Call a Specialist Today! 1300 505 257
Free Delivery! Free Delivery!

SonicWALL NSA Network Security Appliance Series
Advanced threat prevention in a high-performance security platform

NSA Series

Achieve a deeper level of security with the SonicWall Network Security Appliance (NSA) Series of next-generation firewalls. NSA Series appliances integrate automated and dynamic security capabilities into a single platform, combining the patented1 SonicWall Reassembly Free Deep Packet Inspection (RFDPI) firewall engine with a powerful, massively scalable, multi-core architecture. Now you can block even the most sophisticated threats with a multi-engine sandbox (Capture ATP), an intrusion prevention system (IPS) featuring advanced anti-evasion capabilities, SSL decryption and inspection, and network-based malware protection that leverages the power of the cloud.


Centralized control over your next-generation security

Achieve a deep level of security with a single firewall appliance. NSA Series firewalls consolidate intrusion prevention; gateway anti-virus and anti-spyware; network-based malware protection; and application intelligence and control. You can also add bandwidth management; application blocking; and connectivity and security capabilities such as a multi-engine sandbox (Capture APT), SSL VPN, IPSec VPN, content filtering, anti-virus and anti-spam.

Around-the-clock protection from the latest daily threats

Safeguard your organization around the clock with the sophisticated security capabilities of NSA Series firewalls. The RFDPI engine inspects every byte of every packet and scans all network traffic — regardless of port or protocol. Real-time TLS/SSL decryption and inspection enables you to visualize and control application traffic as it crosses the network, and NSA Series firewalls have access to a continually updated cloud database that has more than 12.6 million variants of malware to protect your organization from the most recent threats.

Enhanced network performance

Give your organization the performance it needs to grow. NSA Series firewalls surpass traditional single-core and ASIC processors, delivering a multi-core design that ensures deep-packet inspection while scaling easily for future growth.

Low cost of ownership

Lower your TCO with easy deployment, configuration and maintenance. The intuitive design and superior power efficiency of NSA Series firewalls make it easy to achieve deep security.

NSA Model Lineup:

SonicWALL NSA 2650

SonicWALL NSA 2650

The SonicWALL NSA 2650 delivers high-speed threat prevention over thousands of encrypted and even more unencrypted connections to mid-sized organizations and distributed enterprises. Learn more about the NSA 2650 here!

SonicWALL NSA 3600

SonicWALL NSA 3600

Secure your growing small to medium-sized organization with the SonicWALL NSA 3600 Next-Generation Firewall with enterprise-class features and uncompromising performance. Learn more about the NSA 3600 here!

SonicWALL NSA 4600

SonicWALL NSA 4600

Secures your growing medium-sized organization with the SonicWALL NSA 4600 Next-Generation Firewall with enterprise-class features and uncompromising performance. Learn more about the NSA 4600 here!

SonicWALL NSA 5600

SonicWALL NSA 5600

Secure your growing mid-size organization with the SonicWALL NSA 5600 Next-Generation Firewall with enterprise-class features and uncompromising performance. Learn more about the NSA 5600 here!

SonicWALL NSA 6600

SonicWALL NSA 6600

Secure your emerging large organization with the SonicWALL NSA 6600 Next-Generation Firewall featuring enterprise-class features and uncompromising performance. Learn more about the NSA 6600 here!

Compare Models:

