SonicWall TZ Series Next-Generation Firewall (NGFW)
Protect your small business or branch location from intrusion, malware and ransomware with an easy-to-use, integrated security solution designed specifically for your needs. SonicWall TZ firewalls deliver enterprise-grade protection without the cost or complexity.
SonicWall Gen8 TZ Wired Models
SonicWall Gen8 TZ Wireless Models
SonicWall Gen7 TZ Operate with License Wired Models
SonicWall Gen7 TZ Wired Models
Wireless Gen7 TZ Models
Overview
The SonicWall TZ series of firewalls is designed specifically for the needs of SMBs and branch locations, delivering enterprise-class security without the enterprise-grade complexity. With Zero-Touch Deployment and simplified centralized management, installation and operation is easy. Detect sophisticated threats, including encrypted attacks, with advanced networking and security features, like the multi-engine Capture Advanced Threat Protection (ATP) cloud-based sandbox service with patented Real-Time Deep Memory Inspection (RTDMI™).
Simply plug in and enjoy the advanced protection of the cost-effective SonicWall TZ series firewall without worrying about complex management — or the next threat.
Features
- Superior Performance
Prevent malicious threats without compromising performance. Deploy next-generation firewalls designed for small, midsize, and distributed enterprises and leverage industry-leading performance in threat prevention and DPI TLS/SSL (Decryption) to protect your networks. - Low Total Cost of Ownership
Make SonicWall TZ firewall the start of enterprise savings. From reduced costs through zero-touch deployment to enabling SD-WAN and delivering threat block rates on par or better than competitors at a fraction of the cost, SonicWall TZ firewalls are security you can’t afford to be without. - Secure SD-WAN Technology
Leave MPLS behind for a more agile, secure, and cost-effective network optimized for today’s broadband-driven, cloud-infused landscape. Eliminate costs on SD-WAN appliances and licenses by leveraging the built-in secure SD-WAN technology in TZ firewalls to - Simplified Centralized Management
Increase efficiencies in deploying and managing distributed firewalls via configuration administration enhancements and bulk deployment capabilities, including auto-sync, multi-tenant commit and deploy, and bulk password change. - Advanced Reporting & Analytics
Increase insights and enhance visibility with reporting templates, real-time reports, customizable reports, schedule report capability, and tenant-based analytics. - Managed Protection Security Suite (MPSS)
Extend your team with SonicSentry NOC Team 24x7 for managed firewall services that include monitoring, firmware updates, vulnerability reporting, and an embedded warranty of up to $200K warranty. - Integrates with Wireless Access Points
Implement high-speed wireless security by combining a TZ series next-generation firewall with a SonicWall SonicWave wireless access point. TZ series firewalls and SonicWave access points both feature 2.5/5 GbE ports that enable multi-gigabit wireless throughput offered in Wi-Fi 6 wireless technology. - Built-in ZTNA Connector
Increase secure access to private applications behind the firewalls using a built-in connector to Cloud Secure Edge, enabling compliance with a Zero-Trust framework.
