combining intrusion prevention, anti-virus and antispyware with the application-level control of SonicWALL Application Firewall. With
advanced routing, stateful high-availability and high-speed VPN technology, the NSA Series adds
security, reliability, functionality and productivity to branch offices, central sites and distributed
mid-enterprise networks, while minimizing cost and complexity.
Comprised of the SonicWALL NSA 240, 2400, NSA 3500, NSA 4500 and NSA 5000, the NSA Series
offers a scalable range of solutions designed to meet the network security needs of any organization.
Features and Benefits
SonicWALL’s next generation security incorporates
a new level of UTM that integrates intrusion prevention,
gateway anti-virus and anti-spyware and features the
Application Firewall suite of configurable tools to prevent
data leakage and offer granular application control.
Scalable multi-core hardware and reassembly-free
deep packet inspection scans and eliminates threats
of unlimited file sizes, and provides virtually unrestricted
concurrent connections with uncompromising speed.
The NSA 240 Series can be configured using primary or
secondary modem or 3G wireless interfaces for futureproofed extensibility.
Stateful high availability and load balancing features
in SonicOS 5.0 Enhanced maximize total network bandwidth and maintain seamless network uptime, delivering
uninterrupted access to mission-critical resources, and
ensuring that VPN tunnels and other network traffic will
not be interrupted in the event of a failover.
High performance and lowered TCO are achieved
by using the processing power of multiple cores in
unison to dramatically increase throughput and provide
simultaneous inspection capabilities, while lowering
power consumption.

Advanced routing services and networking features
incorporate advanced networking and security
technology including 802.1q VLANs, WAN/WAN failover,
zone and object-based management, load balancing,
advanced NAT modes and more, providing granular
configuration flexibility and comprehensive protection
at the administrator’s discretion.
Standards-based Voice over IP (VoIP) capabilities
provide the highest levels of security for every element of
the VoIP infrastructure, from communications equipment
to VoIP-ready devices such as SIP Proxies, H.323 Gatekeepers
and Call Servers.
Secure distributed wireless LAN services enable the
appliance to function as a secure wireless switch and
controller that automatically detects and configures
SonicPoints,™ SonicWALL wireless access points, for secure
remote access in distributed network environments.
Onboard Quality of Service (QoS) features use industry
standard 802.1p and Differentiated Services Code Points
(DSCP) Class of Service (CoS) designators to provide
powerful and flexible bandwidth management that is
vital for VoIP, multimedia content and business-critical
applications.

*U.S. Patent 7,310,815–A method and apparatus for data stream analysis and blocking.

Dynamic Security Architecture and Management

Eliminated Threats &
Non-business Traffic

1
Clean VPN

Application Control

Content Filtering

Anti-Spyware

3
Firewall

Automatic Threat
Database Updates

Intrusion Prevention

SonicWALL Real-time
Unified Threat
Management

Gateway Anti-Virus

SonicWALL Deep Packet Inspection Architecture

Clean Traffic

Emerging
Blended Threats
Viruses

Routing

Exploits

PROT

L7

L4

Bandwidth
Management

L3

Spyware

L2

Traffic
IN

Forwarding
Engine

Network
I/O Engine

Traffic
OUT

Bandwidth
Management
QoS

Defrag

Stateful Classification and Transformation
Normal

Presentation

Flow Order

2
Update Engine

Best-in-Class Threat Protection

Clean VPN

Content Filtering

Application Control

Processor

UTM Load Balancing

Deep Packet Inspection Architecture

Anti-Spyware

Multi-processor Core
with Deep Packet Inspection

Intrusion Prevention

Unified Threat Management Load Balancing
Single processor designs that include multiple
protection technologies are severely limited
by a single centralized processor. SonicWALL
UTM load balancing integrates a high-speed
deep packet inspection and traffic classification
engine onto multiple security cores inspecting
applications, files and content-based traffic
in real time without significantly impacting
performance or scalability. This enables the
scanning and control of threats for networks
that carry bandwidth intensive and latency
sensitive applications.

3 The Network Security Appliance Series provides
dynamic network protection through continuous,
automated security updates, protecting against
emerging and evolving threats, without requiring
any administrator intervention.

Firewall

2 The SonicWALL Reaseembly-Free Deep Packet
Inspection (RFDPI) technology utilizes SonicWALL’s
multi-core architecture to scan packets in real-time
without stalling traffic in memory.

