NSv 270/470/870

The SonicWall Network Security virtual HIGHLIGHTS

NSv 270/470/870 firewalls, deliver enterprise-
class security, streamlined management, complete Public, private and government cloud security
visibility, flexible deployment, while delivering superior • Next-gen firewall with automated real-time breach
performance for virtual workloads. detection and prevention capabilities

Vulnerabilities within virtual environments are discovered • Patented Real-Time Deep Memory Inspection
regularly that yield serious security implications and (RTDMI™) technology
challenges. But protecting all these security vectors • Patented Reassembly-Free Deep Packet
requires the ability to also consistently apply the right Inspection (RFDPI) technology
security policy to the right network control point, as some
• Complete end-to-end visibility and streamlined
security failures can be attributed to ineffective policies
management with Unified Policy
or misconfigurations.
• Application intelligence and control

• DNS security

• Reputation-based Content Filtering

Service (CFS 5.0)

• Wi-Fi 6 firewall management

• Network access control integration with

Aruba ClearPass

• Supports AWS and Azure US Government clouds

• Integrates with Microsoft Azure Sentinel for faster

incident response

• Supports private cloud (ESXi, Hyper-V, KVM,

Nutanix) and public cloud (AWS, Azure) platforms

Virtual machine protection

• Data confidentiality

• Secure communication with data

leakage prevention

• Traffic validation, inspection and monitoring

• Virtual network resilience and availability

DATASHEET
NSv firewall series help security teams reduce these types • Decrypt encrypted traffic easily and utilize TLS 1.3
of security risks and vulnerabilities, which can cause serious support for improved security
disruption to business-critical services and operations.
• Ensure compliance with regulatory standards
It enables enterprises to control dynamic traffic passing
by implementing threat prevention and
through a firewall and provides visibility and insight into
segmentation capabilities
disparate policies. It help simplify management tasks,
• Gain complete visibility and control of traffic across
reduce configuration errors and speed up deployment time,
multiple regions and availability zones with Unified Policy
all of which contribute to a better overall security posture.
• Attain cost benefit and efficiency by shifting
SonicOSX and Security Services from CAPEX to OPEX
The SonicOSX architecture is at the core of NSv 270/470/870
• Secure AWS and Azure clouds designated for US
firewalls. It is powered by the feature-rich SonicOSX 7
Government agencies and their customers by
operating system with intuitive user interface (UI), advanced
deploying NSv firewalls
security, networking and management capabilities.
• Secure virtualized compute resources and hypervisors
Built from the ground up, SonicOSX 7.0 features Unified
to protect private cloud workloads on VMware ESXi,
Policy that offers integrated management of various security
Microsoft Hyper-V, Nutanix and KVM
policies. Easily provision layer 3 to layer 7 controls in a single
rule base on every firewall, providing a centralized location • Prevent threats with complete visibility into intra-host
for configuring policies. The new web interface provides communication between virtual machines
graphical visualizations of critical threat information, and • Ensure appropriate application of security policies
displays actionable alerts prompting you to configure throughout the virtual environment
contextual security policies with point-and-click simplicity.
• Deliver safe application enablement rules by application,
NSv further integrates SD-WAN, TLS 1.3 support, real-time user and device, regardless of VM location
visualization, high-speed virtual private networking (VPN)
• Implement proper security zoning and isolations
and other robust security features. Unknown threats are
sent to SonicWall’s cloud-based Capture Advanced Threat • Integrate with Microsoft Azure Sentinel, a scalable, cloud-
Protection (ATP) multiengine sandbox for analysis. Capture native, security information event management (SIEM)
ATP harnesses Real-Time Deep Memory Inspection (RTDMI), and security orchestration automated response (SOAR)
a SonicWall patented technology, to discover and block solution to expedite incident response
malware and zero-day threats that reside in memory.
2. Internet Edge
With the combination of Capture ATP, RTDMI technology
• Protect corporate resources from attacks at the
and security advanced services, NSv series firewalls
Internet gateway.
stop malware at the gateway before it gets to your
critical systems. • Secure Internet edge from the most advanced
attacks with advanced security features and
Deployments automatically block threats

• Ensure compliance with regulatory standards

1. Cloud Edge: Secure Public, Private
and Government Clouds by implementing threat prevention and
segmentation capabilities
• Secure workloads on Amazon Web Services (AWS) and
Microsoft Azure • Improve business efficiency, performance and reduce
costs by leveraging SonicOSX enhancements
• Protect cloud applications and cloud infrastructures
from cyber threats with advanced next-generation • Segment critical PoS (Point of Sale) systems, to ensure
firewall features that incorporates VPN, IPS, CFS, business continuity
AV and much more • Gain complete visibility and control of traffic across
multiple regions and availability zones with Unified Policy

