New SonicWall NSa 2700: High Performance and Consolidated Security at Lower TCO

/0 Comments/in /by

2020 has brought exponential growth in network traffic, including a 25% to 35% spike in March alone. As the demands on network firewalls continue to increase, many have struggled to keep up without becoming a bottleneck. Meanwhile, cybercriminals are becoming increasingly successful at breaching perimeter defenses using advanced techniques like encrypted threats and embedded malware.

To address this changing cybersecurity landscape, some companies have deployed multiple security point products. According to CSO Online, enterprises have an average of 75 products deployed to secure their network and cloud infrastructure. But these disparate point products pose challenges of their own, including management complexity and lack of interoperability — which in turn have led to an explosion in overall operating costs.

Today’s enterprises need a next-generation firewall that can accommodate the continuing increase in network traffic, while at the same time consolidating security controls to stop evasive threats.

Introducing SonicWall NSa 2700: A Gen 7 NGFW for Medium and Distributed Enterprises

The SonicWall Network Security Appliance (NSa) 2700 is a next-generation firewall (NGFW) that delivers industry-leading performance at the lowest total cost of ownership in its class. NSa 2700 protects mid-size networks with comprehensive integrated security services like malware analysis, encrypted traffic inspection, cloud application security and reputation services. It also supports centralized management with a truly intuitive single user interface, significantly improving operational efficiency.

SonicWall NSa 2700 includes advanced networking features such as HA/clustering, SD-WAN, dynamic routing, and virtual routing and forwarding. It combines validated security effectiveness and best-in-class price performance in a single rack unit appliance with high port density. In short, medium enterprises can now get the performance, networking and security capabilities they need from their next-generation firewalls without breaking the bank.

NSa 2700 Next Generation Firewall Highlights

Appliance at a glance

NSa 2700 is an energy-efficient, reliable appliance in a compact 1U chassis. Powered by the next-generation SonicOS 7.0 operating system, it is capable of processing millions of connections while delivering multi-gigabit threat prevention throughput. The following are a few high-level features that make NSa 2700 an attractive option for medium and distributed enterprises:

  • 16 x 1 GbE interfaces
  • 3 x 10 GbE interfaces
  • 3 Gbps of threat prevention performance
  • 6 Gbps of application inspection performance
  • 5 million stateful and 500,00 DPI connections
  • 21,500 connections per second
  • Dedicated management port

Powered by the new SonicOS 7.0

The SonicWall NS2700 runs on SonicOS 7.0, a new operating system built from the ground up to deliver a modern user interface, intuitive workflows and user-first design principles. SonicOS 7.0 provides multiple features designed to facilitate enterprise-level workflows, easy configuration, and simplified and flexible management — all of which allow enterprises to improve both their security and operational efficiency.

SonicOS 7.0 features:

More details about the new SonicOS 7.0 can be found here.

NSa 2700 Deployment Options

SonicWall NSa 2700 has two main deployment options for medium and distributed enterprises:

Internet Edge Deployment

In this standard deployment option, SonicWall NSa 2700 protects private networks from malicious traffic coming from the Internet, allowing you to:

  • Deploy a proven NGFW solution with highest performance and port density (including 10 GbE connectivity) in its class
  • Gain visibility and inspect encrypted traffic, including TLS 1.3, to block evasive threats coming from the Internet — all without compromising performance
  • Protect your enterprise with integrated security, including malware analysis, cloud app security, URL filtering and reputation services

Medium and Distributed Enterprise Deployment

The SonicWall NS2700 supports SD-WAN and can be centrally managed, making it an ideal fit for medium and distributed enterprises. By leveraging NSa’s high port density, which includes 10 GbE connectivity, enterprises can support distributed branches and wide area networks. This deployment allows organizations to:

  • Provide direct secure Internet access to distributed branch offices instead of back-hauling through corporate headquarters
  • Allow distributed branch offices to securely access internal resources in corporate headquarters or in a public cloud, significantly improving application latency
  • Reduce complexity and improve operations by using a central management system, which is accessed through an intuitive, single-pane-of-glass user interface

Overall Solution Value

The new NSa 2700 offers enterprises a best-in-class next-generation firewall with high speed and port density, all at a lower total cost of ownership. With integrated security services like malware analysis, URLF and cloud application security, NSa 2700 offers enterprises superb protection from advanced threats.

To learn more about the new NSa 2700, watch the video or click here.

SonicWall Capture ATP Receives ICSA Labs ATD Certification

/0 Comments/in /by

With data breaches continuing to make headlines almost daily and new attack vectors surfacing seemingly every month, it is important to protect your environment against unknown threats.

We’re excited to announce that SonicWall Capture Advanced Threat Protection (ATP) has received ICSA Labs Advanced Threat Defense Certification for the third consecutive quarter.

ICSA Labs, an independent division of Verizon, tested a combination of our NSa 3600 Next-Gen Firewall and Cloud-based Capture ATP, featuring our Real-Time Deep Memory Inspection™ (RTDMI) engine, for 33 days and put the combined solution through 1,412 test runs to verify its effectiveness. As a result, Capture ATP received a 99.6% detection rate for previously unknown threats with just one false positive.

Of threats one hour old or less, SonicWall Capture ATP detected over 99% of these new threats,” according to the report. It also noted, “The SonicWall solution was also over 99% effective against threats between one and two hours old,” proving the effectiveness of the solution against unknown threats.

What is ICSA Advanced Threat Defense?

