Call us
+44 (0)20 8830 6820

SonicWall NSa 4700 Total Secure - Essential Edition

SonicWall NSa 4700 Appliance with 1Yr of Essential Protection Service Suite. Essential Protection Service Suite (EPSS) includes - Capture Advanced Threat Protection, Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, Application Firewall Service, Content Filtering Services, Comprehensive Anti-Spam and 24x7 Support with firmware.
SKU: 02-SSC-9570
£11,875.75
£8,778.55
(not including discount)

The SonicWall Network Security Appliance (NSa) 4700 next-generation firewall (NGFW) offers medium to large sized enterprises industry-leading performance at the lowest total cost of ownership in its class.

With comprehensive security features such as intrusion prevention, VPN, application control, malware analysis, URL filtering and IP reputation services, it protects the perimeter from advanced threats without becoming a bottleneck. The NSa 4700 has been built from the ground up with the latest hardware components, all designed to deliver multi-gigabit threat prevention throughput — even for encrypted traffic. Featuring a high port density (including 24 x 1GbE ports and 6 x 10G SFP+ ports), the solution supports network and hardware redundancy with high availability, clustering and dual power supplies.

Highlights:
  1. 1 RU – Form Factor
  2. 24 x 1 GbE interfaces
  3. 6 x 10 GbE interfaces
  4. Multi-gigabit Threat and Malware Analysis Throughput
  5. Enterprise Internet Edge Ready
  6. Latest Generation 7 SonicOS support
  7. Secure SD-WAN capability
  8. Intuitive single pane of glass management
  9. TLS 1.3 support
  10. Best-in-class price-performance
  11. Fast DPI performance
  12. Low TCO in its class
  13. High port density for easy networking
  14. Redundant power
Looking for the best price for an
NSa 4700 Total Secure - Essential Edition?
That's our job!

We work directly with SonicWall HQ to make sure you always get the best possible quote.

And don't forget the additional
10% education discount (where applicable).

Email us

contact@sonicwallsecurity.co.uk

Call us

+44 (0)20 8830 6820

The SonicWall NSa 4700 runs on SonicOS 7.0.1, a new operating system built from the ground up to deliver a modern user interface, intuitive workflows and user-first design principles. SonicOS 7.0 provides multiple features designed to facilitate enterprise-level workflows. It offers easy policy configuration, zero-touch deployment and flexible management — all of which allow enterprises to improve both their security and operational efficiency. The NSa 4700 supports advanced networking features, such as SD-WAN, dynamic routing, layer 4-7 clustering and high-speed VPN functionality. In addition to integrating firewall and switch capabilities, the appliance provides a single-paneof-glass interface to manage both switches and access points. Built to mitigate the advanced cyberattacks of today and tomorrow, the NSa 4700 offers access to SonicWall’s premier advanced firewall security services, allowing you to protect your entire security infrastructure. Solutions and services such as Cloud Application Security, Capture Advanced Threat Protection (ATP) cloud-based sandboxing, Real-Time Deep Memory Inspection (RTDMI™) and Reassembly-Free Deep Packet Inspection (RFDPI) — along with Deep Packet Inspection (DPI) for all traffic including TLS 1.3 — offer comprehensive gateway protection from most stealthy and dangerous malware, including zeroday and encrypted threats.

Firewall General
Operating systemSonicOS 7.0.1
Interfaces6 x 10G/5G/2.5G/1G (SFP+); 24 x 1GbE Cu, 2 USB 3.0, 1 Console, 1 Management port
ExpansionStorage Expansion Slot (Up to 256GB)
Storage128GB
VLAN Interfaces512
Access points supported (maximum)512
Firewall/VPN Performance
Firewall inspection throughput18 Gbps
Threat Prevention throughput9.5 Gbps
Application inspection throughput11 Gbps
IPS throughput10 Gbps
Anti-malware inspection throughput9.5 Gbps
TLS/SSL decryption and inspection throughput (DPI SSL)5 Gbps
IPSec VPN throughput11 Gbps
Connections per second115 000
Maximum Connections (SPI)4 000 000
Maximum DPI-SSL Connections350 000
Maximum connections (DPI)2 000 000
VPN
Site-to-site tunnels4000
SSL VPN licenses (max)2 (1000)
IPSec VPN clients (max)500 (3000)
Encryption/AuthenticationDES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B Cryptography
Key exchangeDiffie Hellman Groups 1, 2, 5, 14v
Route-based VPNRIP, OSPF, BGP
Certificate supportVerisign, Thawte, Cybertrust, RSA Keon, Entrust and Microsoft CA for SonicWall-to- SonicWall VPN, SCEP
VPN featuresDead Peer Detection, DHCP Over VPN, IPSec NAT Traversal, Redundant VPN Gateway, Route-based VPN
Global VPN client platforms supportedMicrosoft® Windows Vista 32/64-bit, Windows 7 32/64-bit, Windows 8.0 32/64-bit, Windows 8.1 32/64-bit, Windows 10
NetExtenderMicrosoft Windows Vista 32/64-bit, Windows 7, Windows 8.0 32/64-bit, Windows 8.1 32/64-bit, Mac OS X 10.4+, Linux FC3+/Ubuntu 7+/OpenSUSE
Mobile ConnectApple® iOS, Mac OS X, Google® Android™, Kindle Fire, Chrome, Windows 8.1 (Embedded)
Security Services
Deep Packet Inspection servicesGateway Anti-Virus, Anti-Spyware, Intrusion Prevention, DPI SSL
Content Filtering Service (CFS)HTTP URL, HTTPS IP, keyword and content scanning, Comprehensive filtering based on file types such as ActiveX, Java, Cookies for privacy, allow/forbid lists
Comprehensive Anti-Spam ServiceSupported
Application VisualizationYes
Application ControlYes
Capture Advanced Threat ProtectionYes
Networking
IP address assignmentStatic, (DHCP, PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP relay
NAT modes1:1, 1:many, many:1, many:many, flexible NAT (overlapping IPs), PAT, transparent mode
Routing protocolsBGP, OSPF, RIPv1/v2, static routes, policy-based routing
QoSBandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p
AuthenticationLDAP (multiple domains), XAUTH/RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix, Common Access Card (CAC)
Local user database2500
VoIPFull H323-v1-5, SIP
StandardsTCP/IP, UDP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3
Certifications pendingFIPS 140-2 (with Suite B) Level 2, UC APL, VPNC, IPv6 (Phase 2), ICSA Network Firewall, ICSA Anti-virus, Common Criteria NDPP (Firewall and IPS)
High availabilityActive/Active with stateful synchronization
Hardware
Form factor1U Rack Mountable
Power supply (W)1x350W
Maximum power consumption (W)135.8
Input power100-240 VAC, 50-60 Hz
Total heat dissipation463.1 BTU
Dimensions43 x 46.5 x 4.5 (cm) 16.9 x 18.1 x 1.8 in
Weight7.8 kg
WEEE weight9.6 kg
Shipping weight13.5 kg
Major regulatoryFCC Class A, CE (EMC, LVD, RoHS), C-Tick, VCCI Class A, MSIP/KCC Class A, UL, cUL, TUV/GS, CB, Mexico CoC by UL, WEEE , REACH, ANATEL, BSMI
Environment (Operating/Storage)32°-105° F (0°-40° C)/-40° to 158° F (-40° to 70° C)
Humidity0-90% non-condensing
Essential Protection Service Suite
Complete network security, content filtering, application control, CaptureATP, gateway anti-virus, anti-spam, 24x7 support in a single integrated package.

The SonicOS architecture is at the core of SonicWall physical and virtual firewalls including the TZ, NSa, NSv and NSsp Series. SonicOS leverages our patented, single-pass, lowlatency, Reassembly-Free Deep Packet Inspection® (RFDPI) and patent-pending Real-Time Deep Memory Inspection™ (RTDMI) technologies to deliver industry-validated high security effectiveness, SD-WAN, real-time visualization, high-speed virtual private networking (VPN) and other robust security features.

Through a combination of cloud-based and on-box technologies we deliver protection to our firewalls that’s been validated by independent third party testing for its extremely high security effectiveness. Unknown threats are sent to SonicWall’s cloud-based Capture Advanced Threat Protection (ATP) multiengine sandbox for analysis. Enhancing Capture ATP is our RTDMI™ technology. The RTDMI engine detects and blocks malware and zero-day threats by inspecting directly in memory. RTDMI technology is precise, minimizes false positives, and identifies and mitigates sophisticated attacks where the malware’s weaponry is exposed for less than 100 nanoseconds.

