NSv Series
SonicWall Network Security virtual (NSv) firewalls protect all critical components of your private/public cloud environment from resource misuse attacks, cross virtual machine attacks, side channel attacks and common network based exploits and threats. It captures traffic between virtual machines and networks for automated breach prevention and establishes access control measures for data confidentiality and ensures VMs safety and integrity.
Legend: S — Standard, O — Optional, N — Not Available
| _productName | NSv 10 | NSv 25 | NSv 50 | NSv 100 | NSv 200 | NSv 300 | NSv 400 | NSv 800 | NSv 1600 | |
|---|---|---|---|---|---|---|---|---|---|---|
| Operating system | Firewall General | SonicOS | SonicOS | SonicOS | SonicOS | SonicOS | SonicOS | SonicOS | SonicOS | SonicOS |
| Supported Hypervisors | Firewall General | VMware ESXi v5.5 / v6.0 / v6.5 | VMware ESXi v5.5 / v6.0 / v6.5 | VMware ESXi v5.5 / v6.0 / v6.5 | VMware ESXi v5.5 / v6.0 / v6.5 | VMware ESXi v5.5 / v6.0 / v6.5 | VMware ESXi v5.5 / v6.0 / v6.5 | VMware ESXi v5.5 / v6.0 / v6.5 | VMware ESXi v5.5 / v6.0 / v6.5 | VMware ESXi v5.5 / v6.0 / v6.5 |
| Max Cores | Firewall General | 2 | 2 | 2 | 2 | 2 | 3 | 4 | 8 | 16 |
| Max Mgmt/DataPlane Cores | Firewall General | 1/1 | 1/1 | 1/1 | 1/1 | 1/1 | 1/2 | 1/3 | 1/7 | 1/15 |
| Min Memory Required | Firewall General | 4G | 4G | 4G | 4G | 6G | 8G | 8G | 10G | 12G |
| Supported IP/Nodes | Firewall General | 10 | 25 | 50 | 100 | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited |
| Storage | Firewall General | 60 GB | 60 GB | 60 GB | 60 GB | 60 GB | 60 GB | 60 GB | 60 GB | 60 GB |
| SSO users | Firewall General | 25 | 50 | 100 | 100 | 500 | 5,000 | 10,000 | 15,000 | 20,000 |
| Logging | Firewall General | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog | Analyzer, Local Log, Syslog |
| High availability | Firewall General | Active/Passive | Active/Passive | Active/Passive | Active/Passive | Active/Passive | Active/Passive | Active/Passive | Active/Passive | Active/Passive |
| Firewall Inspection Throughput | Firewall/VPN Performance (1) | 2 Gbps | 2.5 Gbps | 3 Gbps | 3.5 Gbps | 4.1 Gbps | 5.9 Gbps | 7.8 Gbps | 13.9 Gbps | 17.2 Gbps |
| Full DPI Throughput (GAV/GAS/IPS) | Firewall/VPN Performance (1) | 450 Mbps | 550 Mbps | 650 Mbps | 750 Mbps | 900 Mbps | 1.6 Gbps | 2.2 Gbps | 4.0 Gbps | 6.4 Gbps |
| Application Inspection Throughput | Firewall/VPN Performance (1) | 1 Gbps | 1.25 Gbps | 1.5 Gbps | 1.75 Gbps | 2.3 Gbps | 3.4 Gbps | 4.1 Gbps | 5.5 Gbps | 6.4 Gbps |
| IPS Throughput | Firewall/VPN Performance (1) | 1 Gbps | 1.25 Gbps | 1.5 Gbps | 1.75 Gbps | 2.3 Gbps | 3.4 Gbps | 4.1 Gbps | 5.5 Gbps | 6.7 Gbps |
| Anti-Malware Inspection Throughput | Firewall/VPN Performance (1) | 450 Mbps | 550 Mbps | 650 Mbps | 750 Mbps | 900 Mbps | 1.6 Gbps | 2.2 Gbps | 4.0 Gbps | 6.6 Gbps |
| IMIX Throughput | Firewall/VPN Performance (1) | 750 Mbps | 850 Mbps | 950 Mbps | 1100 Mbps | 1.5 Gbps | 2.3 Gbps | 2.8 Gbps | 4.2 Gbps | 5.3 Gbps |
| TLS/SSL DPI Throughput | Firewall/VPN Performance (1) | 650 Mbps | 750 Mbps | 850 Mbps | 950 Mbps | 1.1 Gbps | 1.2 Gbps | 1.8 Gbps | 3.4 Gbps | 5.1 Gbps |
| VPN Throughput | Firewall/VPN Performance (1) | 500 Mbps | 550 Mbps | 600 Mbps | 650 Mbps | 750 Mbps | 1.4 Gbps | 1.9 Gbps | 4.2 Gbps | 8.4 Gbps |
| Connections per second | Firewall/VPN Performance (1) | 1,800 | 5,000 | 8,000 | 10,000 | 13,760 | 24,360 | 37,270 | 75,640 | 125,000 |
| Maximum connections (SPI) | Firewall/VPN Performance (1) | 10,000 | 50,000 | 125,000 | 150,000 | 225,000 | 1M | 1.5M | 3M | 4M |
| Maximum connections (DPI) | Firewall/VPN Performance (1) | 10,000 | 50,000 | 100,000 | 125,000 | 125,000 | 500,000 | 1.5M | 2M | 2.5M |
| TLS/SSL DPI Connections | Firewall/VPN Performance (1) | 500 | 1,000 | 2,000 | 4,000 | 8,000 | 12,000 | 20,000 | 30,000 | 50,000 |
| Site-to-Site VPN Tunnels | VPN | 10 | 10 | 25 | 50 | 75 | 100 | 6000 | 10,000 | 25,000 |
| IPSec VPN clients (max) | VPN | 10 | 10 | 25 | 25 | 50(1000) | 50(1000) | 2000(4000) | 2000(6000) | 2000(10,000) |
| SSL VPN NetExtender Clients (Maximum) | VPN | 2(10) | 2(25) | 2(25) | 2(25) | 2(100) | 2(100) | 2(100) | 2(100) | 2(100) |
| Encryption/authentication | VPN | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B, Common Access Card (CAC) | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B, Common Access Card (CAC) | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B, Common Access Card (CAC) | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B, Common Access Card (CAC) | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B, Common Access Card (CAC) | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B, Common Access Card (CAC) | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B, Common Access Card (CAC) | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B, Common Access Card (CAC) | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B, Common Access Card (CAC) |
| Key exchange | VPN | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v | Diffie Hellman Groups 1, 2, 5, 14v |
| Route-based VPN | VPN | RIP, OSPF, BGP | RIP, OSPF, BGP | RIP, OSPF, BGP | RIP, OSPF, BGP | RIP, OSPF, BGP | RIP, OSPF, BGP | RIP, OSPF, BGP | RIP, OSPF, BGP | RIP, OSPF, BGP |
| IP address assignment | Networking | Static, DHCP, internal DHCP server, DHCP relay | Static, DHCP, internal DHCP server, DHCP relay | Static, DHCP, internal DHCP server, DHCP relay | Static, DHCP, internal DHCP server, DHCP relay | Static, DHCP, internal DHCP server, DHCP relay | Static, DHCP, internal DHCP server, DHCP relay | Static, DHCP, internal DHCP server, DHCP relay | Static, DHCP, internal DHCP server, DHCP relay | Static, DHCP, internal DHCP server, DHCP relay |
| NAT modes | Networking | 1:1, many:1, 1:many, flexible NAT (overlapping IPs), PAT, transparent mode | 1:1, many:1, 1:many, flexible NAT (overlapping IPs), PAT, transparent mode | 1:1, many:1, 1:many, flexible NAT (overlapping IPs), PAT, transparent mode | 1:1, many:1, 1:many, flexible NAT (overlapping IPs), PAT, transparent mode | 1:1, many:1, 1:many, flexible NAT (overlapping IPs), PAT, transparent mode | 1:1, many:1, 1:many, flexible NAT (overlapping IPs), PAT, transparent mode | 1:1, many:1, 1:many, flexible NAT (overlapping IPs), PAT, transparent mode | 1:1, many:1, 1:many, flexible NAT (overlapping IPs), PAT, transparent mode | 1:1, many:1, 1:many, flexible NAT (overlapping IPs), PAT, transparent mode |
| VLAN Interfaces | Networking | 25 | 25 | 50 | 50 | 50 | 256 | 500 | 512 | 512 |
| Routing protocols | Networking | BGP, OSPF, RIPv1/v2, static routes, policy-based routing | BGP, OSPF, RIPv1/v2, static routes, policy-based routing | BGP, OSPF, RIPv1/v2, static routes, policy-based routing | BGP, OSPF, RIPv1/v2, static routes, policy-based routing | BGP, OSPF, RIPv1/v2, static routes, policy-based routing | BGP, OSPF, RIPv1/v2, static routes, policy-based routing | BGP, OSPF, RIPv1/v2, static routes, policy-based routing | BGP, OSPF, RIPv1/v2, static routes, policy-based routing | BGP, OSPF, RIPv1/v2, static routes, policy-based routing |
| QoS | Networking | Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p | Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p | Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p | Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p | Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p | Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p | Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p | Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p | Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p |
| Authentication | Networking | XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix | XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix | XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix | XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix | XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix | XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix | XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix | XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix | XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix |
| VoIP | Networking | Full H323-v1-5, SIP | Full H323-v1-5, SIP | Full H323-v1-5, SIP | Full H323-v1-5, SIP | Full H323-v1-5, SIP | Full H323-v1-5, SIP | Full H323-v1-5, SIP | Full H323-v1-5, SIP | Full H323-v1-5, SIP |
| Standards | Networking | TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS | TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS | TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS | TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS | TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS | TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS | TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS | TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS | TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS |
(1) Published performance numbers are up to the specification and the actual performance may vary depending on underlying hardware, network conditions; firewall configuration and activated services. Performance and capacities may also vary based on underlying virtualization infrastructure, and we recommend additional testing within your environment to ensure your performance and capacity requirements are met. Performance metrics were observed using Intel Xeon W Processor (W-2195 2.3GHz, 4.3GHz Turbo, 24.75M Cache) running SonicOSv 6.5.0.2 with VMware vSphere 6.5.
Testing Methodologies:
Maximum performance based on RFC 2544 (for firewall).
Full DPI/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Spirent WebAvalanche HTTP performance test and Ixia test tools.
Testing done with multiple flows through multiple port pairs.
VPN throughput measured using UDP traffic at 1418 byte packet size adhering to RFC 2544. All specifications and features are subject to change.
PUBLIC AND PRIVATE CLOUD SECURITY
- Gain complete visibility into intra-host communication between virtual machines for threat prevention
- Ensure appropriate placement of security policies throughout the virtual environment
- Deliver safe application enablement rules by the application, user and device regardless of VM location
- Implement proper security zoning (VLANs) and isolation
VIRTUAL MACHINE PROTECTON
- Defend against zero-day vulnerabilities with Capture Advanced Threat Protection
- Prevent unauthorized takeover of virtual systems
- Stop unauthorized access to protected data assets
- Block malicious and intrusive actions such as spreading malware, executing operating system commands, file system browsing and C&C communication
- Reduce service disruption of any part or entire virtual ecosystem