Standard ICSA Labs Advanced Threat Defense (ATD) testing is aimed at vendor solutions designed to detect new threats that other traditional security products miss. Thus, the focus is on how effectively vendor ATD solutions detect these unknown and little-known threats while minimizing false positives. The minimum required score for passing the test is 75%.

SonicWall TZ Series Earns CRN Accolade, NSsp Firewall Named Finalist

/0 Comments/in , /by

Consistently and historically delivering on its promise to provide superior products and technical expertise to more than its 20,000 partners worldwide, SonicWall has been recognized by CRN®, a brand of The Channel Company, with a 2020 CRN Tech Innovator Award.

SonicWall was named the winner of the networking category for its TZ570 and TZ670 entry-level firewall series, while its Network Security Services Platform (NSsp) 15700 was a finalist in the security network category.

“We strive to deliver the technology and services that will continue to give our partners the competitive edge and technical support that’s needed in today’s marketplace,” said SonicWall SVP and Chief Revenue Officer Bob VanKirk. “Our long history working closely with the channel has given us the ability to listen well to their needs, and then develop, educate and deliver on what they need to safeguard their customers. The SonicWall team looks forward to delivering security solutions that will set them apart in a marketplace that has become saturated and often overwhelming for organizations looking to find the right fit.”

CRN’s annual award program honors innovative vendors in the IT channel across 49 technology categories, in key areas ranging from cloud to security to storage to networking. CRN editors assessed hundreds of vendor products along multiple criteria, including uniqueness, key capabilities, technological competency, and addressing customer needs.

“CRN’s Tech Innovator Awards celebrate technology vendors that empower end-users and promote business growth for solution providers with pioneering, purpose-built solutions,” said Blaine Raddon, CEO of The Channel Company.

The SonicWall TZ series of firewalls is designed specifically for the needs of SMBs and branch locations, delivering enterprise-class security without the enterprise-grade complexity. Installation and operation are made easy with Zero-Touch Deployment and simplified centralized management. SonicWall’s multi-engine Capture Advanced Threat Protection (ATP) cloud-based sandbox service with patent-pending Real-Time Deep Memory Inspection (RTDMI™) helps detect against today’s most nefarious cyberattacks.

Designed for large enterprises, service providers, and MSSPs, the SonicWall NSsp 15700 consolidates industry-validated security effectiveness and best-in-class price-performance into a next-generation firewall. Its multi-instance architecture supports multiple firewalls on a single appliance with dedicated resources so administrators can run different software versions and configurations without the typical constraints of multitenancy architectures like resource starvation.

Capture Client 3.5: Built for Managing Tenants

/0 Comments/in /by

With a near-100% mobile workforce, large enterprises, MSPs and MSSPs are finding managing and protecting employee endpoints to be difficult, costly and complex. SonicWall designed Capture Client 3.5 to make multi-tenant management easier, allowing you to create and deploy new tenants through the adoption of global baseline policies, while also offering customers the flexibility to build and deploy custom policies for specific tenants.

Extensive interviews with a global base of IT administrators revealed the need to quickly create, configure and enforce global policies and compliance based on user group, device and location. Respondents also wanted us to produce effective patch and version management that would allow them to quickly see whether endpoint security products were up to date, what versions were installed, and the extent of unpatched vulnerabilities across each tenant. We were also tasked with updating the Capture Client platform to deliver timely alerts and remediation processes to ease operational costs and ensure customer service levels.

With Capture Client 3.5, we wanted to see our enterprise customers and managed services providers gain greater visibility into endpoint devices. Via a quick snapshot of the health of all tenants, administrators can instantly see infections and vulnerabilities. This reduces the need to dig down into each tenant to see each of these possible issues, making management easier. We’ve also made it easy for administrators to see what versions of Capture Client is installed across endpoints.

Digging down reveals what devices are online, what content is accessed, what is blocked, and what web pages or users cause the most alerts. This offers a great deal of useful insight, such as who has games installed, who is hitting violations of the company’s Internet usage policies, or if a certain new productivity-wasting website is impacting team performance or affecting your bandwidth.

Capture Client 3.5 also offers admins a greater degree of control through a new concept called Scope of operations. Scope allows administrators to granularly pick their context of visibility and control — not only across tenants, but also for groups within tenants, or across all their tenants for a more high-level view. This generates a number of different opportunities for multi-tenant operations:

  • Flexible version management can immediately push agents out to all tenants or roll out in batches to better control field issues.
  • When new threats are detected, administrators can quickly add new definitions to all tenants via the inheritance feature, which pulls from the global policy set by the enterprise or managed service provider.
  • As mentioned before, if a website is dominating bandwidth or impacting performance, one can amend content filtering policies on the fly across all tenants.

Here’s a quick look at how policy operations are more flexible in Capture Client 3.5:

To see if Capture Client is right for your organization, please read our solution brief, What Administrators Need to Look for When Buying an Endpoint Security Solution.

SonicWall NSM 2.1: Centralized Firewall Management Just Got Better

/0 Comments/in /by

Recently, I published a blog introducing our fresh new SaaS-based centralized firewall manager, SonicWall Network Security Manager (NSM) version 2.0. If you haven’t yet read it, I encourage you to do so; it highlights the many powerful features you need for comprehensive firewall management.

Today, however, NSM is getting even better. We’re thrilled to announce the availability of NSM version 2.1, which adds several new enterprise management capabilities, along with various options for NSM on-premises deployment to help your SOC run with greater control and ease.