At a Glance
  1. Complete network security solution
    All service licences included.
  2. Capture ATP
    Multi-engine network sandbox to prevent zero-day threats. See Capture Advanced Threat Protection Service (CATPS).
  3. Gateway anti-virus and anti-spyware protection
    Including DPI-SSL and RFDPI.
  4. Cutting-edge IPS technology
    Protects against worms, trojans, software vulnerabilities and other intrusions by scanning all network traffic for malicious or anomalous patterns.
  5. Application intelligence and control
    Set of granular, application-specific policies providing application classification and policy enforcement to help administrators control and manage both business and non-business related applications.
  6. Content filtering
    Enforce internet use policies and control internal access to inappropriate, unproductive and potentially illegal web content with comprehensive content filtering. See Content Filtering Service (CFS).
  7. Network Topology View
    Display hosts, access-points in the network based on device name, mac address and IP Address.
  8. 24x7 support with firmware updates and hardware replacement
    Including firmware updates and hardware replacement protects your business and your SonicWall investment.
Capture Advanced Threat Protection Service (CATPS)
For effective zero-day threat protection, organizations need solutions that include malware-analysis technologies and can detect evasive advanced threats and malware — today and tomorrow.

To protect customers against the increasing dangers of zero-day threats, SonicWall Capture Advanced Threat Protection Service — a cloud-based service available with SonicWall firewalls — detects and and can block advanced threats at the gateway until verdict. This service is the only advanced threat-detection offering that combines multi-layer sandboxing, including full system emulation and virtualization techniques, to analyze suspicious code behavior. This powerful combination detects more threats than single-engine sandbox solutions, which are compute environment specific and susceptible to evasion.

Key Benefits
  • High security effectiveness against unknown threats
  • Near real-time signature deployment protects from follow on attacks
  • Reduced total cost of ownership
  • Block files at the gateway until verdict
  • Multiple engines process files in parallel for rapid verdicts
  • SonicWall's RTDMI engine blocks unknown mass-market malware utilizing real-time memory-based inspection techniques

The solution scans traffic and extracts suspicious code for analysis, but unlike other gateway solutions, analyzes a broad range of file sizes and types (including executable programs, DLL, PDFs, MS Office documents, archives, JAR and APK). Global threat intelligence infrastructure rapidly deploys remediation signatures for newly identified threats to all SonicWall network security appliances, thus preventing further infiltration. Customers benefit from high-security effectiveness, fast response times and reduced total cost of ownership.

The SonicWall Capture reporting page displays daily at a glance results. Colored bars on the report indicate days where malware was discovered. Administrators have the ability to click on individual daily results and apply filters to quickly see malicious files with results.

Features
Multi-engine advanced threat analysis

SonicWall Capture Service extends firewall threat protection to detect and prevent zero-day attacks. The firewall inspects traffic, and detects and blocks intrusions and known malware. Suspicious files are sent to the SonicWall Capture cloud service for analysis. The multi-engine sandbox platform, which includes virtualized sandboxing, full system emulation and hypervisorlevel analysis technology, executes suspicious code and analyzes behavior, provides comprehensive visibility to malicious activity while resisting evasion tactics and maximizing zero-day threat detection.

Broad file type analysis

The service supports analysis of a broad range of file sizes and types, including executable programs (PE), DLL, PDFs, MS Office documents, archives, JAR and APK, plus multiple operating systems including Windows and Android. Administrators can customize protection by selecting or excluding files to be sent to the cloud for analysis by file type, file size, sender, recipient or protocol. In addition, administrators can manually submit files to the cloud service for analysis.

Blocks until verdict

To prevent potentially malicious files from entering the network, files sent to the cloud service for analysis can be held at the gateway until a verdict is determined.

