Specifications:
NSA 2650
The NSA 2650 delivers high-speed threat prevention over thousands of encrypted and even more unencrypted connections to mid-sized organizations and distributed enterprises.
NSA 3650
The SonicWall NSA 3650 is ideal for branch office and smallto medium-sized corporate environments concerned about throughput capacity and performance.
NSA 4650
The SonicWall NSA 4650 secures growing medium-sized organizations and branch office locations with enterprise-class features and uncompromising performance.
NSA 5650
The SonicWall NSA 5650 is ideal for distributed, branch office and corporate environments needing significant throughput and high port density.
| Firewall general | NSA 2650 | NSA 3650 | NSA 4650 | NSA 5650 |
|---|---|---|---|---|
| Operating system | SonicOS 6.5.2 | |||
| Security processing cores | 4 | 4 | 10 | 10 |
| Interfaces | 4 x 2.5-GbE SFP, 4 x 2.5-GbE, 12 x 1-GbE, 1 GbE Management, 1 Console |
2 x 10-GbE SFP+, 8 x 2.5-GbE SFP, 4 x 2.5-GbE, 12 x 1-GbE, 1 GbE Management, 1 Console |
2 x 10-GbE SFP+, 4 x 2.5-GbE SFP, 4 x 2.5-GbE, 16 x 1-GbE, 1 GbE Management, 1 Console |
2 x 10-GbE SFP+, 2 x 10-GbE, 4 x 2.5-GbE SFP, 4 x 2.5-GbE, 16 x 1-GbE, 1 GbE Management, 1 Console |
| Expansion | 1 Expansion Slot (Rear)* | |||
| Built-in storage | 16 GB | 32 GB | 32 GB | 64 GB |
| Management | CLI, SSH, Web UI, Capture Security Center, GMS, REST APIs | |||
| SSO users | 40,000 | 50,000 | 60,000 | 70,000 |
| Maximum access points supported | 48 | 96 | 128 | 192 |
| Logging | Analyzer, Local Log, Syslog | |||
| Firewall/VPN Performance | NSA 2650 | NSA 3650 | NSA 4650 | NSA 5650 |
| Firewall inspection throughput1 | 3.0 Gbps | 3.75 Gbps | 6.0 Gbps | 6.25 Gbps |
| Threat Prevention throughput2(Max Security) | 600 Mbps | 730 Mbps | 1.2 Gbps | 1.7 Gbps |
| Threat Prevention throughput2,6(Performance Optimized) | 1.20 Gbps | 1.75 Gbps | 2.50 Gbps | 3.40 Gbps |
| Application inspection throughput2 | 1.4 Gbps | 2.1 Gbps | 3.0 Gbps | 4.25 Gbps |
| IPS throughput2 | 1.4 Gbps | 1.8 Gbps | 2.3 Gbps | 3.4 Gbps |
| Anti-malware inspection throughput2 | 600 Mbps | 800 Mbps | 1.25 Gbps | 1.7 Gbps |
| IMIX throughput | 700 Mbps | 900 Mbps | 1.3 Gbps | 1.45 Gbps |
| TLS/SSL decryption and inspection throughput (DPI SSL)2 | 250 Mbps | 300 Mbps | 500 Mbps | 800 Mbps |
| VPN throughput3 | 1.3 Gbps | 1.5 Gbps | 3.0 Gbps | 3.5 Gbps |
| Connections per second | 14,000/sec | 14,000/sec | 40,000/sec | 40,000/sec |
| Maximum connections (SPI) | 1,000,000 | 2,000,000 | 3,000,000 | 4,000,000 |
| Maximum connections (DPI) | 500,000 | 750,000 | 1,000,000 | 1,500,000 |
| Maximum connections (DPI SSL) | 18,000 | 24,000 | 30,000 | 37,000 |
| Default connections (DPI/DPI SSL)4 | 500,000/12,000 | 625,000/15,000 | 750,000/18,000 | 1,000,000/19,000 |
| VPN | NSA 2650 | NSA 3650 | NSA 4650 | NSA 5650 |
| Site-to-site tunnels | 1,000 | 3,000 | 4,000 | 6,000 |
| IPSec VPN clients (max) | 50 (1,000) | 500 (3,000) | 2,000 (4,000) | 2,000 (6,000) |
| SSL VPN NetExtender clients (max) | 2 (350) | 2 (500) | 2 (1,000) | 2 (1,500) |
| Encryption/Authentication | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B Cryptography | |||
