The NSsp 15700 is a next-generation firewall with high-port density, 100G/40G/10G ethernet ports, redundant power, and TLS 1.3 support, all with a low total cost of ownership. It’s a multi-instance firewall that supports absolutely millions of simultaneous TLS connections, but offers a straightforward single pane of glass management, supporting SonicOSX 7.0.
The unit's high-speed ports and processing takes network traffic in its stride - eliminating zero-day and advanced threats in real-time without a pause - bringing safe, uninterrupted services to you, your users, customers, and trading partners.
It's a cloud world, and we're all aware the cloud is the “new normal”, but that’s only part of the story. Public cloud, private cloud, and hybrid cloud bring tremendous scalable computing power to organisations of all sizes - but it also means there is more reliance on the network than ever before. Today, any firewall that can’t support increasing managed and unmanaged devices, networks, cloud workloads, SaaS applications, users, Internet speeds, and encrypted connections is a bottleneck. Your firewall, by definition, must be trustworthy and reliable. If it’s a pain point in your environment then something is seriously wrong; you both need and deserve a firewall that brings strength and peace of mind.
Here, the NSsp 15700 has you covered. It processes and examines millions upon millions of encrypted and non-encrypted pieces of traffic without impacting productivity, while ensuring the highest standards of security. Its intuitive unified policy interface allows you to create security policies with simplicity. Ongoing management and monitoring is available through a clear dashboard with real-time stats and historical reports. There’s no need to muddle through complex programming - you can plug the NSsp 15700 in, set it up, and have it working hard for your business within moments.
Spec-wise, it offers:
- LCD display and controls for quick information and settings
- CLI, SSH, Web UI, and REST API access to SonicOSX 7
- 6 x 100 GbE QSFFP28 ports
- 4 x 40 GbE QSFP+ ports
- 16 x 10 GbE SFP+ ports
- 100,000 SSO users
- 2 x 480GB SSD
- 25,000 site-to-site VPN tunnels
- 2,000 IPSec VPN clients, up to a maximum of 10,000
- DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B cryptography encryption and authentication
- RIP, OSPF, BGP route-based VPN protocols
- 105 Gbps firewall inspection throughput
- 32 Gbps VPN throughput
- 1024 VLAN interface
- LDAP, XAUTH/RADIUS, SSO, Novell, Terminal Services, Citrix, internal user database authentication methods
- Full H.323-v1-5, SIP VoIP
- Active/passive with state sync high availability
- Dual redundant 1200W power supplies
- 10 fans
- 2U rack-mountable, 686 x 438 x 88 mm, 26 Kg
- Up to 12 instances, with no extra charges for multiple instances
You can see from the specs the NSsp 15700 is a beast; it has vast capabilities and support for you to bridge numerous networks, set up private networks, segment your internal network, inspect encrypted packets at high speed, and more.
Yet, raw numbers only tell part of the tale. For instance, the 15700’s segmentation and networking features combine to make it a multi-instance firewall, taking multi-tenancy to the next level. Each tenant is isolated with dedicated compute resources, and each tenant can have independent policies and configurations.
All this means in practice that enterprises can securely segment their networks, clouds, or service definitions with unique templates, device groups and policies. Or, MSSPs can support multiple customers with a clean pipe along with unique policies.
Additionally, the 15700 leverages SonicWall’s Capture Advanced Threat Protection, which is in use globally by over 150,000 customers. It discovers and stops over 1,200 new forms of malware every day.
This is supplemented with website filtering through SonicWall’s vast database of millions of rated URLs, IP addresses, and websites. It’s a snap, for example, to set up rules so certain categories of websites may only be used during set hours of the day, or by a particular category of user, or from over 50 other ways of specifying how you allow or deny access.
The intrusion prevention system (IPS) embedded in the device is a configurable, high-performance Deep Packet Inspection engine that protects against worms, trojans, peer-to-peer, spyware, backdoor exploits, and application vulnerabilities too.