Rapid deployment of remediation signatures

When a file is identified as malicious, a signature is immediately available to firewalls with SonicWall Capture subscriptions to prevent followon attacks. In addition, the malware is submitted to the SonicWall Capture Labs threat research team for further analysis and inclusion with threat information into the Gateway Anti-Virus and IPS signature databases. Additionally, it is sent to URL, IP and domain reputation databases within 48 hours.

Reporting and alerts

The SonicWall Capture Service provides an at-a-glance threat analysis dashboard and reports, which detail the analysis results for files sent to the service. including source, destination and a summary plus details of malware action once detonated. Firewall log alerts provide notification of suspicious files sent to the SonicWall Capture Service, and file analysis verdict.

Content Filtering Service (CFS) enforces internet use policies that block computers located behind the firewall, from accessing inappropriate and unproductive websites over a LAN, wireless LAN (WLAN), or VPN.

Educational institutions, businesses and government agencies assume substantial risks when they provide students and employees IT-issued computers that can be used to access the Internet, even when the device is behind the firewall perimeter where organizational web use policies are enforced. This is particularly true when those connections are used to access sites containing information or images that are inappropriate, dangerous or even illegal. These sites may also be infected with malware that can be inadvertently downloaded and then used to steal confidential information.

Schools, in particular, have a responsibility to protect students from inappropriate and harmful web content. For businesses and government agencies, providing employees with uncontrolled web access can result in non-productive web surfing, creating tremendous losses in productivity, not to mention the potential for legal liability.

Benefits
  • Best in-class protection
  • Granular content filtering controls
  • Dynamically updated rating architecture
  • Application traffic analytics
  • Easy-to-use web-based management
  • High-performance web caching and rating architecture
  • IP-based HTTPS content filtering
  • Scalable, cost-effective solution
  • Content Filtering Client for roaming devices

CFS running on SonicWall Unified Threat Management and next generation firewalls (NGFWs) is a powerful protection and productivity solution that delivers unequaled content filtering enforcement for educational institutions, businesses, libraries and government agencies. Using SonicWall CFS, organizations have control over the websites students and employees can access using their IT-issued computer behind the firewall.
SonicWall CFS compares requested websites against a massive database in the cloud containing millions of rated URLs, IP addresses and websites. CFS provides administrators with the tools to create and apply policies that allow or deny access to sites based on individual or group identity, or by time of day, for over 56 pre-defined categories. CFS also dynamically caches website ratings locally on the SonicWall firewall for nearinstantaneous response times.

For laptops that are used outside the firewall perimeter, the SonicWall Content Filtering Client addresses safety, security and productivity concerns by extending the controls to block harmful and unproductive web content. The client is automatically deployed and provisioned through a SonicWall firewall. In addition to providing IT administrators the tools to control web-based access for roaming devices, the Content Filtering Client can be configured to automatically switch enforcement to the internal policy once the device reconnects to the network firewall. The client is managed and monitored using a powerful policy and reporting engine in the cloud that is accessed seamlessly from the firewall interface. In the event an outdated client attempts to connect to the internal network to access the Internet, the connection is denied and the user receives a message with steps for remediation.

Features

Granular content filtering allows the administrator to block or apply bandwidth management to all predefined categories or any combination of categories. Administrators can apply User Level Authentication (ULA) and Single Sign-On (SSO) to enforce username and password logon. CFS can block potentially harmful content such as Java™, ActiveX®, and Cookies, as well as schedule filtering by time of day, such as during school or business hours. CFS also enhances performance by filtering out IM, MP3s, streaming media, freeware and other files that drain bandwidth.

Dynamically updated rating architecture cross-references all requested websites against a highly accurate database categorizing millions of URLs, IP addresses and domains. The SonicWall firewall receives ratings in real time, and then compares each rating to the local policy setting. The appliance will then either allow or deny the request based on the administrator’s locally configured policy.

Application traffic analytics suite includes SonicWall Global Management System (GMS®) and SonicWall Analyzer, each of which provides real-time and historic analysis of data transmitted through the firewall, including websites blocked and visited by user.

Easy-to-use web-based management enables flexible policy configuration and complete control over Internet usage. Administrators can enforce multiple custom policies for individual users, groups or specific category types. Local
URL filtering controls can allow or deny specific domains or hosts. To block objectionable and unproductive material more effectively, administrators can also create or customize filtering lists.