Models: NSA 2600 NSA 2650 NSA 3600 NSA 4600 NSA 5600 NSA 6600
SonicOS Version SonicOS 6.5
Security Processing Cores 4 4 6 8 10 24
Interfaces 8 x 1-GbE,
1 GbE Management,
1 Console
4 x 2.5-GbE SFP,
4 x 2.5-GbE,
12 x 1-GbE,
1 GbE Management,
1 Console
2 x 10-GbE SFP+,
4 x 1-GbE SFP,
12 x 1 GbE,
1 GbE Management,
1 Console
2 x 10-GbE SFP+,
4 x 1-GbE SFP,
12 x 1 GbE,
1 GbE Management,
1 Console
2 x 10-GbE SFP+,
4 x 1-GbE SFP,
12 x 1 GbE,
1 GbE Management,
1 Console
4 x 10-GbE SFP+,
8 x 1-GbE SFP,
8 x 1 GbE,
1 GbE Management,
1 Console
Management CLI, SSH, GUI, GMS
Expansion 1 Expansion Slot (Rear)*, SD Card* 1 Expansion Slot (Rear)*, 16 GB storage module 1 Expansion Slot (Rear)*, SD Card*
SSO users 30,000 40,000 40,000 50,000 60,000 70,000
Maximum SonicPoints supported 32 48 48 64 96 128
Logging Analyzer, Local Log, Syslog
Firewall/VPN Performance NSA 2600 NSA 2650 NSA 3600 NSA 4600 NSA 5600 NSA 6600
Firewall Inspection Throughput1 1.9 Gbps 3.0 Gbps 3.4 Gbps 6.0 Gbps 9.0 Gbps 12.0 Gbps
Full DPI Throughput2 300 Mbps 300 Mbps 500 Mbps 800 Mbps 1.6 Gbps 3.0 Gbps
Application Inspection Throughput2 700 Mbps 1.4 Gbps 1.1 Gbps 2.0 Gbps 3.0 Gbps 4.5 Gbps
IPS Throughput2 700 Mbps 1.4 Gbps 1.1 Gbps 2.0 Gbps 3.0 Gbps 4.5 Gbps
Anti-Malware Inspection Throughput2 400 Mbps 600 Mbps 600 Mbps 1.1 Gbps 1.7 Gbps 3.0 Gbps
IMIX Throughput3 600 Mbps 700 Mbps 900 Mbps 1.6 Gbps 2.4 Gbps 3.5 Gbps
SSL Inspection & Decription (DPI SSL)2 200 Mbps 300 Mbps 300 Mbps 500 Mbps 800 Mbps 1.3 Gbps
VPN Throughput3 1.1 Gbps 1.5 Gbps 1.5 Gbps 3.0 Gbps 4.5 Gbps 5.0 Gbps
Connections per Second 15,000/sec 15,000/sec 20,000/sec 40,000/sec 60,000/sec 90,000/sec
Maximum Connections (SPI) 500,000 1,000,000 750,000 1,000,000 1,500,000 1,500,000
Maximum Connections (DPI)4 250,000 500,000 375,000 500,000 1,000,000 1,000,000
Maximum Connections (DPI)5 1,000/1,000 12,000/13,500 2,000/2,750 3,000/4,500 4,000/8,500 6,000/10,500
VPN NSA 2600 NSA 2650 NSA 3600 NSA 4600 NSA 5600 NSA 6600
Site-to-Site Tunnels 250 1,000 1,000 1,500 4,000 6,000
IPSec VPN clients (Maximum) 10 (250) 50 (1,000) 50 (1,000) 500 (3,000) 2,000 (4,000) 2,000 (6,000)
SSL VPN licenses (Maximum) 2 (250) 2 (350) 2 (350) 2 (500) 2 (1,000) 2 (1,500)
Encryption/Authentication DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B Cryptography
Key Exchange Diffie Hellman Groups 1, 2, 5, 14v
Route-Based VPN RIP, OSPF
Networking NSA 2600 NSA 2650 NSA 3600 NSA 4600 NSA 5600 NSA 6600
IP Address Assignment Static (DHCP PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP Relay
NAT Modes 1:1, many:1, 1:many, flexible NAT (overlapping IPS), PAT, transparent mode
VLAN Interfaces 256 256 256 256 400 500
Routing Protocols BGP, OSPF, RIPv1/v2, static routes, policy-based routing, multicast
QoS Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p
Authentication LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC)
VoIP Full H323-v1-5, SIP
Certifications ICSA Firewall, ICSA Anti-Virus, FIPS 140-2, Common Criteria NDPP (Firewall and IPS), UC APL
High availability Active/Passive with State Sync Active/Passive with State Sync
Active/Active Clustering
Active/Passive with State Sync,
Active/Active DPI with State Sync,
Active/Active Clustering
Hardware NSA 2600 NSA 2650 NSA 3600 NSA 4600 NSA 5600 NSA 6600
Power Supply Single, Fixed 200W Dual, redundant 120W (one included) Single, Fixed 250W
Fans Dual, Fixed Dual, redundant, hot swappable
Input Power 100-240 VAC, 60-50 Hz
Max Power Consumption (W) 49.4 74.3 74.3 86.7 90.9 113.1
MTBF @25ºC in hours 176,540 146,789 146,789 139,783 134,900 116,477
MTBF @25ºC in years 20.15 16.76 16.76 15.96 15.40 13.30
Form Factor 1U Rack Mountable
Dimensions 1.75 x 10.25 x 17 in
(4.5 x 26 x 43 cm)
1.75 x 19.1 x 17 in
(4.5 x 48.5 x 43 cm)
Weight 10.1 lb (4.6 Kg) 13.56 lb (6.15 kg) 13.56 lb (6.15 Kg) 14.93 lb (6.77 Kg)
WEEE Weight 11 lb (5.0 Kg) 14.24 lb (6.46 kg) 14.24 lb (6.46 Kg) 19.78 lb (8.97 Kg)
Shipping Weight 14.3 lb (6.5 Kg) 20.79 lb (9.43 kg) 20.79 lb (9.43 Kg) 26.12 lb (11.85 Kg)
Major Regulatory FCC Class A, CE (EMC, LVD, RoHS), C-Tick, VCCI Class A, MSIP/KCC Class A, UL, cUL, TUV/GS, CB, Mexico CoC by UL, WEEE , REACH, ANATEL, BSMI, CU
Environment 32°-105° F (0°-40° C)/-40° to 158° F (-40° to 70° C)
Humidity 10-90% non-condensing.