2 | NSv 270/470/870
NSv Series System Specifications
Firewall General NSv 270 NSv 470 NSv 870
Operating system SonicOSX11
VMware ESXi v5.5/v6.0/v6.5/v6.7/v7.0/v8.0, Microsoft Hyper-V, KVM Ubuntu 16.04 / CentOS 7,
Supported Hypervisors
Nutanix AHV (AOS 5.15 LTS/Prism Central 5.16.1.2)10
Supported Government Clouds12 AWS and Azure (in US East and West regions)
c5.large c5.xlarge c5.2xlarge
c5n.large c5n.xlarge c5n.2xlarge
Supported AWS Instance Types c5d.large c5d.xlarge c5d.2xlarge
m5.large m5.xlarge m5.2xlarge
m5n.large m5n.xlarge m5n.2xlarge
Standard D4 v2
Standard D2 v2 Standard_A8_v2
Standard D3 v2
Standard_B2ms Standard_F8
Standard_B4ms
Supported Azure Instance Types Standard_D2V4 Standard_F8s
Standard_DS3_v2
Standard_D2ds_V4 Standard_D8_v4
Standard_D2ds_V4
Standard_D2s_v4 Standard_D8_v3
Standard_D8s_v3
Licensing BYOL, PAYG1
Max Supported vCPUs 2 4 8
Interface Count (ESXi/Hyper-V/KVM/Nutanix/AWS/Azure) 8/8/8/8/8/8 8/8/8/8/8/8 8/8/8/8/8/8
Max Mgmt/DataPlane Cores 1/1 1/3 1/7
Min Memory2 4 GB 8 GB 10 GB
Max Memory3 6 GB 10 GB 14 GB
Supported IP/Nodes Unlimited
Minimum Storage 60 GB
SSO users 500 10,000 15,000
Logging Analyzer, Local Log, Syslog
High availability Active/Passive4

3 | NSv 270/470/870
 Firewall/VPN Performance5,7 NSv 270 NSv 470 NSv 870
Firewall Inspection Throughput 6 Gbps 9 Gbps 14 Gbps
Threat Prevention Throughput 1.6 Gbps 2.9 Gbps 8 Gbps
IPS Throughput 4 Gbps 6 Gbps 8 Gbps
TLS/SSL DPI Throughput 800 Mbps 2 Gbps 4 Gbps
VPN Throughput8 1.4 Gbps 3.5 Gbps 8 Gbps
Connections per second 13,760 37,270 75,640
Maximum connections (SPI) 225,000 1.5M 3M
Maximum connections (DPI) 125,000 1.5M 2M
TLS/SSL DPI Connections 8,000 20,000 30,000

VPN NSv 270 NSv 470 NSv 870

Site-to-Site VPN Tunnels 75 6000 10,000
IPSec VPN clients13 (Maximum) 50(1000) 2000(4000) 2000(6000)
SSL VPN Clients Included6 2 2 2
SSL VPN Clients Maximum6 100 200 300
Encryption/authentication DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-1, Suite B, Common Access Card (CAC)
Key exchange Diffie Hellman Groups 1, 2, 5, 14v
Route-based VPN RIP, OSPF, BGP

Networking NSv 270 NSv 470 NSv 870

IP address assignment Static, DHCP, internal DHCP server 9, DHCP relay 9
NAT modes 1:1, many:1, 1:many, flexible NAT (overlapping IPs), PAT
Logical VLAN and tunnel interfaces (maximum)7 128 128 128
Routing protocols BGP, OSPF, RIPv1/v2, static routes, policy-based routing
QoS Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1p
Authentication XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user database, Terminal Services, Citrix
Local user database 250 2500 3200

