Manuals+

Sonicwall NSA2700

Manual d'usuari del SonicWall NSA 2700

Model: NSA2700

1. Producte acabatview

The SonicWall Network Security Appliance (NSA) 2700 is a next-generation firewall designed for businesses with 250 users and up. It provides advanced threat protection against ransomware, attacks on non-standard ports, and firewall breaches. The NSA 2700 integrates cloud-based and on-box capabilities including TLS/SSL decryption and inspection, application intelligence and control, secure SD-WAN, real-time visualization, and WLAN management.

Les característiques clau inclouen:

  • 1 RU Form Factor
  • 16 x 1 GbE interfaces
  • 3 x 10 GbE interfaces
  • 2 Gbps Threat and Malware Analysis Throughput
  • Enterprise Internet Edge Ready
  • Secure Remote Workers via SonicWall NetExtender SSL-VPN client.
  • Built-in Wireless Controller for high-speed wireless security when combined with SonicWall SonicWave access points.
Davant view of the SonicWall NSA 2700 firewall

Figura 1.1: Frontal view of the SonicWall NSA 2700 network security appliance.

Labeled front view of the SonicWall NSA 2700 showing ports

Figure 1.2: Labeled front panel of the NSA 2700, highlighting the 1 GbE Management port, Dual USB Ports, Console port, 3 x 10-GbE SFP+ Ports, and 16 x 1-GbE Ports.

2. Configuració i desplegament

The SonicWall NSA 2700 supports two primary deployment options for medium and distributed enterprises: Internet Edge Deployment and Medium and Distributed Enterprises Deployment.

2.1. Internet Edge Deployment

In this configuration, the NSA 2700 protects private networks from malicious internet traffic. It allows for high port density, including 10 GbE connectivity, and provides visibility and inspection of encrypted traffic (TLS 1.3) without performance compromise. It integrates security services like malware analysis, cloud app security, URL filtering, and reputation services.

Diagram of Internet Edge Deployment for SonicWall NSA 2700

Figure 2.1: Internet Edge Deployment diagram, showing the NSA 2700 positioned between the ISP/Router and the private network, protecting the DMZ and internal networks.

2.2. Medium and Distributed Enterprises Deployment

The NSA 2700 supports SD-WAN and central management, making it suitable for distributed environments. This deployment enables secure access to corporate resources for branch offices, improves application latency, and automatically blocks threats using encrypted protocols like TLS 1.3.

Diagram of Medium and Distributed Enterprises Deployment for SonicWall NSA 2700

Figure 2.2: Medium and Distributed Enterprises Deployment diagram, illustrating how branch offices connect to enterprise headquarters via SD-WAN using SonicWall Next Generation Firewalls.

3. Principis de funcionament

3.1. Reassembly-Free Deep Packet Inspection (RFDPI)

The SonicWall RFDPI engine is a single-pass, low-latency inspection system that performs stream-based, bi-directional traffic analysis. It effectively uncovers intrusion attempts and malware downloads regardless of port or protocol. This proprietary engine relies on streaming traffic payload inspection to detect threats at Layers 3-7. It processes network streams through extensive and repeated normalization and decryption to neutralize advanced evasion techniques and malicious code.

Once a packet undergoes pre-processing, including TLS/SSL decryption, it is analyzed against a proprietary memory representation of signature databases for intrusions, malware, and applications. The connection state is then advanced to represent the position of the stream relative to these databases. Upon a "match," a pre-set action is taken, typically terminating the connection and logging the event. The engine can also be configured for inspection only or for Layer 7 bandwidth management.

Comparison of Competitive Proxy-based Architecture and SonicWall Reassembly-Free Deep Packet Inspection (RFDPI) Architecture

Figure 3.1: Comparison of traditional proxy-based architecture with SonicWall's stream-based Reassembly-Free Deep Packet Inspection (RFDPI) architecture, highlighting RFDPI's efficiency in eliminating proxy buffer and content size limitations.

3.2. Secure, High-speed Wireless

The NSA 2700 can be combined with a SonicWall 802.11ac Wave 2 wireless access point (e.g., SonicWave 432i) to create a high-speed wireless network security solution. Both the NSA series firewalls and SonicWave access points feature 2.5 GbE ports, enabling multi-gigabit wireless throughput. The firewall scans all wireless traffic for malware and intrusions, even over encrypted connections. Additional security and control capabilities like content filtering, application control, and Capture Advanced Threat Protection can be applied to the wireless network.

Diagram of Secure, High-speed Wireless setup with SonicWall NSA 2700 and SonicWave access point

Figure 3.2: Secure, High-speed Wireless setup, showing the NSA 2700 connected to a SonicWave 432i access point, providing bi-directional scanning for wireless clients.

