SonicWall Staff

Meet the New SonicWall NSA 2650 Next-Gen Firewall – Where Faster Meets More Secure

By

Today I am excited to share the new addition to SonicWall’s NSA product family of Next-Generation Firewalls, the NSA 2650.  Three key trends form the design drivers for the new NSA 2650

  1. Wireless Devices Explosion – The demand for increased bandwidth from wireless networks is constantly on the rise with the growing number of wireless devices used per person. The wireless industry is going through waves of transformation (pun-intended) to support the requirement for more bandwidth. With the latest 802.11ac Wave 2 wireless standards opening the door for multi-gig WiFi performance there is a strong need for switches and firewalls that connect to wireless access points to support these faster speeds without increasing the cost to the network infrastructure.
  2. Multi-gig Campus Requirements – Campus/branch networks require technology trend adoption without adding significant costs to the network infrastructure. For example, switches and firewalls supporting wireless access points must be able to do so with existing the Cat5e/Cat6 cabling infrastructure.
  3. Encrypted Traffic Surge – The trend towards Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption has been on the rise for several years. Articles on the use of SSL/TLS encryption typically indicate that a little over 50% of all web traffic is now encrypted and that percentage is expected to continue growing. At SonicWall, data gathered by our Capture Labs Threat Research team shows the percentage to be a little higher, around 62%. We found that as web traffic grew throughout 2016, so did SSL/TLS encryption, from 5.3 trillion web connections in 2015 to 7.3 trillion in 2016. As vendors such as Google, Facebook, Twitter and others continue to move to HTTPS, we expect the use of HTTPS to increase. So, organizations now require a secure platform to protect their network from the sophisticated encrypted threats that evade the traditional security mechanisms. 

The NSA 2650 firewall is aimed at campus and branch networks that must secure their environments against the growing number of threats looking for new ways to burrow into networks. The new NSA 2650 firewall is the first branch and campus firewall to deliver automated real-time breach detection and prevention, as well as TLS/SSL decryption and inspection, over multi-gigabit wired and 802.11ac Wave 2 wireless networks. The SonicWall NSA 2650 represents the continuing evolution of SonicWall’s vision for a deeper level of network security without a performance penalty. More than simply a replacement for its predecessor, the NSA 2600, the NSA 2650 addresses the growing trends in web encryption and mobility by delivering a solution that meets the need for high-speed threat prevention.

The NSA 2650 is a 1U-device powered by four cores that provide the processing power necessary to support the compute-intensive deep packet inspection services such as:

  • Intrusion Prevention
  • Anti-Virus
  • Anti-Spyware
  • TLS/SSL inspection and decryption
  • Application Visualization
  • Application Control, Botnet detection
  • Geo-IP identification
  • Anti-Spam
  • User Identification and Advanced Threat Protection

Real-Time Inspection of SSL and TLS Attacks:

Unlike competing firewalls that perform well only with unencrypted connections, the NSA 2650 is built to support the need for more TLS/SSL inspection connections. The NSA 2650 features an unmatched number of encrypted web connections, up to 12,000 and performs deep packet inspection on each connection after first decrypting the traffic.

To protect against more advanced threats such as unknown and zero-day attacks that are concealed in encrypted web traffic, the NSA 2650 utilizes Capture, SonicWall’s cloud-based multi-engine sandboxing service that runs on the firewall. Suspicious files are sent to the award-winning SonicWall Capture service for analysis before rendering a verdict.

The NSA 2650 is a high-port density firewall that features 4×2.5-GbE SFP, 4×2.5-GbE, and 12×1-GbE interfaces with a dedicated management port. In addition to the multi-gigabit ports, high-speed processors and robust onboard memory, the NSA 2650 includes additional hardware enhancements that make it the ideal NGFW for mid-sized organization and distributed enterprises. An optional second power supply is available in case of failure for added redundancy. To help with scalability, the NSA 2650 includes two expansion slots. One is pre-populated with a 16 GB storage module to support features including logging, reporting, last signature update, backup and restores and more. The second slot provides flexibility to add future feature and physical capability expansion. Expandable in the future with additional modules, this versatile, high-port density firewall platform has the capacity to evolve through firmware updates to keep ahead of threats such as ransomware and intrusions.

With the NSA 2650, SonicWall yet again adds a ground-breaking security product to its portfolio. Combined with new 802.11ac Wave 2 SonicWave wireless access points, SonicWall creates a high-speed wireless network security solution that provides wireless users with an enhanced mobile experience.

Our latest firmware release, SonicOS 6.5, has more than 60 new features, and provides support for NSA 2650 hardware platform where faster meets more secure without any compromise on performance to all traffic including encrypted traffic.

Test drive the new NSA 2650 on SonicWall live demo: https://livedemo.sonicwall.com

VIEW LIVE DEMO
SonicWall Staff
Recommended Cyber Security Stories
Why Dual-Radio Wireless Makes Sense
Locky, Then WannaCry, Now Petya. Is This The New Normal in Cyber Security?
Enjoy the Speed and Safety of TLS 1.3 Support
Three Ways to Protect Your Business Against Ransomware-as-a-Service
Bad Rabbit Ransomware: The Latest Attack
Top 7 Wireless Best Practices for Better Wi-Fi Coverage & User Experiences
12 New Products Usher in SonicWall’s Expansion into Mid-Tier Enterprise Market
SonicWall Named 85th Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA)