1. The SonicWALL Network Security Appliance Series
N E T WO R K SECU R I T Y Next Generation Unified Threat Management Protection
Organizations of all sizes depend on their networks to access internal and external mission-critical
applications. As advances in networking continue to provide tremendous benefit to organizations,
they are increasingly challenged by sophisticated and financially-motivated attacks designed to
disrupt communication, degrade performance and compromise data.
n SonicWALL’s next Malicious attacks penetrate outdated stateful packet inspection firewalls by exploiting higher network
generation security levels. Point products add layers of security, but are costly, difficult to manage, limited in controlling
network misuse and ineffective against the latest multipronged attacks. The SonicWALL® Network
n Scalable multi-core Security Appliance (NSA) Series revolutionizes network security, utilizing a breakthrough multi-core
hardware and design and patented Reassembly-Free Deep Packet Inspection™ (RFDPI) technology* offering
Reassembly-Free Deep complete protection without compromising network performance. This platform was first made
Packet Inspection
available on the SonicWALL E-Class NSA Series, and it is now available for mid-sized organizations.
n Stateful High Availability The NSA Series overcomes the limitations of existing security solutions by scanning the entirety of
and load balancing each packet for current internal and external threats in real time. Built on a high-speed multi-core
features processing platform, the NSA Series enables deep packet inspection without adversely impacting
n High performance the performance of mission-critical networks and applications.
and lowered TCO The NSA Series applies next-generation Unified Threat Management (UTM) against a
n Advanced routing services
comprehensive array of attacks, combining intrusion prevention, anti-virus and anti-
and networking features spyware with the application-level control of SonicWALL Application Intelligence Service.
With advanced routing, stateful high-availability and high-speed IPSec and SSL VPN technology,
n Standards-based Voice the NSA Series adds security, reliability, functionality and productivity to branch offices, central
over IP (VoIP) sites and distributed mid-enterprise networks, while minimizing cost and complexity.
n Secure distributed wireless Comprised of the SonicWALL NSA 240, 2400, NSA 3500 and NSA 4500, the NSA Series offers a
LAN services scalable range of solutions designed to meet the network security needs of any organization.
n Onboard Quality of
Features and Benefits
Service (QoS)
SonicWALL’s next generation security incorporates Advanced routing services and networking features
a new level of UTM that integrates intrusion prevention, incorporate advanced networking and security
gateway anti-virus and anti-spyware and features the technology including 802.1q VLANs, Multi-WAN failover,
Application Intelligence Service suite of configurable zone and object-based management, load balancing,
tools to prevent data leakage and offer granular advanced NAT modes and more, providing granular
application control. configuration flexibility and comprehensive protection
Scalable multi-core hardware and Reassembly-Free at the administrator’s discretion.
Deep Packet Inspection scans and eliminates threats Standards-based Voice over IP (VoIP) capabilities
of unlimited file sizes, and provides virtually unrestricted provide the highest levels of security for every element of
concurrent connections with uncompromising speed. the VoIP infrastructure, from communications equipment
The NSA 240 can be configured using primary or to VoIP-ready devices such as SIP Proxies, H.323 Gatekeepers
secondary modem or 3G wireless interfaces for future- and Call Servers.
proofed extensibility.
Secure distributed wireless LAN services enable the
Stateful High Availability and load balancing appliance to function as a secure wireless switch and
features in SonicOS 5.5 Enhanced maximize total controller that automatically detects and configures
network bandwidth and maintain seamless network SonicPoints, SonicWALL wireless access points, for secure
™
uptime, delivering uninterrupted access to mission-critical remote access in distributed network environments.
resources, and ensuring that VPN tunnels and other network
Onboard Quality of Service (QoS) features use industry
traffic will not be interrupted in the event of a failover.
standard 802.1p and Differentiated Services Code Points
High performance and lowered TCO are achieved (DSCP) Class of Service (CoS) designators to provide
by using the processing power of multiple cores in powerful and flexible bandwidth management that is
unison to dramatically increase throughput and provide vital for VoIP, multimedia content and business-critical
simultaneous inspection capabilities, while lowering applications.
power consumption.
*U.S. Patent 7,310,815–A method and apparatus for data stream analysis and blocking.
2. Dynamic Security Architecture and Management
SonicWALL Deep Packet Inspection Architecture Eliminated Threats &
Non-business Traffic
SonicWALL Real-time Automatic Threat
Application Intelligence
Intrusion Prevention
3 1
Gateway Anti-Virus
Database Updates
Unified Threat
Content Filtering
Anti-Spyware
Clean VPN
Management Clean Traffic
Firewall
Emerging
Blended Threats
Forwarding
Viruses Engine
Network
I/O Engine Routing
Spyware
Traffic Traffic
PROT
Bandwidth
L4
L2
L7
L3
IN Management Bandwidth
OUT
Exploits Management
Defrag
Stateful Classification and Transformation
Normal Flow Order Presentation
2
Update Engine
Best-in-Class Threat Protection
1 SonicWALL deep packet inspection protects against This functionality allows threats to be identified and
network risks such as viruses, worms, Trojans, spyware, eliminated over unlimited file sizes and unrestricted
phishing attacks, emerging threats and Internet misuse. concurrent connections, without interruption.
Application Application Intelligence adds highly-
3 The Network Security Appliance Series provides
configurable controls to prevent data leakage and
dynamic network protection through continuous,
manage bandwidth at the application level.
automated security updates, protecting against
2 The SonicWALL Reaseembly-Free Deep Packet emerging and evolving threats, without requiring
Inspection (RFDPI) technology utilizes SonicWALL’s any administrator intervention.
multi-core architecture to scan packets in real time
without stalling traffic in memory.
Unified Threat Management Load Balancing Multi-processor Core
with Deep Packet Inspection
Deep Packet Inspection Architecture
Single processor designs that include multiple
Intrusion Prevention
Application Control
Gateway Anti-Virus
Content Filtering
Anti-Spyware
protection technologies are severely limited
Clean VPN
Firewall
Processor
UTM Load Balancing
by a single centralized processor. SonicWALL
UTM load balancing integrates a high-speed Processor
deep packet inspection and traffic classification Tra c In Tra c Out
engine onto multiple security cores inspecting Processor
applications, files and content-based traffic
in real time without significantly impacting Processor Inspection
Performance
performance or scalability. This enables the
scanning and control of threats for networks Processor
that carry bandwidth intensive and latency
sensitive applications.
Eliminated
Threats
Suppliers
Internet
Clean Tra c
Mobile Users
UTM Engine Internal
Network
Telecommuters
SonicWALL Clean VPN
The Network Security Appliance Series includes innovative
SonicWALL Clean VPN™ technology which decontaminates
vulnerabilities and malicious code from remote mobile users Centralized Policy Management
and branch offices traffic before it enters the corporate The Network Security Appliance Series can be managed
network, and without user intervention. using the SonicWALL Global Management System (GMS),
which provides flexible, powerful and intuitive tools to
centrally manage configurations, view real-time monitoring
metrics and integrate policy and compliance reporting.
3. Flexible, Customizable Deployment Options – NSA Series At-A-Glance
Every SonicWALL Network Security Appliance solution
delivers next generation Unified Threat Management
Internet
protection, utilizing a breakthrough multi-core
hardware design and Reassembly-Free Deep Packet Branch Office
Inspection for internal and external network protection
without compromising network performance. Each Reporting
and analysis
NSA Series product combines high-speed intrusion
prevention, file and content inspection, and powerful
Application Intelligence Service controls with an
extensive array of advanced networking and flexible
configuration features. The NSA Series offers an
Fixed
accessible, affordable platform that is easy to deploy NSA Series
Telecommuter
and manage in a wide variety of corporate, branch
office and distributed network environments.
n The SonicWALL NSA 4500 is ideal for corporate
central-site and large distributed environments
requiring high throughput capacity and performance
n The SonicWALL NSA 3500 is ideal for corporate, SonicPoint-N
GMS Server VoIP Corporate Desktop Corporate Desktop Corporate Desktop Corporate Desktop Servers
branch office and distributed environments needing Centralized Marketing VLAN Finance VLAN
significant throughput capacity and performance Management Wireless Laptops
Corporate Headquarters/Branch Office
n The SonicWALL NSA 2400 is ideal for small- to
medium-sized corporate and branch office Server Enforced Client VPN SSL VPN Global Content Filtering Gateway Anti-Virus,
Anti-Virus and Anti-Virus Remote VPN Service Anti-Spyware, Intrusion
environments concerned about throughput capacity Anti-Spyware
Servers Anti-Threat
and Anti-Spyware
Client PCs Anti-
Access
Upgrade
Client Web Site Prevention and Application
and Content Firewall
Protection Threat Protection
and performance Usage Control Perimeter and Network
Protection
n The SonicWALL NSA 240 is ideal for small- to medium-
sized businesses and branch office sites
Security Services and Upgrades
Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention Dynamic Support Services are available 8x5 or 24x7 depending
Service and Application Intelligence Service delivers on customer needs. Features include world-class technical
intelligent, real-time network security protection against support, crucial firmware updates and upgrades, access to
sophisticated application layer and content-based attacks extensive electronic tools and timely hardware replacement
including viruses, spyware, worms, Trojans and software to help organizations get the greatest return on their
vulnerabilities such as buffer overflows. Application Intelligence Service SonicWALL investment.
delivers a suite of configurable tools designed to prevent data leakage while Global VPN Client Upgrades utilize a software client that is
providing granular application-level controls. installed on Windows-based computers and increase workforce
Enforced Client and Server Anti-Virus and Anti-Spyware productivity by providing secure access to email, files, intranets,
delivers comprehensive virus and spyware protection for laptops, and applications for remote users. Upgrade licenses are
desktops and servers using a single integrated client and offers available in a variety of user counts allowing this solution to
automated network-wide enforcement of anti-virus and scale as the organization grows.
anti-spyware policies, definitions and software updates. SSL VPN Remote Access Upgrades provide clientless remote
Content Filtering Service enforces protection and productivity network level access for PC, Mac and Linux-based systems. With
policies by employing an innovative rating architecture, utilizing integrated SSL VPN technology, SonicWALL UTM appliances
a dynamic database to block up to 56 categories of objectionable enable seamless and secure remote access to email, files,
Web content. intranets, and applications from a variety of client platforms
via NetExtender, a lightweight client that is pushed onto the user’s machine.
NetExtender is installed and configured automatically, requiring no user
ViewPoint Reporting delivers easy-to-use, Web-based capabilities
interaction.
that provide administrators with instant comprehensive insight
into network performance and security. Delivered through a SonicWALL Comprehensive Anti-Spam Service blocks spam
series of historical reports using dashboards and detailed phishing and virus-laden emails at the gateway. There is no need
summaries, ViewPoint helps organizations of all sizes track to redirect an MX Record or send email to another vendor, with
Internet usage, fulfill regulatory compliance requirements and monitor the one click the service is activated and immediately starts blocking
security status of their network. junk email and saving valuable network bandwidth.
SonicWALL® Virtual Assist is a remote support tool that enables
a technician to assume control of a PC or laptop for the purpose
of providing remote technical assistance. With permission, the
technician can gain instant access to a computer using a Web
browser, making it easy to diagnose and fix a problem remotely
without the need for a pre-installed “fat” client.