4. Manteniment

Regular maintenance is crucial for optimal performance and security. This includes:

  • Actualitzacions de firmware: Ensure your device runs the latest SonicOS firmware (version 7.0 or newer) to benefit from the latest security patches, features, and performance improvements. Firmware updates are typically available through your SonicWall support portal.
  • Còpies de seguretat de configuració: Periodically back up your device configuration. This allows for quick restoration in case of unexpected issues or hardware replacement.
  • Seguiment: Regularly monitor the device's status, logs, and performance metrics through the management interface to identify and address potential issues proactively.

5. Solució De Problemes

This section provides general guidance for common issues. For detailed troubleshooting, refer to the official SonicWall documentation or contact technical support.

  • Problemes de connectivitat:
    • Verify all network cables are securely connected to the correct ports.
    • Check LED indicators on the device for port status and activity.
    • Confirm IP configurations and routing settings are correct for your network environment.
  • Degradació del rendiment:
    • Review the device's resource utilization (CPU, memory) through the management interface.
    • Check for high traffic loads or active security services that might be impacting throughput.
    • Assegureu-vos que hi hagi instal·lat el firmware més recent.
  • Security Alerts:
    • Investigate the source and nature of security alerts using the device logs.
    • Ensure security subscriptions (e.g., Capture ATP, Gateway Anti-Virus) are active and up-to-date.

6. Especificacions tècniques

CaracterísticaDetall
Número de modelNSA2700
Sistema operatiuSonicOS 7.0
Emmagatzematge64GB M.2
Interfícies VLAN256
Access Points Supported (Max)32
Dimensions del producte19.69 x 19.69 x 11.02 polzades
Pes de l'article8.8 lliures
Tecnologia de connectivitatEthernet
Interfícies16 x 1 GbE, 3 x 10 GbE
Threat and Malware Analysis Throughput2 Gbps

7. Assistència i garantia

7.1. Suport tècnic

SonicWall Dynamic Support is available for continued protection through ongoing firmware updates and advanced technical assistance. Support options include 8x5 (during normal business hours) or 24x7, depending on your service agreement. Dynamic Support services typically include:

  • Chat, Email, Web, and Telephone Support for technical assistance.
  • Software/Firmware Updates for all software and firmware updates and upgrades.
  • Hardware Replacement via Advance Exchange for defective hardware.

For specific support inquiries, please visit the official SonicWall support portal or refer to your service agreement documentation.

7.2. Informació de la garantia

Specific warranty terms and conditions for the SonicWall NSA 2700 are provided at the time of purchase and are typically covered under the SonicWall Dynamic Support agreements. Please refer to your purchase documentation or contact SonicWall directly for detailed warranty information.

Documents relacionats - NSA2700

Preview Guia d'instal·lació i substitució de la font d'alimentació SonicWall NSa 2700
Instruccions detallades per instal·lar i treure la font d'alimentació del dispositiu de seguretat de xarxa SonicWall NSa 2700, incloent-hi avisos de seguretat i guia multilingüe.
Preview Guia de comandes de la plataforma de gestió i seguretat de xarxa de SonicWall Gen 8
Una guia oficial de comandes per als tallafocs de nova generació (NGFW) i la plataforma de gestió de SonicWall, que detalla la finalitat, el públic i més.view, opcions de llicència, opcions de compra, actualitzacions, renovacions i informació de l'empresa.
Preview Guia d'administració d'alta disponibilitat de SonicOS 7.1
Learn to configure and manage SonicOS 7.1 High Availability (HA) for SonicWall security appliances. This guide covers HA modes, failover, synchronization, and monitoring to ensure reliable network connectivity and business continuity.
Preview Guia d'actualització de SonicOS 7.1: actualització i configuració del firmware de les sèries NSsp, NSa i TZ
Guia completa per actualitzar els tallafocs de les sèries NSsp, NSa i TZ de SonicWall a SonicOS 7.1. Apreneu a actualitzar el firmware, fer còpies de seguretat de les configuracions i importar els paràmetres.
Preview Guia d'inici ràpid de SonicWall NSa 2700
A quick start guide for setting up and configuring the SonicWall NSa 2700 network security appliance, covering package contents, front and back panel details, and various setup options including local management, cloud management, and the SonicExpress app.
Preview Guia d'administració del SonicOS 8 Diagnòstics per al mode clàssic | SonicWall
Una guia completa de SonicWall que detalla les eines de diagnòstic disponibles al mode clàssic de SonicOS 8. Apreneu a solucionar problemes de connectivitat de xarxa, generar informes de suport, realitzar pings, rastrejar rutes, cerques DNS i molt més per a una gestió de xarxa eficaç.