1 Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services.
2 Full DPI/GatewayAV/Anti- Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs.
3 VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544. All specifications, features and availability are subject to change.
4 For every 125,000 DPI connections reduced, the number of available DPI SSL connections increases by 750.
All specifications, features and availability are subject to change.
*Future use.

Services & Add-Ons:

Advanced Gateway Security Suite (AGSS)

Leverage SonicWall Advanced Gateway Security Suite (AGSS) to deliver a multi-engine sandbox, powerful anti‐virus, anti‐spyware, intrusion prevention, content filtering, as well as application intelligence and control services. An upgrade over CGSS, this package features Capture Advanced Threat Protection (ATP), a multi-engine sandbox that runs and inspects suspicious files, programs and code in an isolated cloud-based environment.

Comprehensive Gateway Security Suite (CGSS)

Get the most from your deep packet inspection firewall with the SonicWall Comprehensive Security Suite (CGSS) subscription. CGSS includes gateway anti-virus, anti-spyware, intrusion prevention, application intelligence and control service, content/URL filtering and 24x7 support. Combine security, productivity and support in a single, bundled solution that lowers TCO.

Gateway Security Services

Enable your business firewall to provide real-time network threat prevention with SonicWall gateway anti-virus, anti-spyware, intrusion prevention and application intelligence and control. Block the latest blended threats — including viruses, spyware, worms, Trojans, software vulnerabilities and other malicious code. Guarantee bandwidth prioritization and ensure maximum network security and productivity with granular policies for both groups and users.

Capture Advanced Threat Protection

The cloud-based SonicWall Capture Advanced Threat Protection Service scans a broad range of files to detect advanced threats, analyzes them in a multi-engine sandbox, blocks them prior to a security verdict, and rapidly deploys remediation signatures. The result is higher security effectiveness, faster response times and a lower total cost of ownership.

Content Filtering Services

Gain a cost-effective, easy-to-manage way to enforce protection and productivity policies, and block inappropriate, unproductive and dangerous web content in educational, business or government environments. SonicWall Content Filtering Service lets you control access to websites based on rating, IP address, URL and more. You get the ideal combination of control and flexibility to ensure the highest levels of protection and productivity, which you can configure and control from your network security appliance, eliminating the need for a costly, dedicated filtering solution. Extend enforcement of your internal policies to devices located outside the firewall perimeter by blocking unwanted internet content with the content filtering client.

Content Filtering Client

Extend the enforcement of web policies in IT-issued devices outside the network perimeter. Although it doesn’t require a firewall, it can be optionally coupled with SonicWall Content Filtering Service as an ideal combination to keep students and employees off of dangerous or non-productive websites by switching to cloud-enforced policies even when they are using roaming devices.

Support Services

Benefit from advanced technical assistance and ongoing software and firmware updates with SonicWall Dynamic Support. The service includes:

  • Telephone and web-based support 24x7
  • Direct access to highly-trained senior support engineers
  • Advance exchange hardware replacement in the event of a failure
  • Access to electronic support tools

TotalSecure Hardware & Services Bundle

Enjoy the convenience and affordability of deploying your firewall as a SonicWall TotalSecure solution. This combines the hardware and services needed for comprehensive network protection from viruses, spyware, worms, Trojans, key loggers and more — without the complexity of building your own security package.

Comprehensive Anti-Spam Service

Block threats from your email server and stop spam at the gateway by adding SonicWall Comprehensive Anti-Spam Service (CASS) to your SonicWall firewall. Rapidly deploy your spam firewall software with one-click activation of up to 250 users.

Enforced Client Anti-Virus and Anti-Spyware Software

Execute an innovative, multi-layered, anti-virus internet security strategy with SonicWall firewalls and Enforced Client Anti-Virus and Anti-Spyware software. You get SonicWall Reassembly-Free Deep Packet Inspection anti-malware at the gateway, and enforced anti-virus protection at the endpoints. You can redirect any user with a non-compliant endpoint to a web page to install the latest Enforced Client Anti-Virus and Anti-Spyware software. Provide automatically updated security definitions to the endpoint as soon as they become available. Plus, you can automate enforcement to minimize administrative overhead.


Download the SonicWALL NSA Series Datasheet (.PDF)