This functionality allows threats to be identified and
eliminated over unlimited file sizes and unrestricted
concurrent connections, without interruption.

Gateway Anti-Virus

1 SonicWALL deep packet inspection protects against
network risks such as viruses, worms, Trojans, spyware,
phishing attacks, emerging threats and Internet misuse.
Application Firewall adds highly-configurable controls
to prevent data leakage and manage bandwidth at the
application level.

Processor

Traffic In

Traffic Out
Processor

Processor

Inspection
Performance

Processor

Eliminated
Threats

Suppliers
Internet

Clean Traffic
Mobile Users
UTM Engine

Internal
Network

SonicWALL Clean VPN™
The Network Security Appliance Series includes innovative
SonicWALL Clean VPN™ technology which decontaminates
vulnerabilities and malicious code from remote mobile users
and branch offices traffic before it enters the corporate
network, and without user intervention.

Centralized Policy Management
The Network Security Appliance Series can be managed
using the SonicWALL Global Management System (GMS),
which provides flexible, powerful and intuitive tools to
centrally manage configurations, view real-time monitoring
metrics and integrate policy and compliance reporting.

Flexible, Customizable Deployment Options – NSA Series At-A-Glance
Every SonicWALL Network Security Appliance solution
delivers next generation Unified Threat Management
protection, utilizing a breakthrough multi-core
hardware design and Reassembly-Free Deep Packet
Inspection for internal and external network protection
without compromising network performance. Each
NSA Series product combines high-speed intrusion
prevention, file and content inspection, and powerful
Application Firewall controls with an extensive array of
advanced networking and flexible configuration
features. The NSA Series offers an accessible, affordable
platform that is easy to deploy and manage in a wide
variety of corporate, branch office and distributed
network environments.
■

■

■

Internet
Branch Office
Reporting
and analysis

Fixed
Telecommuter

NSA Series

The SonicWALL NSA 5000 sits at the top of the line,
and is ideal for the most demanding campus and
distributed network environments
The SonicWALL NSA 4500 is ideal for corporate
central-site and large distributed environments
requiring high throughput capacity and performance
The SonicWALL NSA 3500 is ideal for corporate,
branch office and distributed environments needing
significant throughput capacity and performance

■

The SonicWALL NSA 2400 is ideal for small-to-midsize
corporate and branch office environments concerned
about throughput capacity and performance

■

The SonicWALL NSA 240 is ideal for small-to-midsize
businesses and branch office sites.

GMS Server

VoIP

Centralized
Management

Corporate Desktop

Corporate Desktop

Marketing VLAN

Corporate Desktop

Corporate Desktop

Enforced Client and Server Anti-Virus and Anti-Spyware
delivers comprehensive virus and spyware
protection for laptops, desktops and servers
using a single integrated client and offers
automated network-wide enforcement
of anti-virus and anti-spyware policies,
definitions and software updates.
Content Filtering Service enforces protection and
productivity policies by employing an
innovative rating architecture, utilizing
a dynamic database to block up to 56
categories of objectionable Web
content.

SonicPoint
Wireless Laptops

Corporate Headquarters/Branch Office

Server Anti-Virus
and Anti-Spyware
Servers Anti-Threat
Protection

Enforced Client
Anti-Virus
and Anti-Spyware
Client PCs Anti-Threat
Protection

VPN

Global
VPN
Client

Key Features
Gateway Anti-Virus, Anti-Spyware, Intrusion
Prevention Service and Application Firewall delivers
intelligent, real-time network security
protection against sophisticated
application layer and content-based
attacks including viruses, spyware,
worms, Trojans and software
vulnerabilities such as buffer overflows.
Application Firewall delivers a suite of configurable
tools designed to prevent data leakage while
providing granular application-level controls.

Servers

Finance VLAN

ViewPoint Reporting delivers easy-to-use, Web-based
capabilities that provide administrators
with instant comprehensive insight into
network performance and security.
Delivered through a series of historical
reports using dashboards and detailed
summaries, ViewPoint helps organizations
of all sizes track Internet usage, fulfill regulatory compliance
requirements and monitor the security status of their network.
Dynamic Support Services are available 8x5 or 24x7
depending on customer needs. Features
include world-class technical support,
crucial firmware updates and upgrades,
access to extensive electronic tools and
timely hardware replacement to help
organizations get the greatest return
on their SonicWALL investment.

Content Filtering
Service
Web Site and
Content
Usage Control

Gateway Anti-Virus
Anti-Spyware and Intrusion
Prevention Service
Perimeter and Network
Protection

Specifications
NSA 240

NSA 2400

NSA 3500

NSA 4500

NSA 5000

600 Mbps
115 Mbps
195 Mbps
110 Mbps
195 Mbps
25,000/35,000**
2,000

775 Mbps
160 Mbps
275 Mbps
150 Mbps
235 Mbps
48,000
4,000

3.5 Gbps
800 Mbps
1.7 Gbps
800 Mbps
950 Mbps
600,000
12,000

16

32

64

150 Mbps
25/50**
2 (25)

300 Mbps
75
10 (250)

Firewall

Network Security Appliance 5000
01-SSC-7042
NSA 5000 TotalSecure (1-year)
01-SC-7031

SonicOS Version
Stateful Throughput*
GAV Performance*
IPS Performance*
UTM Performance Throughput*
IMIX Performance*
Maximum Connections
New Connections/Sec
Nodes Supported
Denial of Service Attack Prevention
SonicPoints Supported (Maximum)

SonicOS Enhanced 5.0 (or higher)
1.5 Gbps
2.75 Gbps
350 Mbps
690 MBps
750 Mbps
1.4 Gbps
240 Mbps
600 Mbps
580 Mbps
700 Mbps
128,000
450,000
7,000
10,000
Unrestricted
22 classes of DoS, DDoS and scanning attacks
32
64

VPN

Network Security Appliance 4500
01-SSC-7012
NSA 4500 TotalSecure (1-year)
01-SC-7032

3DES/AES Throughput*
Site-to-Site VPN Tunnels
Bundled Global VPN Client Licenses
for Remote Access (Maximum)
Encryption / Authentication
Key Exchange
L2TP/IPSec
Certificate Support
Dead Peer Detection
DHCP Over VPN
IPSec NAT Traversal
Redundant VPN Gateway
Global VPN Client Platform Supported

625 Mbps
800
50 (1,000)

1.0 Gbps
1,500
500 (3,000)

1.5 Gbps
2,500
1,000 (3,500)

DES, 3DES, AES (128, 192, 256-bit), MD5, SHA-1
IKE, IKEv2, Manual Key, PKI (X.509)
Yes
Verisign, Thawte, Cybertrust, RSA Keon, Entrust, and Microsoft CA for SonicWALL-to-SonicWALL VPN
Yes
Yes
Yes, NAT_Tv00 and v03
Yes
Microsoft® Windows 2000, Windows XP, Microsoft® Vista 32-bit

Deep Packet Inspection Security Services

Network Security Appliance 3500
01-SSC-7016
NSA 3500 TotalSecure (1-year)
01-SC-7033

Deep Packet Inspection
Signature Service
Content Filtering Service (CFS)
Premium Edition
Gateway-enforced Client
Anti-Virus and Anti-Spyware
Application Firewall

Comprehensive signature database. Peer- to-peer and instant messaging control and
signature updates through Distributed Enforcement Architecture
HTTP URL,HTTPS IP, keyword and content scanning ActiveX, Java Applet, and cookie blocking
HTTP/S, SMTP, POP3, IMAP and FTP, Enforced McAfee™ Clients E-mail attachment blocking
Provides application level enforcement and bandwidth control, regulate Web traffic, e-mail, e-mail attaches
and file transfers, scan and restrict documents and files for key words and phrases

Networking

Network Security Appliance 2400
01-SSC-7020
NSA 2400 TotalSecure (1-year)
01-SC-7035

IP Address Assignment
NAT Modes
VLAN Interfaces (802.1q)
Routing
QoS
IPv6
Authentication
User Database
VoIP

10/25**

100 users

Static, (DHCP, PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP relay
1:1, 1:many, many:1, many:many, flexible NAT (overlapping IPs), PAT, transparent mode
128
128
256
256
OSPF, RIPv1/v2, static routes, policy-based routing, Multicast
Bandwidth priority, maximum bandwidth, guaranteed bandwidth, DSCP marking, 802.1p
IPv6 Ready
XAUTH/RADIUS, Active Directory, SSO, LDAP, internal user database
250 users
500 users
1,000 users
1,500 users
Full H.323v1-5, SIP, gatekeeper support, outbound bandwidth management, VoIP over WLAN,
deep inspection security, full interoperability with most VoIP gateway and communications devices

System

Network Security Appliance 240
TotalSecure (1-year)
01-SSC-8760

Certifications

Zone Security
Yes
Schedules
Yes
Object-based/Group-based Management
Yes
DDNS
Yes
Management and Monitoring
Web GUI (HTTP, HTTPS), Command Line (SSH, Console), SNMP v2: Global management with SonicWALL GMS
Logging and Reporting
ViewPoint,® Local Log, Syslog
High Availability
Optional Active/Passive with State Sync**
Optional Active/Passive with State Sync
Active/Passive with State Sync
Load Balancing
Yes, (Outgoing with percent-based, round robin and spill-over); (Incoming with round robin,
random distribution, sticky IP, block remap and symmetrical remap)
Standards
TCP/IP, UDP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS
Wireless Standards
802.11 a/b/g, WEP, WPA, TKIP, 802.1x, EAP-PEAP, EAP-TTLS
Hardware
Interfaces

Memory (RAM)
Flash Memory
Power Supply
Fans
Power Input
Max Power Consumption
Total Heat Dissipation
Certifications
Certifications Pending

(3) GE Gigabit Ports+ (6) 10/100,
2 USB Future Use, PC Card Slot
(Optional 3G/Analog Modem),
1 Console Interface
256 MB
32 MB Compact Flash
36W External
No Fan
10-240V, 50-60Hz
15W
51.1BTU

Form Factor
and Dimensions
Weight
WEEE Weight
Major Regulatory
Environment
MTBF
Humidity

For more information on SonicWALL
network security solutions, please visit
www.sonicwall.com.

(6) 10/100/1000 Copper Gigabit Ports, 1 Console Interface, 2 USB (Future Use)
512 MB

42W
144BTU

512 MB
512 MB Compact Flash
Single 180W ATX Power Supply
2 Fans
100-240Vac, 60-50Hz
64W
219BTU

–
ICSA Firewall 4.1, Common Criteria EAL-4+, FIPS 140-2

512 MB

1 GB

66W
66W
225BTU
225BTU
EAL4+, FIPS 140-2 Level 2
1.0d ICSA Firewall 4.1

7.125 x 1.5 x 10.5 in/
18.10 x 3.81 x 26.67 cm

1U rack-mountable/
1U rack-mountable/
17 x 10.25 x 1.75 in/
17 x 13.25 x 1.75 in/
43.18 x 26 x 4.44 cm
43.18 x 33.65 x 4.44 cm
2.55Lb/1.16Kg
8.05 lbs/ 3.65 kg
11.30 lbs/ 5.14 kg
3.15Lb/1.43Kg
8.05 lbs/ 3.65 kg
11.30 lbs/ 5.14 kg
FCC Class A, CES Class A, CE, C-Tick, VCCI, Compliance MIC, UL, cUL, TUV/GS, CB, NOM, RoHS, WEEE
32-105° F, 0-40° C
40-105° F, 5-40° C
TBD
16.0 years
14.3 years
14.1 years
14.1 years
0-95% non-condensing
10-90% non-condensing

* Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services. VPN throughput UDP
traffic at 1418 byte packet size adhering to RFC 2544. UTM performance is based on HTTP tests run on the Spirent Avalanche/Reflector. Testing done with multiple flows through multiple port pairs.
** Only with the NSA 240 Series Stateful HA and Expansion Upgrade

SonicWALL, Inc.
1143 Borregas Avenue

T +1 408.745.9600

Sunnyvale CA 94089-1306

F +1 408.745.9300

www.sonicwall.com

©2008 SonicWALL and the SonicWALL logo are registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of
their respective companies. Specifi cations and descriptions subject to change without notice. 09/08 SW 396



Source Exif Data:
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.4
Linearized                      : No
Page Mode                       : UseThumbs
XMP Toolkit                     : 3.1-701
Producer                        : Acrobat Distiller 7.0.5 for Macintosh
Modify Date                     : 2008:09:19 16:59:15-07:00
Creator Tool                    : InDesign: pictwpstops filter 1.0
Create Date                     : 2008:09:19 16:58:10-07:00
Metadata Date                   : 2008:09:19 16:59:15-07:00
Format                          : application/pdf
Creator                         : Roy Tazuma
Title                           : NSA Series DS_US.indd
Document ID                     : uuid:ea863b98-86a6-11dd-a938-000a95c4e7c4
Instance ID                     : uuid:f6ae1e62-86a6-11dd-a0bc-000a95c4e7c4
Page Count                      : 4
Author                          : Roy Tazuma
EXIF Metadata provided by EXIF.tools

Navigation menu