High-performance web caching and rating architecture allows administrators to block sites easily and automatically by category. URL ratings are cached locally on the SonicWall firewall, so that response time for subsequent access of frequently visited sites is only a fraction of a second.

IP-based HTTPS content filtering allows administrators to control user access to websites over encrypted HTTPS. HTTPS filtering is based on the categorical rating of websites containing information or images that are objectionable or unproductive such as violence, hate, online banking, shopping and others.

Scalable, cost-effective solution controls content filtering from the SonicWall firewall, eliminating the need for additional hardware or deployment expenditures on a separate dedicated filtering server.

24×7: Around the clock support, including weekends and holidays, for business-critical environments

Customer Success Manager: Provides enterprise environments with a dedicated trusted advisor. Your Customer Success Manager (CSM) acts on your behalf and works with your staff to help minimize unplanned downtime, optimize IT processes, provide operational reports to drive efficiencies and is your single point of accountability for a seamless support experience.

Focused Technical Support (FTS): Provides a named engineering resource to support your enterprise account. Your FTS will know and understand your environment, policies and IT objectives to bring you fast technical resolution when you need support.

SonicWall provides telephone and Web-based support, unlimited software/firmware updates and upgrades, and hardware replacement (RMA) for units with an active support agreement or covered under the warranty support period. See the Product Warranty section below for more information on SonicWall product warranties. In addition, SonicWall products include one (1) year of hardware warranty or the hardware duration provided under local law. Hardware warranty is separate from warranty support and is specific to the replacement of defective hardware. It does not include telephone, email or web-based support or software/firmware updates and upgrades.

SonicWall warranty and support agreements provide technical assistance during standard coverage hours, typically 24×7. A SonicWall technical specialist will work remotely with you to diagnose and identify software and hardware not performing to documented specifications. Support also includes general assistance regarding use and implementation on a limited basis. SonicWall’s warranty and support offerings do not include step-by-step installation or configuration of products or services. If you need installation or configuration assistance, SonicWall will refer you to a certified value-added reseller or offer you one of our Professional Services.

Warranty and support agreements provide for replacement of failing hardware returned to a SonicWall factory. The replacement product may be new, or like-new. In the event of product obsolescence, SonicWall reserves the right to replace failing product with a product of like or better features and functionality.

Contact SonicWall Customer Support Center if you think you have a hardware problem. The support specialist will log your case and determine with you whether a replacement unit is required. If so, you will be provided with a Returned Material Authorization (RMA) number for your reference. SonicWall will ship you a replacement unit via pre-paid, next business day airfreight to the address that you specify. Routine RMA orders are filled on the day that they are received if the RMA is processed before 12:00 p.m. PST (1:00 p.m. GMT in Europe). You may be asked to provide a credit card number or billing authorization to secure the return of the defective unit to SonicWall. In Europe, an RMA Purchase Order form can be used instead of a credit card. In certain regions or countries, RMA Services are facilitated via certified SonicWall resellers or partners.

SonicWall will automatically transfer the registration information and subscription services to the replacement unit. The replacement unit will include instructions for returning the defective unit to SonicWall. Shipping is paid by SonicWall. Please make sure that the RMA number is included with your shipment and that you return the defective unit to SonicWall within 30 days. After 30 days you will be billed the retail price of the new unit.

In addition to being extremely reliable, SonicWall products are recognized for being easy to install, configure and manage. SonicWall’s Limited Software Warranty enhances these features with:

Limited Software Warranty for All Non-E-Class Products

Software/Firmware Updates 90 days of software and firmware updates.

Support Tools Access to SonicWall’s electronic support tools.

Note: SonicWall E-Class appliances are not eligible for Limited Software Warranty

SonicWall requires continuous coverage for support agreements. Appliances with an expired warranty or support agreement are considered to be “out of support compliance.” Support Services Reinstatement provides the opportunity to bring these appliances back into compliance and up to date. Generally, new agreements are retroactively activated to the expiration date of the most recent support agreement.

Customers with appliances that have an expired support agreement who purchase SonicWall Support Services Reinstatement and a new one-, two- or three-year support agreement receive a full 12/24/36 months of support from date of activation. Also included in SonicWall Support Services Reinstatement is a single firmware update, allowing you access to the most current firmware features.

