Call us
+44 (0)20 8830 6820
Log in My account
Register Forgot password?
(0)
Categories
Already have a quote?
Challenge us to...

...beat any equivalent competitor or SonicWall product!

Click here to get in touch
- and ask us to better your quote!

SonicWall Partner
SonicWall TZ400 Appliance Upgrade
 Max Protection
 Appliance

SonicWall TZ400 Secure Upgrade Plus - Advanced Edition

Only for upgrades: TZ400 Hardware with Advanced Gateway Security Suite (Capture ATP, Threat Prevention, Content Filtering, 24X7 Support)
SKU: 01-SSC-1740
£1,304.92
£1,050.46

SonicWall TZ series firewalls share the same code base—and same protection—as our flagship SuperMassive next-generation firewalls.

For small business, retail and branch office locations, the SonicWall TZ400 series delivers enterprise-grade protection.

Secure Upgrade Plus

Trade in your legacy firewall, wireless access point, secure remote access or email security device for a TZ 500 Appliance at a significant discount. For more details click here. Please contact us before purchasing this product to ensure eligibility.

Schools, retail shops, remote sites, branch offices and distributed enterprises need a solution that integrates with their corporate firewall. This simplifies remote site management, as every administrator sees the same user interface (UI). GMS enables network administrators to configure, monitor and manage remote SonicWall firewalls through a single pane of glass. By adding high-speed, secure wireless, the SonicWall TZ series extends the protection perimeter to include customers and guests frequenting the retail site or remote office.

Benefits:
  1. High-performance deep packet inspection (DPI) architecture
    Deliver the benefits of intrusion prevention, anti-malware, DPI SSL and app control without slowing the network
  2. Comprehensive DPI network security
    Scan everything including encrypted traffic – no file size limits, no latency, no buffering/ proxying – across any port instead of just a select few
  3. Application traffic visualization and control
    Identify bandwidth hogs and control traffic through powerful application signatures by user/group/schedule (Not available on Soho series.))
  4. Wireless network security
    Choose either integrated 802.11ac wireless that’s built into the firewall, or extend your network perimeter further using a SonicWave 802.11ac Wave 2 wireless access point
  5. Eliminate unnecessary equipment and costs
    Consolidate firewall, IPS, gateway anti-malware, SSL VPN, web filtering, application traffic flow analytics and more, resulting in a low Total Cost of Ownership (TCO)
Advanced Gateway Security Suite (AGSS) Overview

Complete network security, content filtering, application control, CaptureATP, gateway anti-virus, 24x7 support and firewall management in a single integrated package.

Understanding network security can be complicated, but ensuring that your network is secure from known and unknown malicious threats shouldn’t be. SonicWall™ Advanced Gateway Security Suite (AGSS) removes the complexity associated with choosing a host of addon security services by integrating all the network security service required for total protection into a convenient, affordable package.

AGSS at a Glance
  • Real-time gateway anti-virus engine that scans for viruses, worms, Trojans and other Internet threats in real-time.
  • Dynamic spyware protection blocks the installation of malicious spyware and disrupts existing spyware communications.
  • Powerful intrusion prevention protects against an array of network-based threats such as worms, Trojans and other malicious code.
  • Application intelligence and control provides application classification and policy enforcement.
  • Dynamically updated signature database for continuous threat protection.
  • Multi-engine sandbox to prevent unknown threats such as zero-day attacks and ransomware.

Available on SonicWall TZ, Network Security Appliance (NSA), and SuperMassive firewalls, SonicWall AGSS keeps your network safe from zero-day attacks, viruses, intrusions, botnets, spyware, Trojans, worms and other malicious attacks. Examine suspicious files at the gateway in a cloud-based multi-layered sandbox for inspection to keep your network safe from unknown threats. As soon as new threats are identified and often before software vendors can patch their software, SonicWall firewalls and Cloud AV database are automatically updated with signatures that protect against these threats. Inside every SonicWall firewall is a patented Reassembly-Free Deep Packet Inspection® engine that scans traffic against multiple application types and protocols, ensuring your network has around-the-clock protection from internal and external attacks and application vulnerabilities. Your SonicWall solution also provides the tools to enforce Internet use policies and control internal access to inappropriate, unproductive and potentially illegal web content with comprehensive content filtering. Finally, this powerful services bundle also includes around-the-clock technical support, crucial firmware updates and hardware replacement.