1PAYG is currently available only on AWS Intel Xeon Processor (Platinum 8268 @2.9GHz, 3.9GHz 8All perfoarmance parameters are tested using Dell R740
2Memor y with Jumbo frame disabled. Turbo, 37.5M Cache) running SonicOS 7.0.1 with with SR-IOV and Turbo boost.
3Memor y with Jumbo frame enabled. Additional memor y VMware vSphere 7.0 9Supported on Private Cloud and not on Public
is required for Jumbo frames. Jumbo frames are not 6SSL VPN clients available for MSSP program are 50 on Cloud Platforms.
supported on Azure and AWS. NSv 270 and 75 on NSv 470. Increased SSL VPN number 10Nutanix AHV is supported on SonicWall
4High availability is available on VMware ESXi platform, will be available only from SonicOS 6.5.4.4-44v-21-723 NSv 270/470/870 running SonicOSX 7.0.0
KVM, Azure, Microsoft Hyper-V and Nutanix. NSv 270 firmware and onwards. firmware and onwards.
supports HA by using D3v2 VM size. HA is not supported 7VLAN interfaces are not supported on Azure and AWS. 11SonicOSX 7.0.1 onwards user will be able to select and
on AWS. HA on Azure requires ser ver size that supports Testing Methodologies: Maximum performance based switch between Classic/Global and Policy mode.
three or more interfaces. on RFC 2544 (for firewall). Threat Prevention/GatewayAV/ 12Government cloud is only available through BYOL
5Published performance numbers are up to the Anti-Spy ware/IPS throughput measured using industr y 13GVC clients available for MSSP program are 25 on NSv
specification and the actual performance may var y standard Keysight HTTP performance test tools. Testing 270 and 50 on NSv 470
depending on underlying hardware, network conditions; done with multiple flows through multiple port pairs.
firewall configuration and activated ser vices. Threat Prevention throughput measured with Gateway AV,
Performance and capacities may also var y based Anti-Spy ware, IPS and Application Control enabled with
on underlying virtualization infrastructure, and we default firewall settings. VPN throughput measured with
recommend additional testing within your environment UDP traffic using 1418 byte packet size AESGMAC16-256
to ensure your performance and capacity requirements Encr yption adhering to RFC 2544. All specifications,
are met. Performance metrics were obser ved using features and availability are subject to change.

4 | NSv 270/470/870
SonicOSX 7.0 feature summary
Firewall • Sections/Custom Grouping • Data leakage prevention
• Stateful packet inspection • Customizable Grid/Layout • Application reporting over NetFlow/IPFIX
• Reassembly-Free Deep Packet Inspection • Comprehensive application
• DDoS attack protection
TLS/SSL/SSH decryption signature database
(UDP/ICMP/SYN flood) and inspection
• IPv4/IPv6 support • TLS1.3 Traffic visualization and analytics
• Biometric authentication • Supporting TLS 1.3 with • User activity
for remote access enhanced security • Application/bandwidth/threat usage
• DNS proxy • Deep packet inspection for TLS/SSL/SSH • Cloud-based analytics
• REST APIs • Inclusion/exclusion of objects,
• SonicWall Switch integration1 groups or hostnames HTTP/HTTPS Web content filtering2
• SonicWall Wi-Fi 6 AP integration • SSL control
• URL filtering
• Reputation-based Content Filtering • Granular DPI SSL controls per zone or rule
• Proxy avoidance
Service (CFS 5.0) • Keyword blocking
• DNS filtering Capture advanced
• Reputation-based Content Filtering
• SD-WAN threat protection2 Service (CFS 5.0)
• SD-WAN Scalability • Real-Time Deep Memory Inspection • DNS filtering
• SD-WAN Usability Wizard • Cloud-based multi-engine analysis • Policy-based filtering (exclusion/inclusion)
• Virtualized sandboxing • HTTP header insertion
• API
• Hypervisor level analysis • Bandwidth manage CFS rating categories
• Full API Support
• Full system emulation • Unified policy model with app control
• Multi-Tenancy3
• Broad file type examination • Content Filtering Client
• Multi-Tenant Support
• Automated & manual submission
• Tenant View with Firmware
• Real-time threat intelligence updates VPN
Support per Tenant
• Block until verdict • Secure SD-WAN
• Switch between Classic/Global
• Capture Client • Auto-provision VPN
and Policy mode4
• IPSec VPN for site-to-site connectivity
Unified Policy Intrusion prevention2 • SSL VPN and IPSec client remote access
• Signature-based scanning • Redundant VPN gateway
• Unified Policy combines layer 3
to layer 7 rules: • Network access control integration with • Mobile Connect for iOS, Mac OS X,
Aruba ClearPass Windows, Chrome, Android and Kindle Fire
• Source/Destination IP/Port/Service
• Automatic signature updates • Route-based VPN (RIP/OSPF/BGP)
• Application Control
• Bi-directional inspection engine
• CFS/Web Botnet/Geo-IP
• Rule Diagram
• Granular IPS rule capability Enhanced Dashboard
• GeoIP enforcement • Enhanced Device View
• Single Pass Security
Services enforcement • Botnet filtering with dynamic list • Top Traffic and User summary
- IPS/GAV/AS/Capture ATP • Regular expression matching • Insights to threats
• Profile Based Objects for Endpoint • Notification Center
Security/BWM/QoS/CFS/ Anti-malware2 • Enhanced Packet Monitoring
Intrusion Prevention
• Stream-based malware scanning • SSH Terminal on UI
• Action Profiles for Security/DoS Rules
• Gateway anti-virus • New Design/Template
• Rule management:
• Gateway anti-spyware • Industry and Global Average Comparison
• Cloning • Bi-directional inspection
• Shadow rule analysis • No file size limitation Networking
• In-cell editing • Cloud malware database • PortShield1
• Rule Export
• Jumbo frames
• Group editing Application identification2 • Path MTU discovery
• Managing views • Application control • Enhanced logging
• Used/un-used rules • Application bandwidth management • VLAN trunking
• Active/in-active rules • Custom application signature creation • Port mirroring (NSa 2650 and above)