The NSM design leverages a unified code base, meaning the same management features are standard on both SaaS and on-prem NSM implementation. Your user experience will be identical. The learning curve is zero. Firewall environments are administered exactly the same way for SaaS-based NSM and the on-premises NSM command console. To fix the many ongoing firewall management challenges that customers face every day, the solution leverages a user-centric workflow approach capable of:

  • Helping admins find what they need, get to where they want to work, and complete tasks in far fewer screens and clicks
  • Onboarding new firewalls without being physically on-site
  • Managing firewall operations effortlessly, with total visibility and control
  • Reducing the number of management silos
  • Establishing consistent security measures, and more

New features offered in NSM version 2.1 add tools and capabilities for facilitating and accomplishing your essential day-to-day management tasks. Within NSM 2.1, you’ll notice a number of new capabilities, including:

  • Role-Based Access Control lets you apply the least-privilege principle to assigning a granular level of firewall management access based on a user’s role and responsibilities. You can designate users as administrators, specialist users or watchers depending on which best aligns with his or her roles and access permissions as defined in your internal security controls.
  • Golden Template allows you to convert a device config that is your principle config into a template that can be applied consistently across devices, device groups or tenants.
  • Approval Workflow helps you roll out sanctioned security policies through a controlled and auditable process. Once a firewall policy is configured and validated, it goes to designated stakeholders for approval before the policy is committed and deployed. The entire process conforms with change management policy and compliance regulations of enterprises, as well as federal requirements. You’ll gain confidence that the right firewall policies get pushed at the right time.
  • NSM On-Prem-specific features now include the added security of two-factor authentication (2FA) before granting access to the system console, as well as Intelligent Platform Monitoring (IPM), which monitors and alerts admins regarding the health and status of the NSM system. IPM helps you proactively remediate critical system conditions as they arise and assures the NSM runs reliably and performs optimally.

Flexible deployment with SaaS, virtual or IaaS options

You can deploy NSM in various ways to best suit your operation, regulatory and budgetary requirements.

For a maintenance-free experience, NSM is available as a SaaS offering hosted by SonicWall Cloud and accessible over the internet. You can scale on-demand while lowering your operational cost, as there’s no hardware and software to deploy; no maintenance schedule; no software customization, configurations or upgrades; no downtime; and no depreciation or retirement costs. All of these expenses are removed and replaced with one low, predictable yearly subscription cost.

For high-performance total system control and compliance, you can opt to deploy NSM as a virtual appliance in a private cloud (VMWare, Microsoft Hyper-V or KVM) or in Microsoft Azure public cloud environments. These give you all the operational and economic benefits of virtualization, including system scalability and agility, speed of system provisioning, simple management, and cost reduction.

To learn more about NSM, visit www.sonicwall.com/nsm, or contact sales for a free trial.

10 Reasons to Upgrade to the Latest SonicWall TZ Firewall

/0 Comments/in /by

Some people prefer not to upgrade their products till the bitter end. In some cases, this is fine — you may be able to live with the fact that the laptop you got for college graduation a decade ago won’t run “Hitman 2” or “Metro Exodus,” as long as it’ll connect to the internet and give you a place to store all your MP3s.

But the risks of running an aging firewall extend far beyond fear of missing out: Firewalls must be updated regularly to stop advanced cyberattacks, as well as keep up with the speed, performance and productivity needs demanded by today’s workplace. Here are the top ten reasons why you should consider updating your legacy firewall to the latest SonicWall TZ Series next-generation firewall:

Stop the Most Advanced Threats

Advanced cyber threats are on the rise and affect all businesses and organizations. The cloud-based, multi-engine SonicWall Capture Advanced Threat Protection (ATP) sandbox service provides high security effectiveness against advanced persistent threats and new attacks, including ‘never-before-seen’ ransomware, malware and side-channel attacks. Capture ATP subscribers discover and stop over 1,000 new attacks each business day.

Why upgrade: SonicWall Capture ATP is only available for SOHO 250, TZ350, TZ400 and above firewalls, as well as the NSa and NSsp line. This service is not available for legacy firewalls, including TZ105, TZ205 and TZ215 firewalls.

Inspect More Encrypted Traffic without Slowing Performance

Never be forced to choose between performance and security. With the increased network bandwidth requirements from today’s SaaS apps, video streaming and social media, firewalls with faster deep packet inspection (DPI) offer better network security without performance degradation.

During the first half of 2020, 1 in 12 SonicWall customers with DPI-SSL activated saw malware on encrypted traffic. And the numbers are on the rise: In June, SonicWall recorded 378,736 of these attacks—more than at any other point in 2020 or the last half of 2019.

Simply put, faster DPI performance provides organizations with a greater capacity to utilize higher internet speeds and support more concurrent users — all without sacrificing security.

Why upgrade:  SonicWall TZ350 and TZ400 firewalls offer significantly faster DPI performance than the TZ 105 (up to 24x), TZ 205 (up to 15x) and TZ 215 (up to 10x).

Inspect Encrypted Traffic without Increasing Costs

The vast majority of web traffic is now encrypted. And without the proper security controls in place, traffic encrypted by TLS/SSL standards provides cybercriminals a backdoor to your network.

That’s why deep packet inspection of encrypted traffic (DPI for TLS/SSL) is mandatory for businesses of all sizes. Unfortunately, some firewall vendors upcharge you for proper TLS/SSL inspection capabilities (or don’t offer it at all).

