SonicWall NSa 5700 Secure Upgrade Plus - Advanced Edition, 3 Year

SonicWall NSa 5700 Secure Upgrade Plus - Advanced Edition, 3 Year

Special Price $27,904.00 Regular Price $34,880.00

SonicWall NSa 5700 Secure Upgrade Plus - Advanced Edition, 3 Year

MFG.PART: 02-SSC-3928

Earn 27,904 points when you buy me!

Hurry! Other 3 people are watching this product
Special Price $27,904.00 Regular Price $34,880.00
In stock
Free shipping Free shipping
could be yours in 1 - 5 days could be yours in 1 - 5 days
Hurry! Other 3 people are watching this product

Defeating advanced threats requires an advanced firewall solution built for the needs of your business. The SonicWall Network Security appliance (NSa) Mid-Range Firewall is next-generation security designed specifically for businesses of 250 users and up. Work with the confidence of knowing you’re protected against the day-to-day incursions as well as against advanced threats like ransomware, attacks against non-standard ports, and breaches in firewalls, all at the speed of business.




Advanced threat prevention in a high-performance security platform

The SonicWall Network Security appliance (NS) Mid-Range Firewall series consolidates automated advanced threat prevention technologies in a mid-range next-generation firewall platform. Built on a multi-core hardware architecture featuring 10-GbE and 2.5-GbE interfaces, the NS series scales to meet the performance demands of mid-sized networks, branch offices and distributed enterprises. NS series firewalls feature cloud-based and on-box capabilities such as TLS/SSL decryption and inspection, application intelligence and control, Secure SD-WAN, real-time visualization and WLAN management.


-Block more attacks with Real-Time Deep Memory Inspection (RTDMI) & Reassembly-Free Deep Packet Inspection (RFDPI) technologies.
-Prevent advanced threats with cloud-based and on-box threat prevention.
-Decrypt and inspect TLS/SSL and SSH traffic in real time.
-Enhance throughput with 10-GbE and 2.5-GbE interfaces.
-Ensure redundancy with dual power supplies.
-Leverage the onboard storage module.
-Extend your network perimeter with the built-in wireless controller.


-Create high-performance WANs using low-cost Intern access with Secure SD-WAN technology.
-Take advantage of the powerful SonicOS operating system.


-Tightly integrate with SonicWall solutions.
-Centrally manage network security.
-Scale through multiple hardware platforms.
-Lower your total cost of ownership.


-Gain consolidated threat intelligence from more than one million SonicWall sensors worldwide.
-SonicWall Capture Labs researchers develop and automatically deliver signatures to customers in real time.
-NS firewalls have continuous access to the Capture Cloud Platform for millions of malware signatures.
-Capture Cloud Platform also delivers single pane of glass management, licensing, reporting and analytics.


-Capture ATP, a cloud based multi-engine sandbox, provides automated real-time breach prevention.
-While the firewall holds suspicious files at the gateway, deep learning algorithms analyze files in real time.
-If malware is found, the file is blocked and a hash is immediately captured in the Capture Cloud.
-Capture ATP analyzes a broad range of OS and files including EXE, DLL, PDF, MS Office, JAR and APK.
-SonicWall Capture Client combines next-gen AV with the Capture ATP sandboxing.

Tech Specs

Tech specs

Firewall NSA 5700

Firewall inspection throughput 28 Gbps
IPS throughput 17 Gbps
Anti-malware inspection throughput 16 Gbps
Storage 128GB
Expansion Storage Expansion
Slot (Up to 1TB)
Maximum connections (DPI) 3,500,000
Interfaces 6 x 10G/5G/2.5G/1G
(SFP+); 2x
(Cu); 24 x 1GbE Cu
2 USB 3.0,
1 Console,
1 Mgmt. port
Built-in storage 128 GB
Management -
SSO users 50,000
Maximum access points supported 512
Logging -


Essential Edition

Secure Upgrade Plus - Advanced Edition, 3 Year


MFG Number 02-SSC-3928


Firewall inspection throughput 28 Gbps
Threat Prevention throughput 15 Gbps
Application inspection throughput 18 Gbps
IPS throughput 17 Gbps
Anti-malware inspection throughput 16 Gbps
IMIX throughput -
TLS/SSL inspection and
decryption throughput (DPI SSL)
7 Gbps
VPN throughput 15 Gbps
Connections per second 228,000
Maximum connections (SPI) 5,000,000
Maximum connections (DPI) 3,500,000
MAX DPI-SSL Connections 350,000


Site-to-site VPN tunnels 6,000
IPSec VPN clients (max) 2000 (4000)
SSL VPN NetExtender clients (max) -
Encryption/Authentication DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B Cryptography
Key exchange Diffie Hellman Groups 1, 2, 5, 14v
Route-based VPN RIP, OSPF, BGP


IP address assignment Static (DHCP, PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP relay
NAT modes 1:1, 1:many, many:1, many:many, flexible NAT (overlapping IPs), PAT, transparent mode
VLAN interfaces -
Routing protocols BGP4, OSPF, RIPv1/v2, static routes, policy-based routing
QoS Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1e (WMM)
Authentication LDAP (multiple domains), XAUTH/RADIUS, TACACS+, SSO, Radius accounting NTLM,
internal user database, 2FA, Terminal Services, Citrix, Common Access Card (CAC)
VoIP Full H323-v1-5, SIP
Certifications (in progress) FIPS 140-2 (with Suite B), UC APL, IPv6 (Phase 2), ICSA Network Firewall,
ICSA Anti-virus, Common Criteria NDPP (Firewall and IPS)
High availability Active/Passive with stateful synchronization


Power supply 350W
Fans 2 (removable)
Input power -
Maximum power consumption (W) 128.1
Dimensions 43 x 46.5 x 4.5 (cm) 16.9 x 18.1 x 1.8 in
Weight 7.8 Kg
WEEE weight 9.6 Kg
Shipping weight 13.5 Kg
Major regulatory FCC Class A, CE (EMC, LVD, RoHS), C-Tick, VCCI Class A, MSIP/KCC Class A, UL, cUL,
Environment (Operating/Storage) 32°-105° F (0°-40° C)/-40° to 158° F (-40° to 70° C)
Humidity 0-90% R.H non-condensing

NSsp Series (High End)

OS Features

SonicOS Feature Summary

NSA 5700

Firewall Stateful packet inspection
Reassembly-Free Deep Packet Inspection
DDoS attack protection (UDP/ICMP/SYN flood)
Biometric authentication for remote access
DNS proxy
TLS/SSL/SSH decryption and inspection Deep packet inspection for TLS/SSL/SSH
Inclusion/exclusion of objects, groups or hostnames
TLS/SSL control
Granular DPI SSL controls per zone or rule
Capture advanced threat protection Real-Time Deep Memory Inspection
Cloud-based multi-engine analysis
Virtualized sandboxing
Hypervisor level analysis
Full system emulation
Broad file type examination
Automated and manual submission
Real-time threat intelligence updates
Block until verdict
Capture Client
Intrusion prevention Signature-based scanning
Automatic signature updates
Bi-directional inspection
Granular IPS rule capability
GeoIP enforcement
Botnet filtering with dynamic list
Regular expression matching
Anti-malware Stream-based malware scanning
Gateway anti-virus
Gateway anti-spyware
Bi-directional inspection
No file size limitation
Cloud malware database
Application identification Application control
Application bandwidth management
Custom application signature creation
Data leakage prevention
Application reporting over NetFlow/IPFIX
Comprehensive application signature database
Traffic visualization and analytics User activity
Application/bandwidth/threat usage
Web content filtering URL filtering
Proxy avoidance
Keyword blocking
HTTP header insertion
Bandwidth manage CFS rating categories
Unified policy model with app control
Content Filtering Client
VPN Auto-provision VPN
IPSec VPN for site-to-site connectivity
SSL VPN and IPSec client remote access
Redundant VPN gateway
Mobile Connect for iOS, Mac OS X, Windows, Chrome, Android and Kindle Fire
Route-based VPN (OSPF, RIP, BGP)
Networking PortShield
Jumbo frames
Enhanced logging
VLAN trunking
RSTP (Rapid Spanning Tree Protocol)
Port mirroring
Port security
Layer-2 QoS
Dynamic routing (RIP/OSPF/BGP)
Policy-based routing
DNS/DNS proxy
DHCP server
Wireless WIDS/WIPS
RF spectrum analysis
Rogue AP prevention
Fast roaming (802.11k/r/v)
Floor plan view/Topology view
Band steering
AirTime fairness
MiFi extender
Guest cyclic quota
LHM guest portal
VoIP Granular QoS control
Bandwidth management
SIP and H.323 transformations per access rule
H.323 gatekeeper and SIP proxy support
Management and monitoring GMS, Web, UI, CLI, REST APIs,SNMPv2/v3
Netflow/IPFix exporting
Cloud-based configuration backup
BlueCoat Security Analytics Platform
SonicWall access point management
Local storage Logs
Firmware backups


Reassembly-Free Deep Packet Inspection (RFDPI) This high-performance, proprietary and patented inspection engine performs stream-based, bi-directional traffic analysis,without proxying or buffering, to uncover intrusion attempts and malware and to identify application traffic regardless of port.
Bi-directional inspection Scans for threats in both inbound and outbound traffic simultaneously to ensure that the network is not used to distribute malware and does not become a launch platform for attacks in case an infected machine is brought inside.
Stream-based inspection Proxy-less and non-buffering inspection technology provides ultra-low latency performance for DPI of millions ofsimultaneous network streams without introducing file and stream size limitations, and can be applied on commonprotocols as well as raw TCP streams.
Highly parallel and scalable The unique design of the RFDPI engine works with the multi-core architecture to provide high DPI throughput andextremely high new session establishment rates to deal with traffic spikes in demanding networks.
Single-pass inspection A single-pass DPI architecture simultaneously scans for malware, intrusions and application identification, drasticallyreducing DPI latency and ensuring that all threat information is correlated in a single architecture.


