In the Lab: SonicWall NSA 3600 Firewall Upgrade – StorageReview.com

Posted: August 11, 2017 at 5:54 pm

August 11th, 2017 by StorageReview Enterprise Lab

We are in the process of upgrading our networking fabric;a major part of that includes moving to the NSA 3600 from the SonicWall Network Security Appliance (NSA) Midrange Firewall Series. Ideal for smallto medium-sized corporate environments, this firewall series is highlighted by its advanced automated threat-prevention technologies. Previously, we usedSonicwalls TZ500W, an easy-to-deploy, all-in-one SMB desktop firewall solution that is great for smaller-scale networks. Moving to an entry-enterprise rack platform, the NSA 3600 acts as a significant upgrade in our labs, offering 10G support with SFP+ ports and support for jumbo frames.

The NSA 3600 is powered by SonicOS, a comprehensive operating system that is simple to configure and easy to use. SonicOS helps to streamline management and offers admins substantial network control and versatility through features such as application intelligence and control, real-time visualization, and intrusion prevention system.

With its comprehensive control options, real-time visualization and WLAN management, we will be able to easily monitor activity across our entire network. Moreover, the NSA 3600 comes with SonicWalls Reassembly-Free Deep Packet Inspection technology, which scans traffic for all threats (both known and unknown) and eliminates them before they are able to infect a network. Capture Advanced Threat Protection Service also gives enterprises cloud-based, multi-engine sandboxing that blocks unknown and zero-day gateway attacks. This technology works by scanning all traffic in a wide range of file sizes and types, then extracting any suspicious code for further analysis.The SYN flood protection offers protection against DoS attacks through Layer 3 SYN proxy and Layer 2 SYN blacklisting technologies while defendingagainst DOS/DDoS using UDP/ICMP flood protection and connection rate limiting. This NSA Mid Range Series firewall also provides threat API, Stateful packet inspection, WAN load balancing, biometric authentication and more. Through all of these defense measures,the NSA 3600 is capable of delivering 3.4 Gbps, 1.1 Gbps, and 600 Mbps in Firewall, IPS, and Anti-malware throughput, respectively.

SonicWall NSA 3600 Specifications

Design and Build

The SonicWall NSA 3600 comes in a 1U rack form factor and has the same connectivity layout as the 4600 and 5600 models. On the left side of the front panel is the console port (which gives access to the SonicOS CLI when connected via an enclosed serial CLI cable), a SDHC port, two USB ports, and a SafeMode button (press until blinking to access). There are also four LED status Indicators: the Power LED, where blue means the power supply is operating normally and yellow means the power supply has been disconnected; the Test LED, which displays Initializing, Test, SafeMode statuses; the red Alarm LED; and the M0 LED, which shows expansion module 0 activity.

Next to the status indicators is the Management Port (1 GE), two X16-X17 (10 GE SFP+) hot-swappable ports, four X12-X15 (1 GE SFP) ports for high-speed fiber or copper Ethernet communication, and twelve X0-X11 (1 GE) High-speed copper Gigabit Ethernet ports.

The back panel is home to the expansion bay, which supports SonicWall-approved expansion modules, as well as dual auto-throttling fans and the power supply port/switch.

Upgrade Process

SonicWall makes the process of upgrading firewalls very simple. In our case to move from the TZ500W to the NSA 3600, we were able to take the saved configuration file from one and import it into the other, no additional conversion necessary. This was quite important for us, since while deploying the firewall is simple, manually adding in all of our existing firewall rules would be a time consuming process otherwise. In this case we had our networking environment swapped over to the NSA 3600 within a few minutes from the file import, once the NSA 3600 was upgraded to the same firmware version (or newer) than the TZ500W.

During the upgrade process we kept the same interface connections; connecting to the firewall over 1GbE. The main reason for the upgrade though is the SFP+ 10GbE ports the NSA 3600 offers, allowing us to uplink the firewall directly into our new 48-port 10G Dell S4048 or 32-port 100G Dell Z9100 switches as they come online. This upgrade is a large undertakingas we migrate off our 40GbE fabric over to 100G for next-gen storage and compute hardware. The NSA 3600 deployment was an easy first step in this process though as we work to modernize our network.

SonicWallNSA 3600 product page

Discuss This Story

Sign up for the StorageReview newsletter

The rest is here:
In the Lab: SonicWall NSA 3600 Firewall Upgrade - StorageReview.com

Related Posts