Why upgrade: SonicWall TZ350 and TZ400 firewalls include the DPI-SSL license (by default) to inspect encrypted traffic at no additional cost, thereby reducing capital expense. Unfortunately, the TZ105, TZ205 and TZ215 do not support inspection of encrypted traffic.

Upgrade Your TZ Firewall

Ready to upgrade to the newest SonicWall TZ firewall? Take advantage of the SonicWall Secure Upgrade Plus program to save money when you replace your existing SonicWall firewall or other eligible security appliance.

UPGRADE MY FIREWALL

Secure Growing Remote Workforce

With today’s remote workforce far larger than ever before, companies need the ability to provide employees with secure access to data — anytime and anywhere. A larger number of secure VPN connections is essential to support the increasing number of remote users. But based on the firewall(s) you have deployed, you may have a limit on how many remote employees you can protect at a single time.

Why upgrade: The latest SonicWall TZ400 firewall supports 10 times the number of SSL-VPN clients as the TZ 205 and TZ 215 (100 vs. 10). The TZ350 firewall enables 7.5 times as many SSL-VPN clients as the TZ 205 and TZ 215 (75 vs. 10). The latest SonicWall TZ400 firewall supports 10 times the number of SSL-VPN clients as the TZ 205 and TZ 215 (100 vs. 10). The TZ350 firewall enables 7.5 times as many SSL-VPN clients as the TZ 205 and TZ 215 (75 vs. 10).

Support Faster Wi-Fi Speeds

The world is wireless. Wi-Fi speeds — and users’ appetite for connectivity — are increasing exponentially. The 802.11ac wireless standard delivers the performance, range and reliability of high-speed wireless technology for an enhanced user experience. But in a properly secured environment, they must be paired with a firewall that can support 802.11ac wireless standards.

Why upgrade: The SonicWall TZ350 and TZ400 firewalls support the 802.11ac wireless standard as well as SonicWave 802.11ac Wave 2 access points for high-speed wireless networking. Unfortunately, the legacy TZ105, TZ205 and TZ215 firewalls only support the slower legacy 802.11n wireless standard, and do not work with the latest SonicWave wireless access points.

Reduce Support Costs

Single sign-on (SSO) technology helps improves employee productivity and reduce IT support costs by enabling users to safely gain access to connected systems with a single ID and password. Simply, the more users can access with a single ID, the fewer support calls, IT tickets and complaints will be generated. This equals real savings to your organization.

Why upgrade:

The SonicWall TZ350 and TZ400 firewalls enable twice the population of users (500 vs. 250) to benefit from the use of single sign-on.

Protect More Concurrent Users

There should rarely be a limit on how many users you are able to protect. A higher number of concurrent connections provides greater scalability by enabling more simultaneous user sessions to be active and protected by the firewall.

Why upgrade: The newest SonicWall TZ350 and TZ400 firewalls enable a much larger number of concurrent connections per second, plus deep packet inspection of TLS/SSL-encrypted connections, compared to the TZ105, TZ205 and TZ215.

Increase Speed to Keep Pace with Threat Processing

Modern cybersecurity requires firewalls that can manage network traffic more quickly to deliver the high performance needed for modern-day threat processing. Legacy firewalls can’t process as much traffic volume, sometimes hindering performance and efficiency. This can result in businesses being unable to achieve their promised internet speeds.

Why upgrade: The SonicWall TZ400 firewall, for example, has double the number of security processors as the TZ205 and TZ215 (4 vs. 2). In addition, TZ350 and TZ400 have higher speed processors (1.2 GHz and 800 MHz, respectively), compared with 400/500 MHz processors in the previous TZ205 and TZ215 firewalls. These speed boosts keep your business humming and safe from modern threats.

Boost Memory for Added Users, Logs & Policies

The number of users who require security on your network grows by the day. Unfortunately, the on-board memory of legacy firewalls can only support a finite footprint of users on the network. Advanced firewalls offer more onboard memory to allow for more rules and policies, users, and log messages to be stored on the firewall, making reporting easily accessible.

Why upgrade: The SonicWall TZ350 and TZ400 firewalls have up to four times the onboard memory of the TZ205 and TZ215 (1 GB vs. 256 MB/512 MB). This increased capacity empowers organizations to use a single TZ firewall to protect a larger userbase with deeper and more robust rules and policies.

Boost Performance, Security with Additional VLANs

Creating a greater number of virtual local area networks (VLAN) enables organizations to segment users and devices into additional groups, improving performance and security while reducing hardware costs. The ability to scale these VLANs depends on a number of factors, most notably how many may be protected by a firewall.

Why upgrade: The SonicWall TZ400 firewall provides the ability to create up to five times the number of VLANs as the TZ 205 and TZ 215 (50 vs. 10/20). The TZ350 firewall enables the creation of 2.5 times more VLANs than the TZ 205 (25 vs. 10).

About SonicWall TZ Next-Generation Firewalls

Get high-speed threat prevention in a flexible, integrated security solution with the SonicWall TZ Series. Designed for small networks and distributed enterprises with remote and branch locations, SonicWall TZ next-generation firewalls offer five different models that can be tuned to meet your specific needs.

Feature TZ105/W TZ205/W TZ215/W TZ300/W TZ400/W
Memory (RAM) 32/256 MB 32/256 MB 32/512 MB 1 GB 1 GB
DPI performance 25 Mbps 40 Mbps 60 Mbps 100 Mbps 300 Mbps
Maximum connections
     per Second 1,000/sec 1,500/sec 1,800/sec 5,000/sec 6,000/sec
     SPI 8,000 12,000 48,000 50,000 100,000
     DPI 8,000 12,000 32,000 50,000 90,000
     DPI SSL 500 500
SSL VPN licenses (max.) 1 (10) 1 (15) 2 (10) 1 (50) (100)
Wireless standards 802.11n 802.11 a/b/g/n 802.11 a/b/g/n 802.11 a/b/g/n/ac 802.11 a/b/g/n/ac
SSO users 150 250 250 500 500
VLAN interfaces 5 10 20 25 0
DPI SSL licenses included Yes Yes
Capture Advanced Threat Protection (ATP) sandbox service Yes Yes

Advanced networking and management features, such as Secure SD-WAN and Zero-Touch Deployment, make it easy to bring up new sites as you need. Adding optional capabilities, such as PoE/PoE+ support and 802.11ac Wi-Fi, helps create a unified security solution that protects your network and data from the latest threats over wired and wireless connections.

Ready to upgrade to the newest SonicWall TZ firewall? Take advantage of the SonicWall Secure Upgrade Plus program to save money when you replace your existing SonicWall firewall or other eligible security appliance.

UPGRADE MY FIREWALL

10 Reasons to Upgrade to the Latest SonicWall NSa Firewall

/0 Comments/in /by

There are some things that are with you for life: Leather workboots on their fifth resole, your grandpa’s fishing vest, a thermos from scout camp that’s still going strong decades later. But when it comes to protection, staying current matters.

If you wouldn’t trust a 15-year-old tube of sunscreen to protect your skin, and you wouldn’t put your child in the carseat your mother saved from when you were a kid, why would you trust a legacy firewall to protect your network?

If you’re still running an older SonicWall NSA or E Series model, here are 10 reasons you should consider upgrading to the latest mid-range SonicWall NSa next-generation firewall.

Stop the Most Advanced Threats

Advanced persistent threats move with great speed and tenacity, and are designed to target and infiltrate all businesses and organizations.

However, a cloud-based, multi-engine sandbox, such as the SonicWall Capture Advanced Threat Protection (ATP) service, provides real-time security against advanced cyberattacks, including ‘never-before-seen’ ransomware, malware and side-channel attacks. Capture ATP subscribers discover and stop more than 1,000 new attacks each business day.

Why upgrade: SonicWall Capture ATP is only available for the NSA/NSa 2600 and newer next-generation firewalls, as well as the current TZ and NSsp product lines (sixth generation or newer). This service is not available for legacy SonicWall firewalls, including some NSA and E Series models (usually silver in color with the old blue SonicWall logo).

Inspect Traffic without Slowing Performance

You should never be put into a position to choose between security and performance. With bandwidth-hungry apps woven into our everyday lives — SaaS apps, video streaming and social media — firewalls with faster deep packet inspection (DPI) are better at securing networks without greatly affecting performance.

During the first half of 2020, 1 in 12 SonicWall customers with DPI-SSL turned on saw malware on encrypted traffic. And the numbers are on the rise: In June, SonicWall recorded 378,736 of these attacks—more than at any other point in 2020 or the last half of 2019.

Faster DPI performance gives businesses greater capacity to utilize higher internet speeds and support more concurrent users without ever sacrificing security.

Why upgrade:  For example, NSa 2650 delivers a 25% DPI-SSL performance improvement over the NSA 2600. SonicWall NSa 2650 and newer firewalls (e.g., 2650-9650) offer significantly faster DPI performance than their predecessors, the NSA 2600-9600 range, E Series models and other older appliances.

Inspect TLS/SSL Traffic without Increasing Costs

The majority of web traffic is encrypted today. Without proper security controls in place, TLS/SSL encryption standards provide cybercriminals easy access to your network.

That’s why deep packet inspection of encrypted traffic (DPI for TLS/SSL) is mandatory. Some firewall vendors, unfortunately, upcharge for proper TLS/SSL inspection capabilities or simply don’t offer the capability at all. Unfortunately, inspecting TLS/SSL traffic also takes compute power, and organizations need a firewall that can process TLS-encrypted traffic without hurting performance.

Why upgrade: The latest SonicWall NSa firewalls include the DPI-SSL license (by default) to inspect encrypted traffic at no additional cost, thereby reducing capital expense. Unfortunately, older-generation NSA firewalls (usually silver in color with our old logo) do not support inspection of encrypted traffic.

Upgrade Your NSa Firewall

Ready to upgrade to the newest SonicWall NSa firewall? Take advantage of the SonicWall Secure Upgrade Plus program to save money when you replace your existing SonicWall firewall or other eligible security appliance.

UPGRADE MY FIREWALL

Expand Remote Branch/Site Security

For organizations with remote and branch locations, such as retail POS businesses, schools, banks and more, the ability to create a larger number of site-to-site VPN tunnels to connect distributed networks together and securely share data is essential. But not all firewalls have the capability or capability to make this happen.

Why upgrade: By moving to the latest NSa Series firewall, your organization can secure more remote branches, services and devices. This is particularly powerful for distributed enterprises, retail organizations, etc. The NSa 2650, for example, enables the creation of 4x more site-to-site VPN tunnels than the NSA 2600 (1,000 vs. 250).

Support More High-Speed Wi-Fi Connections

Fast and secure Wi-Fi is a requirement in today’s hyper-connect world. Today’s wireless standard, 802.11ac, delivers the performance, range and reliability of high-speed wireless technology for a safe and fast user experience.

In a properly secured environment, wireless access points must be paired with a firewall that can support 802.11ac wireless standards.

Why upgrade: Newer firewalls can support more connections. The option to connect a larger number of wireless access points to a single firewall enables organizations to extend their wireless network farther without purchasing additional hardware.

Combine the latest NSa Series next-generation firewall with a SonicWall SonicWave 802.11ac Wave 2 wireless access point to create a high-speed wireless network security solution.

NSa Series firewalls and SonicWave 400 Series wireless access points both feature 2.5 gigabit Ethernet ports that can support multi-gigabit wireless throughput, which is available in the 802.11ac Wave 2 wireless standard. In addition, you can connect more wireless access points to the latest NSa firewall. The NSa 2650, for example, supports 1.5x the number of connected SonicWave wireless access points as the NSA 2600 (48 vs. 32).

Unfortunately, legacy NSA and older firewalls (as well as those on SonicOS 5.x or older firmware) do not offer multi-gigabit ports to accommodate the faster throughput supported by Wave 2 wireless standard.

Decrease Support Costs

Single sign-on (SSO) technology helps secure your environment, as well as employees, to be more productive and helps shrink IT support costs (e.g., tickets, calls, etc.) by enabling users to safely gain access to connected systems with a single ID and password.

Simply, the more users who can access a system with a single ID, the fewer support calls, IT tickets and complaints that will be generated. This self-service approach means real savings to your business or enterprise.

Why upgrade: The NSa 2650, for example, allows a larger population of users (40,000 vs. 30,000) to benefit from the use of SSO compared to the legacy NSA 2600. This disparity widens the further you go up the product line.

Increase Network Capacity

With increased network bandwidth requirements from apps, video streaming and social media, faster DPI and DPI-SSL performance provides a secure network without performance degradation.

Faster DPI performance also provides organizations with a greater capacity to utilize higher internet speeds and support more concurrent users. A higher number of concurrent connections provides greater scalability by enabling more simultaneous user sessions to be active and protected by the firewall.

Why upgrade: The NSa 2650 enables 500,000 deep packet inspection (DPI) connections and up to 100,000 deep packet inspection of TLS/SSL-encrypted (DPI-SSL) connections compared to the 250,000 for DPI and 1,000 for DPI-SSL on the NSA 2600 and older models, such as the NSA 220 (32,000 for DPI).

Boost Memory for Added Users, Logs & Policies

The number of users who require security on your network grows by the day. Unfortunately, the on-board memory of legacy firewalls can only support a finite footprint of users on the network.

Advanced NSa firewalls offer more onboard memory to allow for more rules and policies, users, and log messages to be stored on the firewall, making reporting easily accessible.

Why upgrade: The NSa 2650 has twice the onboard memory of the NSA 2600 (4 GB vs. 2 GB) and eight times the memory of the NSA 220 (4 GB vs. 512MB). This increased capacity empowers organizations to use a single NSa firewall to protect a larger userbase with deeper and more robust rules and policies.

Many Ports in a Storm

It’s time to clean up your server room or IT area. Having a greater number of ports allows organizations to connect more SonicWall devices directly to the firewall without needing to purchase a switch. In addition, organizations that require increased throughput to support bandwidth-intensive applications and data transfer need multi-gigabit ports.

Why upgrade: Newer NSa firewalls offer many more ports than their predecessors. For example, the NSa 2650 has 2.5x the number of ports as the NSA 2600 (20 vs. 8). The NSa 2650 also features eight 2.5 GbE ports while the NSA 2600 has none.

Improve Business Continuity

Many enterprises and larger organizations build businesses continuity and disaster recovery plans into their process. Part of this planning is ensuring there’s a contingency for as many scenarios as possible, not the least of which is power. Many legacy firewalls only offer a single power supply. Newer models offer a second power supply to ensure business continuity if one power supply fails.

Why upgrade: While the current NSa line and last-generation NSa Series both include a single power supply, the NSa 2650-9650 have an additional slot to add an optional second power supply for critical redundancy.

About SonicWall NSa Next-Generation Firewalls

The SonicWall Network Security appliance (NSa) Series mid-Range firewalls consolidate automated advanced threat prevention technologies in a mid-range next-generation firewall platform.

Built on a multi-core hardware architecture featuring 10-GbE and 2.5-GbE interfaces, the NSa Series scales to meet the performance demands of mid-size networks, branch offices and distributed enterprises. NSa Series firewalls feature cloud-based and on-box capabilities such as TLS/SSL decryption and inspection, application intelligence and control, Secure SD-WAN, real-time visualization and WLAN management.

For a closer look at the NSa range of firewalls, explore the specifications table below or download the complete SonicWall NSa data sheet.

UPGRADE YOUR NSA FIREWALL

Ready to upgrade to the newest SonicWall NSa firewall? Take advantage of the SonicWall Secure Upgrade Plus program to save money when you replace your existing SonicWall firewall or other eligible security appliance.

UPGRADE MY FIREWALL

Built on a multi-core hardware architecture featuring 10-GbE and 2.5-GbE interfaces, the NSa series scales to meet the performance demands of mid-sized networks, branch offices and distributed enterprises. NSa series firewalls feature cloud-based and on-box capabilities such as TLS/SSL decryption and inspection, application intelligence and control, Secure SD-WAN, real-time visualization and WLAN management.

