NSsp 15700 series FAQs

11/19/2020 1 People found this article helpful 469,824 Views

Description

NSsp 15700 FAQs

Q: What is new with the NSsp 15700 (hereafter may be called “the device”)?

A: The NSsp 15700 is our next-generation firewall with multiple 100/40/10Gb ports that can process several million concurrent connections. The newly introduced multi-instance capability (modern multi-tenancy) allows MSSPs and enterprises to provide guaranteed performance, reliability, and availability while adhering to service level agreements. The newly designed SonicOSX 7 features and new UI and several new enterprise capabilities including a newly designed user interface and workflows, and Unified Policy combining Layer 3 to Layer 7 access and security rules in a single policy.

Q: How is the NSsp 15700 different from other vendors?

A: When compared to the NSsp 15700 against Palo Alto (PA 5260 & 5280), Cisco (FP4125), and Fortinet (FG3600E) it wins over all models in total cost of ownership (namely in an HA pair setting) and in DPI throughput. The multi-instance architecture within SonicOSX 7 provides another layer of differentiation. For more information, please see Salesforce for competitive materials.

Q: What is the difference between multi-tenant and multi-instance?

A: In the case of multitenancy, resources are shared between the tenants which can lead to resource starvation when a tenant is in high demand such as in a DDoS attack. Additionally, one cannot run independent software versions or configurations on each tenant. The Multi-instance architecture allows for true isolation and give dedicated resources such as CPU cores to each instance so one tenant does not impact the other. This gives you the ability to run independent software versions and configurations which is ideal for testing a new software version before deploying it. Multi-instance gives MSSPs more flexibility in providing services to multiple customers.

Q: What is Unified Policy?

A: Unified Policy allows administrators to combine Layer 3 to Layer 7 access and security rules into a single policy to reduce rule management overhead.

Q: What certifications do you have?

A: The NSsp 15700’s major regulatory certifications are FCC Class A, ICES Class A, CE (EMC Class A, LVD, RoHS), C-Tick, VCCI Class A, MSIP/KCC Class A, UL, cUL, TUV/GS, CB, Mexico UL DGN notification, WEEE, REACH, ANATEL, and BSMI

Q: Where do these devices fit in the ecosystem?

A: The NSsp 15700 is designed for Managed Service providers and for enterprise datacenter deployments. It functions well as a stateful packet firewall but exceeds the competition’s ability to perform as a NGFW on the WAN edge when examining for threats with best in class malware protection and DPI throughput numbers.

Q: How does the licensing work?

A: The Essential Gateway Security Suite bundle (formerly known as Advanced Gateway Security Suite [AGSS]), does not need to be purchased for additional instances or for a High-Availability (HA) paired device. This gives the device a best-in-class total cost of ownership (TCO) when compared to competing devices in its class. See Salesforce for competitive information.

Q: Is there an extra cost for firewall instances?

A: There are no extra costs for firewall instances and their security services which is a huge cost savings.

Q: How does one rate how well SonicWall NSsp 15700 performs for TCO compared to other competitive NGFWs in its class?

A: SonicWall's HA solution with two NSsp 15700 firewalls and all threat prevention services and support provides everything needed at the lowest TCO in the industry. When compared to the Fortinet FG3600E it is 21% less expensive the first year and especially so when compared over the course of five years (45% less).

Q: Does this come with premium support?

A: 24x7 support (or 8 x 5 in some regions) is found in our services bundles and five premium support credits are included in these bundles. Additional credits are available for purchase as well.

Q: Can I migrate the configuration from a Generation 6 device (e.g. NSa 9250 or SuperMassive 9800) to an NSsp 15700 instance?

A: No, this is not supported at this time due to the new unified policy architecture which places layer 3 through 7 policies into a single rule base.

Q: What is the internal storage for?

A: Internal storage is mainly for logs and diagnostics support.

Q: How does Unified Policy help with rule management?

A: You can group by used & un-used, active & in-active, and rules sections help maintain policy hygiene.

Q: How many instances does a NSsp15700 support?

A: A standalone unit can support upto 13 instances which includes 1 root instance and 12 child instances. In case of HA setup, around 26 instances are supported which include 2 root instances and 24 child instances.

Q: How many CPU’s are dedicated for each instance?

A: With Multitenancy feature being disabled, all 4 CPUs are dedicated for the root instance. With Multitenancy being enabled, 2 CPUs are still required at minimum for the root instance. On the child instance, you can use a maximum of 2 CPUs. 1 CPU is required at minimum for each child instance.

Q: Are the interfaces shared between instances?

A: Child instance shares the interfaces with the root instance but not with another child instance.

Q: Can I run separate firmware on child instances?

A: Child instances can run separate firmware at the same time.

Q: Is cloning of instances supported?

A: Cloning is not supported but as user can run separate firmware on each instance at the same time.

Q: How is child instance orchestration done?

A: Orchestration can be done from root instance during the initial release. Child instances can also be managed individually using UI, CLI and API. Orchestration will also be enabled from SonicWall NSM 2.0 during later releases. NSM 2.0 will be managing each instance as an individual firewall.

Q: How are the licenses managed for the child instance?

A: Each child instance will have their licenses inherited from the root instance. So security services license will also be inherited from the root to the child.

Q: How is the routing happening between two child instances?

A: Routing works between child instances like how routing is between 2 separate firewalls. Inter-Instance link is not available during initial launch.

Q: How many storage drives are supported on this hardware?

A: There are 2 *480GB SSD built-in storage devices. Then there are two removable storage drives which are 256GB DDR4 drives.

Q: Is settings migration supported from SM9800/SM10x00/NSsp12x00 hardware models to this device?

A: During initial release, settings migration is not supported from other models. The new hardware runs SonicOSX 7 by default which runs unified policy which is different from the previous versions.

Q: What is SonicOSX?

A: SonicOSX is the new SonicWall firewall platform called the Unified Policy that allows granular control and enforcement of dynamic Layer 7 applications within the security policy.

Not Finding Your Answers?

ASK THE COMMUNITY

Was This Article Helpful?

YES NO

NSsp 15700 series FAQs

Description

Related Articles

Categories

Not Finding Your Answers?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Follow Us

Subscribe to newsletter

Stay In Touch