Secure SD-WAN An alternative to more expensive technologies such as MPLS, Secure SD-WAN enables distributed enterprise organizations to build, operate and manage secure, high-performance networks across remote sites for the purpose of sharing data, applications and services using readily-available, low-cost public internet services.
REST APIs Allows the firewall to receive and leverage any and all proprietary, original equipment manufacturer and third-partyintelligence feeds to combat advanced threats such as zero-day, malicious insider, compromised credentials, ransomwareand advanced persistent threats.
Stateful packet inspection All network traffic is inspected, analyzed and brought into compliance with firewall access policies.
High availability/clustering The NSsp series supports Active/Passive (A/P) with state synchronization, Active/Active (A/A) DPI and Active/Activeclustering high availability modes. Active/Active DPI offloads the deep packet inspection load to cores on the passive appliance to boost throughput.
DDoS/DoS attack protection SYN flood protection provides a defense against DoS attacks using both Layer 3 SYN proxy and Layer 2 SYN blacklisting technologies. Additionally, it protects against DoS/DDoS through UDP/ICMP flood protection and connection rate limiting.
Flexible deployment options The NSsp series can be deployed in traditional NAT, Layer 2 bridge, wire and network tap modes


WAN load balancing Load-balances multiple WAN interfaces using Round Robin, Spillover or Percentage methods. Policy-based routing Creates routes based on protocol to direct traffic to a preferred WAN connection with the ability to fail back to a secondary WAN in the event of an outage.
Advanced quality of service (QoS) Guarantees critical communications with 802.1p, DSCP tagging and remapping of VoIP traffic on the network
H.323 gatekeeper and SIP proxy support Blocks spam calls by requiring that all incoming calls are authorized and authenticated by H.323 gatekeeper or SIP proxy.
Single and cascaded Dell N-Series and X-Series switch management Manage security settings of additional ports, including Portshield, HA, PoE and PoE+, under a single pane of glass using the firewall management dashboard for Dell's N-Series and X-Series network switches.
Biometric authentication Supports mobile device authentication such as fingerprint recognition that cannot be easily duplicated or shared to securely authenticate the user identity for network access.
Open authentication and social login Enable guest users to use their credential from social networking service such as Facebook, Twitter, or Google+ to sign in and access the Internet and other guest services through a host's wireless, LAN or DMZ zones using pass-through authentication.
Multi-domain authentication Provides a simple and fast way to administer security polices across all network domains. Manage individual policy to a single domain or group of domains.


Global Management System (GMS) Configuration and management of SonicWall appliances is available on-premises using SonicWall Global Management System (GMS).
Powerful single device management An intuitive web-based interface allows quick and convenient configuration, in addition to a comprehensive command-line interface and support for SNMPv2/3.
IPFIX/NetFlow application flow reporting Exports application traffic analytics and usage data through IPFIX or NetFlow protocols for real-time and historical monitoring and reporting with tools such as SonicWall Analytics or other tools that support IPFIX and NetFlow with extensions.


Auto-provision VPN Simplifies and reduces complex distributed firewall deployment down to a trivial effort by automating the initial site-to-site VPN gateway provisioning between SonicWall firewalls while security and connectivity occurs instantly and automatically.
IPSec VPN for site-to-site connectivity High-performance IPSec VPN allows the NSsp series to act as a VPN concentrator for thousands of other large sites, branch offices or home offices.
SSL VPN or IPSec client remote access Utilizes clientless SSL VPN technology or an easy-to-manage IPSec client for easy access to email, files, computers, intranet sites and applications from a variety of platforms.
Redundant VPN gateway When using multiple WANs, a primary and secondary VPN can be configured to allow seamless, automatic failover and failback of all VPN sessions
Route-based VPN The ability to perform dynamic routing over VPN links ensures continuous uptime in the event of a temporary VPN tunnel failure, by seamlessly re-routing traffic between endpoints through alternate routes.


User activity tracking User identification and activity are made available through seamless AD/LDAP/Citrix1/Terminal Services1 SSO integration combined with extensive information obtained through DPI.
GeoIP country traffic identification Identifies and controls network traffic going to or coming from specific countries to either protect against attacks from known or suspected origins of threat activity, or to investigate suspicious traffic originating from the network. Ability to create custom country and Botnet lists to override an incorrect country or Botnet tag associated with an IP address. Eliminates unwanted filtering of IP addresses due to misclassification.
Regular expression DPI filtering Prevents data leakage by identifying and controlling content crossing the network through regular expression matching.Provides the ability to create custom country and Botnet lists to override an incorrect country or Botnet tag associated with an IP address.