Get the Most out of Your Security Appliance with Multi-Instance

/0 Comments/in /by

Most enterprises, colleges and universities, government agencies and MSSPs have deployed a number of stand-alone appliances to segment and secure different departments, data centers and customers over the years. Even though this type of deployment offers needed security, it creates operational and management complexities. In order to improve operational efficiency while dealing with constant changes to IT and network infrastructure, security professionals need to look at more efficient ways to deploy security appliances.

To help our customers increase efficiency and get most out of their security appliances, SonicWall has added multi-instance capability to our latest NSsp 15700 high-end firewall. Here’s how our newest feature will work, and how it compares with its predecessors.

Traditional way of doing things: Multi-tenant

Apart from deploying multiple standalone appliances to achieve segmentation and secure different entities, customers can also use multi-tenant technology. Multi-tenant allows security professionals to logically segment one instance into multiple virtual firewalls on a single security appliance. Those virtual firewalls will share the same physical resources available on the security appliance, such as CPU, memory, and interfaces. Although this method allows improved operational efficiency and the ability to deploy more than one firewall on a single security appliance, it has some limitations:

  • Virtual firewalls need to have the same software version installed — they cannot have independent versions
  • Potential for hardware resource starvation if one of the logical firewalls is oversubscribed
  • Firewall management tenant is shared, leading to configuration limitations

Multi-instance: A new generation multi-tenant

SonicWall has taken a modern approach to legacy multi-tenant with its multi-instance feature, which uses containerized architecture. This new feature enables security professionals to run multiple independent firewall instances on a single security appliance. Each firewall instance is allocated its own hardware resources, including CPU, memory and interfaces, thereby removing any potential for resource starvation.

In a containerized architecture, each firewall instance gets its own container, so they truly act as independent firewalls. This means each instance can have its own version of software, allowing for independent software upgrades and reboots. Management of each instance is done separately for every entity in the enterprise, allowing for customized security policy configuration. Multi-instance firewalling also enables flexible physical and logical interface assignments, which in turn enables simple network configurations. The figure below depicts single- versus multi-instance architecture on a four-CPU physical appliance.
Figure 1: Multi-tenant shares resources between firewall tenants. FW2 is compromised, causing resource starvation for all FW tenants. Figure 2: Multi-instance allocates dedicated resources for each firewall instance. FW2 is compromised but isolated, allowing other instances to function normally.

Multi-instance versus multi-tenant

While the traditional multi-tenant architectures suffer from resource starvation and tenant failures, this is where SonicWall’s multi-instance architecture shines. The table below offers a high-level comparison between the multi-instance and multi-tenant approach.

Modern multi-instance Legacy multi-tenant
Multiple firewalls on one appliance
Containerized architecture
Complete tenant isolation
Independant software versions
Independant management
Multi-service potential
Single tenant failure resistant
Resource starvation resistant
HA instances

Table 1: Multi-instance versus multi-tenant

Multi-instance firewall will initially be available on the new SonicWall NSsp 15700 in August 2020. SonicWall NSsp is powered by  SonicOSX, which includes many other new features such as unified policy, a new security management platform, new low-end appliance and more. To learn more about SonicWall NSsp, please visit www.sonicwall.com/NSsp.

Introducing the SonicExpress Mobile App

/0 Comments/in /by

TZ570 and TZ670 Series firewall customers now have a new way to ease and enhance their onboarding experience.

For most of us, mobile devices are becoming the go-to means for getting work done in a digitally connected world. By 2023, the number of mobile device users will increase to 7.33 billion — and by 2025, 72% of those accessing applications and the web will do so with smartphones alone.

Network admins are also utilizing mobile devices to get work done: These devices allow them to extend their presence, enabling faster responses and easier network configuration and setup.

As part of our commitment to anytime, anywhere cybersecurity, SonicWall is launching the SonicExpress mobile app. The SonicExpress mobile app greatly simplifies firewall onboarding: device registration, initial setup, basic configuration, and monitoring for 7th generation SonicWall firewalls, including the recently launched TZ670 and TZ570 series. Designed for the Apple and Android platforms, the SonicExpress app is now available for download from the Apple App Store and the Google Play Store.

Onboarding as easy as 1, 2, 3

The typical onboarding process involves appliance registration and several other steps that must be completed in order to get a new firewall ready for configuration and use. With SonicExpress, the onboarding experience of a new firewall involves just three simple steps:

  1. Launch the SonicExpress App on a mobile device
  2. Connect a mobile device USB cable to the new firewall
  3. Finish setup

Designed with intuitive interfaces, the SonicExpress app guides the user through device registration and initial setup in less than a minute.

Simplified initial firewall setup

Zero-touch deployments require firewalls to connect to the internet using a DHCP address on the WAN interface. However, in certain deployments, WAN interfaces are assigned static IP addresses or configured over a PPPoE interface. For closed network deployments, there is typically no internet connectivity for the firewall being set up. The app helps with these and other initial setup configurations by connecting the firewall using the USB interface.

The SonicWall Express Setup Guide walks users through the process of getting their firewall registered and set up for specific deployment use cases. Alternately, users can choose to register the firewall without going through the entire setup process by simply scanning a QR code.

Monitoring your firewall

The SonicExpress app allows users to monitor firewalls for threat alerts, resource utilization and system status via an intuitive dashboard. It offers the flexibility of being able to check the health of your network from anywhere and the convenience of being able to make easy, quick changes necessary to ensure the security posture of your network.

There’s more coming

This is just the initial release of the app — we’ll be adding more features in future releases, including firmware management and advanced configuration capabilities similar to those available on the web management interface.

For a firsthand look at the new SonicExpress App, you can download it directly from the Apple App Store or Google Play Store.

SonicWall NSM: Centralized Firewall Management that Scales for Any Environment

/0 Comments/in /by

As your organization expands, the need for rapid deployment of firewalls and other security services underscores the importance of unified security management — particularly if you’re a large, distributed enterprise or MSSP. Meanwhile, managing firewall operations, responding to risks and ensuring strong security measures and access controls are in place continue to be complex daily challenges. This has everyone, from C-level executives to security operators, asking some very nerve-racking questions:

  • Is our SecOps team overburdened with managing complex and perhaps even fragmented firewall silos?
  • How often do we experience inconsistent firewall policy implementations or policy misconfigurations, omissions or conflicts that cause security vulnerabilities that ripple across the organization?
  • Does our team have the required visibility and insight into these potential risks to respond quickly?
  • How we are measuring against our own internal security audits?

To help you address these tough questions, SonicWall is introducing Network Security Manager (NSM), a multi-tenant centralized firewall manager built for the cloud. NSM puts you in command of your firewall operations and lets you see and manage risks across your firewall ecosystem — all from one easy-to-use cloud app.

To borrow a “Star Trek” reference, when using NSM, you’ll have the “conn.” Device templates and configuration deployment wizards allow for central orchestration of firewall management while reducing policy misconfigurations and human error. The modern UI has been redesigned with a user-first emphasis and is intuitive and visually stunning. The menus, navigation and workflows have been simplified, and are logically organized and streamlined. By simplifying what was once complex, labor-intensive and error-prone, NSM gives you the power to be more effective, aware and in control.

Be in control

Built using cloud-native architecture like microservices and containers, NSM can infinitely scale on demand. Combined with NSM’s tenant-level manageability and visibility and its group-based device control, this unlimited scalability allows you to centrally deploy and manage an unlimited number of firewall devices, device groups and tenants while eliminating firewall silos.

NSM also gives you the ability to synchronize and enforce consistent security and policies across on-prem and cloud environments. And with NSM’s user-friendly cloud console, you can do it all from any location, using any browser-enabled device.

Be more effective

NSM gives you the tools to work smarter and take security actions faster with less effort. Workflows are guided by business processes and designed to simplify — and in some cases, automate — tasks to reduce the time and overhead of performing everyday security operations. For example, you can:

  • Track all managed firewalls from a single view and take administrative actions — including editing settings; synchronizing firewalls; upgrading software, audit or backup configurations; managing commits; scheduling reports; and more — directly from a unified device table
  • Onboard and operationalize hundreds of firewalls, switches and access points remotely through NSM’s significantly enhanced zero-touch deployment
  • Deploy configuration changes easily with an intuitive, four-step Commit and Deploy wizard
  • Use the REST API service to automate firewall operations — including device group and tenant management, audit configurations, performing system health checks and more — programmatically for any managed SonicWall firewalls.

Be more aware

NSM’s interactive dashboard features real-time monitoring and provides comprehensive reporting and analytics data. This allows security analysts and operators to troubleshoot problems, investigate risks and take smart security policy actions. NSM’s executive dashboard can help guide decision makers with security planning and policy actions, giving C-level executives the tools to better understand current threat activities and monitor company security posture. This data can also be used to determine whether internal security requirements are being met, whether to build risk management into the business strategy, or both.

… all with a lower TCO.

NSM can help lower overall TCO with its cloud-native SaaS offering. There’s no HW/SW to deploy; no maintenance schedule; no software customization, configurations or upgrades; no downtime; and no depreciation and retirement costs. Instead, organizations simply pay a low, predictable yearly subscription cost.

The UX/UI usability enhancements further reduce IT overhead, as management workflows are simplified for maximum efficiency. SecOps can easily find what they need and get things done with far fewer screens and clicks.

Deployment use cases

Since NSM is built for the cloud, it can fundamentally scale to support any environment — from a single small network with a few firewalls to a multi-tenant enterprise or MSSP environment with hundreds of security nodes under each tenant.

In small businesses with several managed firewalls, users can deploy a simple template for the firewalls in the DMZ zone and a different template for firewalls on the LAN to provide simple access control.

NSM also features a strong set of enterprise-level capabilities. Using a combination of features such as zero-touch, device group, template, and commit and deploy, admins can create and deploy a configuration template for each defined group of devices and apply it independently. This gives SecOps teams total operational control over how, what, where and when to manage their firewall operations.

Let’s take it a step further with a typical use case for a distributed enterprise — in this case, a major brand retailer with multiple outlets. This network infrastructure divides multiple locations around the country based on geography. In each location, NSM has multiple device groups created and categorized as Stores, Warehouses and Datacenter. It then commits and deploys a template to multiple device groups on the same network or over multiple networks.

Unlike a distributed enterprise, an MSSP manages multiple tenants in different locations. Each tenant has completely different ways of organizing devices and varying security requirements for each network. In this use case, a specific template or multiple templates can be created and applied to every tenant. Those assigned templates are considered local to a tenant. MSSP also has the flexibility to apply a global template to multiple device groups across all managed tenants to enforce consistent security measures on everything they manage.

In summary, although NSM is typically used by SecOps to run the day-to-day firewall operation, the use cases and benefits extend to other key stakeholders, from C-level executives to security analysts and IT leaders.

To learn more about NSM, visit www.sonicwall.com/nsm