24x7 Support
  • Software and firmware updates and upgrades maintain network security to keep your solution as good as new.
  • Around-the-clock access to chat, telephone, email and web-based support for basic configuration and troubleshooting assistance.
  • Advanced exchange hardware replacement in the event of failure.
  • Annual subscription to SonicWall’s Service Bulletins and access to electronic support tools and moderated discussion groups.
Capture Advanced Threat Protection Service (CATPS)
For effective zero-day threat protection, organizations need solutions that include malware-analysis technologies and can detect evasive advanced threats and malware — today and tomorrow.

To protect customers against the increasing dangers of zero-day threats, SonicWall Capture Advanced Threat Protection Service — a cloud-based service available with SonicWall firewalls — detects and and can block advanced threats at the gateway until verdict. This service is the only advanced threat-detection offering that combines multi-layer sandboxing, including full system emulation and virtualization techniques, to analyze suspicious code behavior. This powerful combination detects more threats than single-engine sandbox solutions, which are compute environment specific and susceptible to evasion.

Key Benefits
  • High security effectiveness against unknown threats
  • Near real-time signature deployment protects from follow on attacks
  • Reduced total cost of ownership
  • Block files at the gateway until verdict
  • Multiple engines process files in parallel for rapid verdicts
  • SonicWall's RTDMI engine blocks unknown mass-market malware utilizing real-time memory-based inspection techniques

The solution scans traffic and extracts suspicious code for analysis, but unlike other gateway solutions, analyzes a broad range of file sizes and types (including executable programs, DLL, PDFs, MS Office documents, archives, JAR and APK). Global threat intelligence infrastructure rapidly deploys remediation signatures for newly identified threats to all SonicWall network security appliances, thus preventing further infiltration. Customers benefit from high-security effectiveness, fast response times and reduced total cost of ownership.

The SonicWall Capture reporting page displays daily at a glance results. Colored bars on the report indicate days where malware was discovered. Administrators have the ability to click on individual daily results and apply filters to quickly see malicious files with results.

Features
Multi-engine advanced threat analysis

SonicWall Capture Service extends firewall threat protection to detect and prevent zero-day attacks. The firewall inspects traffic, and detects and blocks intrusions and known malware. Suspicious files are sent to the SonicWall Capture cloud service for analysis. The multi-engine sandbox platform, which includes virtualized sandboxing, full system emulation and hypervisorlevel analysis technology, executes suspicious code and analyzes behavior, provides comprehensive visibility to malicious activity while resisting evasion tactics and maximizing zero-day threat detection.

Broad file type analysis

The service supports analysis of a broad range of file sizes and types, including executable programs (PE), DLL, PDFs, MS Office documents, archives, JAR and APK, plus multiple operating systems including Windows and Android. Administrators can customize protection by selecting or excluding files to be sent to the cloud for analysis by file type, file size, sender, recipient or protocol. In addition, administrators can manually submit files to the cloud service for analysis.

Blocks until verdict

To prevent potentially malicious files from entering the network, files sent to the cloud service for analysis can be held at the gateway until a verdict is determined.

Rapid deployment of remediation signatures

When a file is identified as malicious, a signature is immediately available to firewalls with SonicWall Capture subscriptions to prevent followon attacks. In addition, the malware is submitted to the SonicWall Capture Labs threat research team for further analysis and inclusion with threat information into the Gateway Anti-Virus and IPS signature databases. Additionally, it is sent to URL, IP and domain reputation databases within 48 hours.