SonicWall will provide telephone and web-based support (via email) for active security services regardless of the appliance upon which the subscription is activated. Support for security services requires an active support contract for the appliance on which the service is running.

Support and updates/upgrades for SonicWall Global Management System (GMS) require a valid GMS support agreement, regardless of the appliance(s) that GMS is used to manage.

Generation 1, 2, 3 and 4 SonicWall appliances are not eligible to be registered.

8 a.m. – 5 p.m. local time is defined as follows: In North America: 8 a.m. – 5 p.m. Mountain Standard Time (MST). In Latin America: 8 a.m. – 5 p.m. Local Standard Time in the country where the product is deployed. In Europe, Middle East and Africa: 9 a.m. – 6 p.m. GMT +1 In Asia Pacific: 8 a.m. – 5 p.m. Local Standard Time in the country where the product is deployed. In Japan: 5 p.m. – 2 a.m. UTC/GMT

Virtualization is a technique for hiding the physical characteristics of computing resources from the way in which other systems, applications or end users interact with those resources. It is able to make a single physical resource, such as a server, operating system, application or storage device, appear to function as multiple logical devices. It can also make multiple physical resources such as storage devices or servers appear as a single logical resource.

As a result, virtualization enables IT departments to increase the utilization of resources, increase high availability, and simplify back-up, systems administration and recovery procedures. It also allows IT departments to be more responsive to the dynamic needs of the business. Examples of virtualization technologies include VMware ESX® Server, Citrix/XenServer® and Microsoft® Windows Server® 2008 Hyper-V®.

Our products leverage the binary compatibility offered through virtualization technologies, which provide complete transparency to the operating systems and applications deployed. As a result, for all casework received where SonicWall® software products are being used in a virtual environment, we will assume that the problem is common to both native and virtual operating environments, and we will only require the customer to recreate the problem in a native environment if and when there is reason to believe that the problem is unique to the virtual environment itself.

From a purely functional perspective, our products will operate in exactly the same way as in a native environment, however we can make no guarantees with respect to performance or scalability in a virtualization environment running multiple virtual instances. Configuration aspects such as CPU, memory availability, I/O subsystem and network infrastructure can all influence such a deployment, and should be given careful consideration to ensure the virtual layer has the necessary resources available to provide a satisfactory user experience.

We are committed to providing products which work on the latest platforms and technologies available in the industry today. We work closely with technology vendors to ensure earliest possible compatibility with our solutions. We provide full details of all systems requirements, together with platform and third-party product versions supported with our products, in the Release Notes published for each product. These include operating system versions, service pack levels, mail clients or server versions, database versions, browsers and other related technology that we support, and at the version level that our products have been formally tested and certified to run against.

The support of future platform versions, new service packs and other related technologies will be taken into consideration and addressed during the regular product maintenance and release cycles of our products. This provides ongoing upward compatibility of our products as used in customer environments. It should be noted, therefore, that there could be a delay between the availability of the latest platform technology release or service patch, and the product version certified to operate with our products. Please contact Support should you have any questions with regards to the current support status of any product and a particular related platform, patch or third-party product support not explicitly documented in our release notes.

For more information about the latest third-party platforms and versions we support, please review the System Requirements section of the release notes for your product or search our Knowledge Base on the Support Portal. Please note that while we do not directly or officially support third-party software, we work closely with many providers to ensure that our customers receive the best possible service at all times.

When a service request is created by the SonicWall Technical Assistance Center (TAC), a priority is assigned to the service request based on the problem type. Priorities and corresponding response targets are defined as follows:

SeverityDefinitionTarget Response Time
SEV-1Customer’s production system is severely impacted or completely down. System operations of a mission critical applications are down. Requires support access to available customer resources on site 24x7 until resolution or a suitable workaround to restore function is implemented.1 hour
SEV-2The production system is functioning with limited capabilities. The production system is unstable, with periodic interruptions.4 hours
SEV-3Isolated errors in a production, test bed or development environment, with full system operation. Issues related to configuration, performance or suspected defects that cannot wait. Also, clarification of documentation. Product/ Feature Enhancement requests1 business day
*
*
*
back to top