| Key exchange | Diffie Hellman Groups 1, 2, 5, 14v | |||
| Route-based VPN | RIP, OSPF, BGP | |||
| Networking | NSA 2650 | NSA 3650 | NSA 4650 | NSA 5650 |
| IP address assignment | Static (DHCP, PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP Relay | |||
| NAT modes | 1:1, many:1, 1:many, flexible NAT (overlapping IPS), PAT, transparent mode | |||
| VLAN interfaces | 256 | 256 | 400 | 500 |
| Routing protocols | BGP, OSPF, RIPv1/v2, static routes, policy-based routing | |||
| QoS | Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p | |||
| Authentication | LDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC) | |||
| VoIP | Full H323-v1-5, SIP | |||
| Standards | TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3 | |||
| Certifications (in progress) | ICSA Firewall, ICSA Anti-Virus, FIPS 140-2, Common Criteria NDPP (Firewall and IPS), UC APL, USGv6, CsFC | |||
| High availability5 | Active/Passive with State Sync |
Active/Passive with State Sync Active/Active Clustering |
Active/Passive with State Sync, Active/Active DPI with State Sync, Active/Active Clustering |
|
| Hardware | NSA 2650 | NSA 3650 | NSA 4650 | NSA 5650 |
| Power supply | Dual, redundant 120W (one included) |
Dual, redundant 350W (one included) |
||
| Fans | Dual, Fixed | Dual, Removable | ||
| Input power | 100-240 VAC, 50-60 Hz | |||
| Maximum power consumption (W) | 37.2 | 46 | 93.6 | 103.6 |
| MTBF @25ºC in hours | 162,231 | 156,681 | 154,529 | 153,243 |
| MTBF @25ºC in years | 18.5 | 17.9 | 17.6 | 17.5 |
| Form factor | 1U Rack Mountable | |||
| Dimensions | 16.9 x 12.8 x 1.8 in (43 x 32.5 x 4.5 cm) | 16.9 x 16.3 x 1.8 in (43 x 41.5 x 4.5 cm) | ||
| Weight | 11.5 lb (5.2 kg) | 11.7 lb (5.3 kg) | 15.2 lb (6.9 kg) | 15.2 lb (6.9 kg) |
| WEEE weight | 12.1 lb (5.5 kg) | 12.3 lb (5.6 kg) | 19.6 lb (8.9 kg) | 19.6 lb (8.9 kg) |
| Shipping weight | 17.0 lb (7.7 kg) | 17.2 lb (7.8 kg) | 24.9 lb (11.3 kg) | 24.9 lb (11.3 kg) |
| Major regulatory | FCC Class A, CE (EMC, LVD, RoHS), C-Tick, VCCI Class A, MSIP/KCC Class A, UL, cUL, TUV/GS, CB, Mexico CoC by UL, WEEE , REACH, ANATEL, BSMI | |||
| Environment (Operating/Storage) | 32°-105° F (0°-40° C)/-40° to 158° F (-40° to 70° C) | |||
| Humidity | 10-90% non-condensing | |||
1Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services.2Threat Prevention/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools. Testing done with multiple flows through multiple port pairs. Threat Prevention throughput measured with Gateway AV, Anti-Spyware, IPS and Application Control enabled.3VPN throughput measured using UDP traffic at 1280 byte packet size adhering to RFC 2544. All specifications, features and availability are subject to change.4For every 125,000 DPI connections reduced, the number of available DPI SSL connections increases by 3,000 except for NSA 9250 and above.5Active/Active Clustering and Active/Active DPI with State Sync require purchase of Expanded License.6Performance optimized mode can provide significant increases in performance without major impact to threat prevention efficacy.*Future use. All specifications, features and availability are subject to change.