Reporting and alerts

The SonicWall Capture Service provides an at-a-glance threat analysis dashboard and reports, which detail the analysis results for files sent to the service. including source, destination and a summary plus details of malware action once detonated. Firewall log alerts provide notification of suspicious files sent to the SonicWall Capture Service, and file analysis verdict.

Content Filtering Service (CFS) enforces internet use policies that block computers located behind the firewall, from accessing inappropriate and unproductive websites over a LAN, wireless LAN (WLAN), or VPN.

Educational institutions, businesses and government agencies assume substantial risks when they provide students and employees IT-issued computers that can be used to access the Internet, even when the device is behind the firewall perimeter where organizational web use policies are enforced. This is particularly true when those connections are used to access sites containing information or images that are inappropriate, dangerous or even illegal. These sites may also be infected with malware that can be inadvertently downloaded and then used to steal confidential information.

Schools, in particular, have a responsibility to protect students from inappropriate and harmful web content. For businesses and government agencies, providing employees with uncontrolled web access can result in non-productive web surfing, creating tremendous losses in productivity, not to mention the potential for legal liability.

Benefits
  • Best in-class protection
  • Granular content filtering controls
  • Dynamically updated rating architecture
  • Application traffic analytics
  • Easy-to-use web-based management
  • High-performance web caching and rating architecture
  • IP-based HTTPS content filtering
  • Scalable, cost-effective solution
  • Content Filtering Client for roaming devices

CFS running on SonicWall Unified Threat Management and next generation firewalls (NGFWs) is a powerful protection and productivity solution that delivers unequaled content filtering enforcement for educational institutions, businesses, libraries and government agencies. Using SonicWall CFS, organizations have control over the websites students and employees can access using their IT-issued computer behind the firewall.
SonicWall CFS compares requested websites against a massive database in the cloud containing millions of rated URLs, IP addresses and websites. CFS provides administrators with the tools to create and apply policies that allow or deny access to sites based on individual or group identity, or by time of day, for over 56 pre-defined categories. CFS also dynamically caches website ratings locally on the SonicWall firewall for nearinstantaneous response times.

For laptops that are used outside the firewall perimeter, the SonicWall Content Filtering Client addresses safety, security and productivity concerns by extending the controls to block harmful and unproductive web content. The client is automatically deployed and provisioned through a SonicWall firewall. In addition to providing IT administrators the tools to control web-based access for roaming devices, the Content Filtering Client can be configured to automatically switch enforcement to the internal policy once the device reconnects to the network firewall. The client is managed and monitored using a powerful policy and reporting engine in the cloud that is accessed seamlessly from the firewall interface. In the event an outdated client attempts to connect to the internal network to access the Internet, the connection is denied and the user receives a message with steps for remediation.

Features

Granular content filtering allows the administrator to block or apply bandwidth management to all predefined categories or any combination of categories. Administrators can apply User Level Authentication (ULA) and Single Sign-On (SSO) to enforce username and password logon. CFS can block potentially harmful content such as Java™, ActiveX®, and Cookies, as well as schedule filtering by time of day, such as during school or business hours. CFS also enhances performance by filtering out IM, MP3s, streaming media, freeware and other files that drain bandwidth.

Dynamically updated rating architecture cross-references all requested websites against a highly accurate database categorizing millions of URLs, IP addresses and domains. The SonicWall firewall receives ratings in real time, and then compares each rating to the local policy setting. The appliance will then either allow or deny the request based on the administrator’s locally configured policy.

Application traffic analytics suite includes SonicWall Global Management System (GMS®) and SonicWall Analyzer, each of which provides real-time and historic analysis of data transmitted through the firewall, including websites blocked and visited by user.

Easy-to-use web-based management enables flexible policy configuration and complete control over Internet usage. Administrators can enforce multiple custom policies for individual users, groups or specific category types. Local
URL filtering controls can allow or deny specific domains or hosts. To block objectionable and unproductive material more effectively, administrators can also create or customize filtering lists.