The Equifax breach in 2017, which exposed the financial records of millions of Americans, came down to the exploitation of a vulnerability in Apache Struts. Frustratingly, it was a vulnerability that had already been patched, but the patch hadn’t been applied at Equifax. This is the sort of thing the NSsp 15700’s IPS guards against, along with zero-day vulnerabilities that don’t even have a patch yet.
There is so much to love; iTWire certainly salivated at the thought of plugging a SonicWall NSsp 15700 in and checking out all its options. It’s the type of device your network administrators will love - providing power and functionality, security and reliability, but yet with a minimum of management.
At iTWire, we see the CIO agenda as flipping the typical 80/20 balance of business-as-usual (BAU) work vs. innovation so that 80% of your time and budget is instead spent on innovation, and 20% on BAU. It’s with very devices like this, the NSsp 15700, that get you there. It brings peace of mind, set-and-forget rules, scales with your business, chews through network traffic with ease, and protects your business every second of every day.
It genuinely provides some of the fastest deep packet inspection throughput numbers we’ve seen, and the multi-instance architecture provides for independent software versions and configurations. Even devices with higher VPN throughput cannot match the threat inspection capabilities this device offers.
For example, the Palo Alto 5260 and 5280, the Cisco FP4125, and Fortinet 3600E don’t come close. Only the Fortinet 3600E has a higher firewall performance - 240Gbps vs. the NSsp 15700’s 105Gbps while the others languish around 60 and 80Gbps - but is still a laggard with its 30Gbps threat inspection vs. the NSsp 15700’s incredible 82GBps capability (Palo Alto and Cisco come in at 28 and 35Gbps, respectively).
Security is often considered a trade-off between convenience and protection. For instance, you make complex passwords and users struggle. You make simple passwords and they’re easy to breach. Yet, SonicWall says you don’t need to compromise on threat inspection and user experience - with the ultra-speed performance your end-users stay safe and enjoy a seamless application experience at the same time.
How much would you expect to pay for a leading enterprise-grade, super-fast multi-instance firewall device? If you’ve come from Fortinet you’ll be used to paying for hardware and licensing for both your primary and your secondary/standby appliance, as if you’d bought two non-high availability firewalls.
SonicWall approaches pricing differently; the company reasons you shouldn’t have to pay a license for a standby unit is because it’s only active if the primary is not - and vice-versa. Thus, SonicWall allows two devices in a high-availability configuration to share a single license. This is a savings of literally hundreds of thousands of dollars.
In fact, an analysis by Tolly provides pricing for two Fortinet FG 3600E appliances at $442,500 each, or $885,000 total. By contrast, Tolly identified the first SonicWall NSsp 15700 comes in at $330,200 and the second at $110,000 for a total price of $440,200 for a high-availability set. In both cases Tolly factored in licensing and support for three years; that is, these are the three-year costs for these two options.
This means two things: first, you can buy an entire high-available firewall setup from SonicWall for less than the price of one Fortinet device - and one which performs faster threat inspection. Secondly, it means your total cost of ownership for SonicWall’s option is $5,368 per 1Gbps threat protection, while Fortinet’s option has a price tag of $29,500 per 1Gbps threat protection.
iTWire really could go on and on; the list of features is almost endless. There is a database of applications for intelligent packet analysis, support for IoT devices, DNS protection, and more. However, the best thing right now is to take it for a spin yourself. You can demo the SonicWall NSsp series firewalls online without any installation or commitment and see all the features and benefits in action.
In this day of working from anywhere, conducting business from anywhere, and bring-your-own-device, you owe it to your organisation to provide the most flexible, most secure, and fastest firewalling, without onerous management requirements, and without end-user enjoyment being impacted. Keep your company on the front page of newspapers for all the right reasons, and not because of a data breach. You owe it to yourself, your users, and your business to check out the SonicWall NSsp 15700, and others in its range.
See a live demo here, and watch it in action below: