SonicWall NSa: Web Application Firewall Overview and Analysis

See our complete list of Top Web Application Firewall Vendors

Bottom Line

The SonicWall NSa Mid-Range Firewall combines automated threat prevention, next-gen firewall (NGFW), and WAF in one platform. It can scale to meet the performance demands of mid-sized networks, branch offices and distributed enterprises. For current SonicWall customers, as well as those looking for a WAF and NGFW combo, it is a strong candidate.

Product Description

The NSa Mid-Range Firewall series consolidates automated advanced threat prevention technologies in an NGFW platform. It’s built on a multi-core hardware architecture featuring 10-GbE and 2.5-GbE interfaces. The NSa series scales to meet the performance demands of mid-sized networks, branch offices and distributed enterprises. The firewalls feature cloud-based and on-box capabilities such as TLS/SSL decryption and inspection, application intelligence and control, real-time visualization and WLAN management. A number of models are available, from the NSa 2650 to the latest NSsp 12000 series.

SonicWall NSa Features Rated

Security: Very good. NSS Labs test results show that the NSa 2650 was at the top in security effectiveness, with a block rate of 98.8%, including blocking 100% of evasions as well as obfuscation and fragmentation techniques.

Performance: Good. Delivering protection to 300,000+ users, NSa series models offer more than double the number of SPI connections (up to 4 million) and quadruple the number of DPI-SSL connections compared to their predecessors. They can support up to 48,000 SSL transactions per second and throughput of 4 Gbps.

Value: Very good. NSS Labs assessed the TCO at $4 per protected Mbps.

Implementation: Very good. Said one network administrator: “This firewall is very easy to set up. It does lack a lot of features that seem to be in other vendor appliances. It does seem to block exactly what you tell it to though.”

Management: Good. The GUI is web-based. Additional management interfaces include CLI and API.

Support: Good. Customer satisfaction scores are good and customer feedback is mostly positive, but some report issues.

“Support can be an issue if you have more technical issues,” said a manager of IT operations in the manufacturing industry.

Cloud features: Good. Cloud-based versions are available.

SonicWall WAF

Security Qualifications

Common criteria, PCI, FIPS.


The NSa series is available as an appliance-based solution that can be delivered both on-premises and as a service through SonicWall Security-as-a-Service. In addition, SonicWall offers an NSa equivalent virtual firewall.


Pricing starts at $2,495 for the NSa2650 and rises to $38,475 for the NSa 6650

Drew Robb
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Top Products

Related articles