5 | NSv 270/470/870
 • Layer-2 QoS DoS Policy • LCD management screen1
• Port security • Unified Policy for DoS/DDoS • Dell N-Series and X-Series
• Dynamic routing (RIP/OSPF/BGP) attack prevention switch management including
cascaded switches1
• SonicWall wireless controller1
• Network Security Manager Reporting
• Policy-based routing (ToS/ VoIP
metric and ECMP) • Granular QoS control
• NAT
Wireless1
• Bandwidth management
• DHCP server • SonicWave AP cloud and
• DPI for VoIP traffic
firewall management
• Bandwidth management • H.323 gatekeeper and SIP proxy support
• WIDS/WIPS
• Link aggregation1 (static and dynamic)
• Rogue AP prevention
• Port redundancy1 Management and monitoring
• Fast roaming (802.11k/r/v)
• A/P high availability with state sync • Web GUI • 802.11s mesh networking
• A/A clustering1 • Command-line interface (CLI) • Auto-channel selection
• Inbound/outbound load balancing • Zero-Touch registration & provisioning • RF spectrum analysis
• L2 bridge,1 wire/virtual wire mode, • SonicExpress mobile app support
tap mode, NAT mode • Floor plan view
• SNMPv2/v3 • Topology view
• 3G/4G WAN failover1
• Centralized management and reporting • Band steering
• Asymmetric routing with Network Security Manager (NSM)2
• Common Access Card (CAC) support • Beamforming
• Logging
• SonicCoreX and SonicOS • AirTime fairness
• Netflow/IPFix exporting
Containerization • Bluetooth Low Energy
• Cloud-based configuration backup
• MiFi extender
• Application and bandwidth visualizer
Decryption Policy • Guest cyclic quota
• IPv4 and IPv6 Management
• Unified Policy for SSL/TLS traffic • LHM guest portal
• Off-box reporting (Scrutinizer)
1
Not supported on NSv Series firewalls
2
Requires added subscription
3
Available only on NSsp firewalls
4
Available on SonicOSX 7.0.1 onwards

6 | NSv 270/470/870
 PARTNER ENABLED SERVICES
Need help to plan, deploy or optimize
your SonicWall solution? SonicWall
Advanced Services Partners are trained to
provide you with world class professional
services. Learn more at:

www.sonicwall.com/PES

Learn more about SonicWall

NSv 270/470/870 Series
www.sonicwall.com/NSv

About SonicWall
SonicWall delivers stable, scalable, seamless cybersecurity for the hyper-distributed era and a work reality where everyone
is remote, mobile and unsecure. By knowing the unknown, providing real-time visibility and enabling breakthrough economics,
SonicWall closes the cybersecurity business gap for enterprises, governments and SMBs worldwide. For more information, visit
www.sonicwall.com.

SonicWall, Inc.
1033 McCarthy Boulevard | Milpitas, CA 95035
Refer to our website for additional information.
www.sonicwall.com

© 2023 SonicWall Inc. ALL RIGHTS RESERVED.

SonicWall is a trademark or registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their
respective owners. The information in this document is provided in connection with SonicWall Inc. and/or its affiliates’ products. No license, express or implied, by estoppel or otherwise, to any
intellectual property right is granted by this document or in connection with the sale of SonicWall products. Except as set forth in the terms and conditions as specified in the license agreement for this
product, SonicWall and/or its affiliates assume no liability whatsoever and disclaims any express, implied or statutory warranty relating to its products including, but not limited to, the implied warranty
of merchantability, fitness for a particular purpose, or non- infringement. In no event shall SonicWall and/or its affiliates be liable for any direct, indirect, consequential, punitive, special or incidental
damages (including, without limitation, damages for loss of profits, business interruption or loss of information) arising out of the use or inability to use this document, even if SonicWall and/or its
affiliates have been advised of the possibility of such damages. SonicWall and/or its affiliates make no representations or warranties with respect to the accuracy or completeness of the contents of
this document and reserves the right to make changes to specifications and product descriptions at any time without notice. SonicWall Inc. and/or its affiliates do not make any commitment to update
the information contained in this document.

Datasheet-NSv-270-470-870-JK-9963