10 Reasons to Upgrade to the Latest SonicWall NSa Firewall

There are some things that are with you for life: Leather workboots on their fifth resole, your grandpa’s fishing vest, a thermos from scout camp that’s still going strong decades later. But when it comes to protection, staying current matters.

If you wouldn’t trust a 15-year-old tube of sunscreen to protect your skin, and you wouldn’t put your child in the carseat your mother saved from when you were a kid, why would you trust a legacy firewall to protect your network?

If you’re still running an older SonicWall NSA or E Series model, here are 10 reasons you should consider upgrading to the latest mid-range SonicWall NSa next-generation firewall.

Stop the Most Advanced Threats

Advanced persistent threats move with great speed and tenacity, and are designed to target and infiltrate all businesses and organizations.

However, a cloud-based, multi-engine sandbox, such as the SonicWall Capture Advanced Threat Protection (ATP) service, provides real-time security against advanced cyberattacks, including ‘never-before-seen’ ransomware, malware and side-channel attacks. Capture ATP subscribers discover and stop more than 1,000 new attacks each business day.

Why upgrade: SonicWall Capture ATP is only available for the NSA/NSa 2600 and newer next-generation firewalls, as well as the current TZ and NSsp product lines (sixth generation or newer). This service is not available for legacy SonicWall firewalls, including some NSA and E Series models (usually silver in color with the old blue SonicWall logo).

Inspect Traffic without Slowing Performance

You should never be put into a position to choose between security and performance. With bandwidth-hungry apps woven into our everyday lives — SaaS apps, video streaming and social media — firewalls with faster deep packet inspection (DPI) are better at securing networks without greatly affecting performance.

During the first half of 2020, 1 in 12 SonicWall customers with DPI-SSL turned on saw malware on encrypted traffic. And the numbers are on the rise: In June, SonicWall recorded 378,736 of these attacks—more than at any other point in 2020 or the last half of 2019.

Faster DPI performance gives businesses greater capacity to utilize higher internet speeds and support more concurrent users without ever sacrificing security.

Why upgrade:  For example, NSa 2650 delivers a 25% DPI-SSL performance improvement over the NSA 2600. SonicWall NSa 2650 and newer firewalls (e.g., 2650-9650) offer significantly faster DPI performance than their predecessors, the NSA 2600-9600 range, E Series models and other older appliances.

Inspect TLS/SSL Traffic without Increasing Costs

The majority of web traffic is encrypted today. Without proper security controls in place, TLS/SSL encryption standards provide cybercriminals easy access to your network.

That’s why deep packet inspection of encrypted traffic (DPI for TLS/SSL) is mandatory. Some firewall vendors, unfortunately, upcharge for proper TLS/SSL inspection capabilities or simply don’t offer the capability at all. Unfortunately, inspecting TLS/SSL traffic also takes compute power, and organizations need a firewall that can process TLS-encrypted traffic without hurting performance.

Why upgrade: The latest SonicWall NSa firewalls include the DPI-SSL license (by default) to inspect encrypted traffic at no additional cost, thereby reducing capital expense. Unfortunately, older-generation NSA firewalls (usually silver in color with our old logo) do not support inspection of encrypted traffic.

Expand Remote Branch/Site Security

For organizations with remote and branch locations, such as retail POS businesses, schools, banks and more, the ability to create a larger number of site-to-site VPN tunnels to connect distributed networks together and securely share data is essential. But not all firewalls have the capability or capability to make this happen.

Why upgrade: By moving to the latest NSa Series firewall, your organization can secure more remote branches, services and devices. This is particularly powerful for distributed enterprises, retail organizations, etc. The NSa 2650, for example, enables the creation of 4x more site-to-site VPN tunnels than the NSA 2600 (1,000 vs. 250).

Support More High-Speed Wi-Fi Connections

Fast and secure Wi-Fi is a requirement in today’s hyper-connect world. Today’s wireless standard, 802.11ac, delivers the performance, range and reliability of high-speed wireless technology for a safe and fast user experience.

In a properly secured environment, wireless access points must be paired with a firewall that can support 802.11ac wireless standards.

Why upgrade: Newer firewalls can support more connections. The option to connect a larger number of wireless access points to a single firewall enables organizations to extend their wireless network farther without purchasing additional hardware.

Combine the latest NSa Series next-generation firewall with a SonicWall SonicWave 802.11ac Wave 2 wireless access point to create a high-speed wireless network security solution.

NSa Series firewalls and SonicWave 400 Series wireless access points both feature 2.5 gigabit Ethernet ports that can support multi-gigabit wireless throughput, which is available in the 802.11ac Wave 2 wireless standard. In addition, you can connect more wireless access points to the latest NSa firewall. The NSa 2650, for example, supports 1.5x the number of connected SonicWave wireless access points as the NSA 2600 (48 vs. 32).

Unfortunately, legacy NSA and older firewalls (as well as those on SonicOS 5.x or older firmware) do not offer multi-gigabit ports to accommodate the faster throughput supported by Wave 2 wireless standard.

Decrease Support Costs

Single sign-on (SSO) technology helps secure your environment, as well as employees, to be more productive and helps shrink IT support costs (e.g., tickets, calls, etc.) by enabling users to safely gain access to connected systems with a single ID and password.

Simply, the more users who can access a system with a single ID, the fewer support calls, IT tickets and complaints that will be generated. This self-service approach means real savings to your business or enterprise.

Why upgrade: The NSa 2650, for example, allows a larger population of users (40,000 vs. 30,000) to benefit from the use of SSO compared to the legacy NSA 2600. This disparity widens the further you go up the product line.

Increase Network Capacity

With increased network bandwidth requirements from apps, video streaming and social media, faster DPI and DPI-SSL performance provides a secure network without performance degradation.

Faster DPI performance also provides organizations with a greater capacity to utilize higher internet speeds and support more concurrent users. A higher number of concurrent connections provides greater scalability by enabling more simultaneous user sessions to be active and protected by the firewall.

Why upgrade: The NSa 2650 enables 500,000 deep packet inspection (DPI) connections and up to 100,000 deep packet inspection of TLS/SSL-encrypted (DPI-SSL) connections compared to the 250,000 for DPI and 1,000 for DPI-SSL on the NSA 2600 and older models, such as the NSA 220 (32,000 for DPI).

Boost Memory for Added Users, Logs & Policies

The number of users who require security on your network grows by the day. Unfortunately, the on-board memory of legacy firewalls can only support a finite footprint of users on the network.

Advanced NSa firewalls offer more onboard memory to allow for more rules and policies, users, and log messages to be stored on the firewall, making reporting easily accessible.

Why upgrade: The NSa 2650 has twice the onboard memory of the NSA 2600 (4 GB vs. 2 GB) and eight times the memory of the NSA 220 (4 GB vs. 512MB). This increased capacity empowers organizations to use a single NSa firewall to protect a larger userbase with deeper and more robust rules and policies.

Many Ports in a Storm

It’s time to clean up your server room or IT area. Having a greater number of ports allows organizations to connect more SonicWall devices directly to the firewall without needing to purchase a switch. In addition, organizations that require increased throughput to support bandwidth-intensive applications and data transfer need multi-gigabit ports.

Why upgrade: Newer NSa firewalls offer many more ports than their predecessors. For example, the NSa 2650 has 2.5x the number of ports as the NSA 2600 (20 vs. 8). The NSa 2650 also features eight 2.5 GbE ports while the NSA 2600 has none.

Improve Business Continuity

Many enterprises and larger organizations build businesses continuity and disaster recovery plans into their process. Part of this planning is ensuring there’s a contingency for as many scenarios as possible, not the least of which is power. Many legacy firewalls only offer a single power supply. Newer models offer a second power supply to ensure business continuity if one power supply fails.

Why upgrade: While the current NSa line and last-generation NSa Series both include a single power supply, the NSa 2650-9650 have an additional slot to add an optional second power supply for critical redundancy.

About SonicWall NSa Next-Generation Firewalls

The SonicWall Network Security appliance (NSa) Series mid-Range firewalls consolidate automated advanced threat prevention technologies in a mid-range next-generation firewall platform.

Built on a multi-core hardware architecture featuring 10-GbE and 2.5-GbE interfaces, the NSa Series scales to meet the performance demands of mid-size networks, branch offices and distributed enterprises. NSa Series firewalls feature cloud-based and on-box capabilities such as TLS/SSL decryption and inspection, application intelligence and control, Secure SD-WAN, real-time visualization and WLAN management.

For a closer look at the NSa range of firewalls, explore the specifications table below or download the complete SonicWall NSa data sheet.

Built on a multi-core hardware architecture featuring 10-GbE and 2.5-GbE interfaces, the NSa series scales to meet the performance demands of mid-sized networks, branch offices and distributed enterprises. NSa series firewalls feature cloud-based and on-box capabilities such as TLS/SSL decryption and inspection, application intelligence and control, Secure SD-WAN, real-time visualization and WLAN management.

Brook Chelmo

Sr Product Marketing Manager | SonicWall

Brook handles all product marketing responsibilities for SonicWall security services and serves as SonicWall’s ransomware tsar. Fascinated in the growth of consumer internet, Brook dabbled in grey-hat hacking in the mid to late 90’s while also working and volunteering in many non-profit organizations. After spending the better part of a decade adventuring and supporting organizations around the globe, he ventured into the evolving world of storage and security. He serves humanity by teaching security best practices, promoting and developing technology.