High-performance web caching and rating architecture allows administrators to block sites easily and automatically by category. URL ratings are cached locally on the SonicWall firewall, so that response time for subsequent access of frequently visited sites is only a fraction of a second.

IP-based HTTPS content filtering allows administrators to control user access to websites over encrypted HTTPS. HTTPS filtering is based on the categorical rating of websites containing information or images that are objectionable or unproductive such as violence, hate, online banking, shopping and others.

Scalable, cost-effective solution controls content filtering from the SonicWall firewall, eliminating the need for additional hardware or deployment expenditures on a separate dedicated filtering server.

Hardware Overview
Operating systemSonicOS
Security Processing Cores4
Interfaces7x1GbE, 1 USB, 1 Console
ExpansionUSB
Single Sign-On (SSO) Users500
VLAN interfaces50
Access points supported (maximum)16
Firewall
Firewall throughput1.3 Gbps
Threat prevention throughput600 Mbps
Application inspection throughput1.2 Gbps
Anti-malware throughput600 Mbps
IPS throughput900 Mbps
TLS/SSL inspection and decryption throughput (DPI SSL)150 Mbps
Maximum connections (SPI)150 000
Maximum connections (DPI)125 000
Maximum connections (DPI SSL)25 000
New connections/sec6000
VPN
Site-to-site VPN tunnels20
IPSec VPN clients (maximum)2 (25)
SSL VPN licenses (maximum)2 (100)
Virtual assist bundled (maximum)1 (30-day trial)
Encryption/authenticationDES, 3DES, AES (128, 192, 256-bit), MD5, SHA-1, Suite B Cryptography
Key exchangeDiffie Hellman Groups 1, 2, 5, 14
Route-based VPNRIP, OSPF
Certificate supportVerisign, Thawte, Cybertrust, RSA Keon, Entrust and Microsoft CA for SonicWall-to- SonicWall VPN, SCEP
VPN featuresDead Peer Detection, DHCP Over VPN, IPSec NAT Traversal, Redundant VPN Gateway, Route-based VPN
Global VPN client platforms supportedMicrosoft® Windows Vista 32/64-bit, Windows 7 32/64-bit, Windows 8.0 32/64-bit, Windows 8.1 32/64-bit, Windows 10
NetExtenderMicrosoft Windows Vista 32/64-bit, Windows 7, Windows 8.0 32/64-bit, Windows 8.1 32/64-bit, Mac OS X 10.4+, Linux FC3+/Ubuntu 7+/OpenSUSE
Mobile ConnectApple® iOS, Mac OS X, Google® Android™, Kindle Fire, Chrome, Windows 8.1 (Embedded)
Security Services
Deep Packet Inspection servicesGateway Anti-Virus, Anti-Spyware, Intrusion Prevention, DPI SS
Content Filtering Service (CFS)HTTP URL, HTTPS IP, keyword and content scanning, Comprehensive filtering based on file types such as ActiveX, Java, Cookies for privacy, allow/forbid lists
Enforced Client Anti-Virus and Anti-SpywareMcAfee®
Comprehensive Anti-Spam ServiceSupported
Application VisualizationYes
Application ControlYes
Capture Advanced Threat ProtectionYes
Networking
IP address assignmentStatic, (DHCP, PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP relay
NAT modes1:1, 1:many, many:1, many:many, flexible NAT (overlapping IPs), PAT, transparent mode
Routing protocolsBGP4, OSPF, RIPv1/v2, static routes, policy-based routing
QoSBandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1e (WMM)
AuthenticationLDAP (multiple domains), XAUTH/ RADIUS, SSO, Novell, internal user database, Terminal Services, Citrix
Local user database150
VoIPYes
StandardsTCP/IP, UDP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3
CertificationsFIPS 140-2 (with Suite B) Level 2, UC APL, VPNC, IPv6 (Phase 2), ICSA Network Firewall, ICSA Anti-virus
Certifications pendingCommon Criteria NDPP
Common Access Card (CAC)Supported
High availabilityActive/standby
Hardware
Form factorDesktop
Power supply (W)24W external
Maximum power consumption (W)9.2 / 13.8
Input power100 to 240 VAC, 50-60 Hz, 1 A
Total heat dissipation31.3 / 47.1 BTU
Dimensions3.5x13.4x19cm
Weight0.73 kg / 1.61 lbs 0.84 kg / 1.85 lbs
WEEE weight1.15 kg / 2.53 lbs 1.26 kg / 2.78 lbs
Shipping weight1.37 kg / 3.02 lbs 1.48 kg / 3.26 lbs
MTBF (years)54
Environment (Operating/Storage)32°-105° F (0°-40° C)/-40° to 158° F (-40° to 70° C)
Humidity5-95% non-condensing
Regulatory
Regulatory model (wired)FCC Class B, ICES Class B, CE (EMC, LVD, RoHS), C-Tick, VCCI Class B, UL, cUL, TUV/ GS, CB, Mexico CoC by UL, WEEE, REACH, KCC/MSIP
Major regulatory compliance (wireless)FCC Class B, FCC RF ICES Class B, IC RF CE (R&TTE, EMC, LVD, RoHS), RCM, VCCI Class B, MIC/TELEC, UL, cUL, TUV/GS, CB, Mexico CoC by UL, WEEE, REACH
Integrated Wireless (TZ400W)
Standards802.11a/b/g/n/ac (WEP, WPA, WPA2, 802.11i, TKIP, PSK,02.1x, EAP-PEAP, EAP-TTLS
Frequency bands802.11a: 5.180-5.825 GHz; 802.11b/g: 2.412-2.472 GHz; 802.11n: 2.412-2.472 GHz, 5.180-5.825 GHz; 802.11ac: 2.4122.472 GHz, 5.180-5.825 GHz
Operating Channels802.11a: US and Canada 12, Europe 11, Japan 4, Singapore 4, Taiwan 4; 802.11b/g: US and Canada 1-11, Europe 1-13, Japan 1-14 (14-802.11b only); 802.11n (2.4 GHz): US and Canada 1-11, Europe 1-13, Japan 1-13; 802.11n (5 GHz): US and Canada 36-48/149-165, Europe 36-48, Japan 36-48, Spain 36-48/52-64; 802.11ac: US and Canada 36-48/149-165, Europe 36-48, Japan 36-48, Spain 36-48/52-64
Transmit output powerBased on the regulatory domain specified by the system administrator
Transmit power controlSupported
Data rates supported802.11n: 7.2, 14.4, 21.7, 28.9, 43.3, 57.8, 65, 72.2, 15,30, 45, 60, 90, 120, 135, 150 Mbps per channel; 802.11a: 6, 9, 12, 18, 24, 36, 48, 54 Mbps per channel; 802.11b: 1, 2, 5.5, 11 Mbps per channel; 802.11g: 6, 9, 12, 18, 24, 36, 48, 54 Mbps per channel; 802.11n: 7.2, 14.4, 21.7, 28.9, 43.3, 57.8, 65, 72.2, 15,30, 45, 60, 90, 120, 135, 150 Mbps per channel; 802.11ac: 7.2, 14.4, 21.7, 28.9, 43.3, 57.8, 65, 72.2, 86.7, 96.3, 15, 30, 45, 60, 90, 120, 135, 150, 180, 200, 32.5, 65, 97.5, 130, 195, 260, 292.5, 325, 390, 433.3, 65, 130, 195, 260, 390, 520, 585, 650, 780, 866.7 Mbps per channel
Modulation technology spectrum802.11a: Orthogonal Frequency Division Multiplexing (OFDM); 802.11b: Direct Sequence Spread Spectrum (DSSS); 802.11g: Orthogonal Frequency Division Multiplexing (OFDM)/Direct Sequence Spread Spectrum (DSSS); 802.11n: Orthogonal Frequency Division Multiplexing (OFDM); 802.11ac: Orthogonal Frequency Division Multiplexing (OFDM)
*
*
*
back to top