Benefits
Advanced Threat Prevention with Deep Memory Inspection
- Get lightning-fast performance with security processors optimized for speed
- Gain a deeper level of threat prevention through Real-Time Deep Memory Inspection (RTDMI™)
- Leverage shared threat intelligence for continuously updated security
- Rely on a wide range of rich features in SonicWall’s powerful SonicOS operating system
Superior Performance
- Leverage multi-core, parallel-processing hardware architecture
- Achieve fast performance using gigabit and multi-gigabit Ethernet interfaces
- Take advantage of single-pass, stream-based inspection
- Inspect simultaneous network streams using deep packet inspection
Network Control and Flexibility
- Get your firewall up and running quickly with Zero-Touch Deployment
- Grow your distributed network while lowering costs with Secure SD-WAN
- Power your PoE-enabled devices with integrated PoE/PoE+ support
- Gain insight into and control over application usage across the network
Secure, Easy-to-Use Mobile Connectivity
- Access resources behind the firewall remotely and securely using native 802.11ac wireless SSL VPN
- Connect from virtually any operating system
- Detect and remove hidden threats over the VPN connection
Compare Models
| Firewall General | TZ280 SERIES | TZ380 SERIES | TZ480 SERIES | TZ580 SERIES | TZ680 SERIES |
|---|---|---|---|---|---|
| Operating system | SonicOS 8 | ||||
| Interfaces | 8 * 1GbE Cu, 2*1G SFP, 1 console (Micro-USB), 1 USB (type-C) | 8 * 1GbE Cu, 2*5G/2.5G/1G SFP+, 1 console (Micro-USB), 1 USB (type-C) | 8 * 1GbE Cu, 2*5G/2.5G/1G SFP+, 1 console (MicroUSB), 1 USB (type-C) | 8 * 1GbE Cu, 2*5G/2.5G/1G SFP+, 1 console (Micro-USB), 1 USB (type-C) | 8 * 1GbE Cu, 2*10G SFP, 1 console (Micro-USB), 1 USB (type-C) |
| Wireless support | N/A | 2x2 802.11ax (TZ380W) |
N/A | N/A | N/A |
| Storage /(expansion) | (Optional: Up to 512 Gb) | (Optional: Up to 512 Gb) | (Optional: Up to 512 Gb) | (Optional: Up to 512 Gb) | (Optional: Up to 512 Gb) |
| Centralized Management | Network Security Manager (NSM) 3.0 and above, CLI, SSH, Web UI, REST APIs | ||||
| Logical VLAN and tunnel interfaces (maximum) | 64 | 128 | 128 | 256 | 256 |
| SAML Single Sign-On (SSO) Users1 | 1000 | 1000 | 2500 | 2500 | 2500 |
| Access points supported (maximum) | 16 | 16 | 32 | 32 | 32 |
| Firewall/VPN Performance | |||||
| Firewall inspection throughput2 | 2.5 Gbps | 3.5 Gbps | 4 Gbps | 4.5 Gbps | 5 Gbps |
| Threat prevention throughput3 | 1 Gbps | 1.5 Gbps | 2 Gbps | 2.2 Gbps | 2.5 Gbps |
| Application inspection throughput3 | 1.5 Gbps | 2.0 Gbps | 2.2 Gbps | 2.5 Gbps | 3 Gbps |
| IPS throughput3 | 1.5 Gbps | 2.0 Gbps | 2.2 Gbps | 2.5 Gbps | 3 Gbps |
| Anti-malware inspection throughput3 | 1 Gbps | 2.0 Gbps | 2 Gbps | 2.2 Gbps | 2.5 Gbps |
| TLS/SSL inspection and decryption throughput3 | 430 Mbps | 600 Mbps | 650 Mbps | 750 Mbps | 800 Mbps |
| IPSec VPN throughput4 | 1.2 Gbps | 1.6 Gbps | 2 Gbps | 2.2 Gbps | 2.5 Gbps |
| Connections per second | 12,000 | 15,000 | 18,000 | 20,000 | 26,000 |
| Maximum connections (SPI) | 1,000,000 | 1,100,000 | 1,200,000 | 1,400,000 | 1,600,000 |
| Maximum connections (DPI) | 200,000 | 250,000 | 350,000 | 500,000 | 600,000 |
| Maximum connections (TLS) | 35,000 | 40,000 | 50,000 | 60,000 | 75,000 |
| VPN and ZTNA | |||||
| Site-to-site VPN tunnels | 200 | 200 | 200 | 250 | 250 |
| IPSec VPN clients (maximum) | 5 (200) | 5 (200) | 5 (200) | 10 (500) | 10 (500) |
| SSL VPN licenses (maximum) | 1 (50) | 2 (100) | 2 (150) | 2 (200) | 2 (250) |
| Encryption/authentication | DES, 3DES, AES (128, 192, 256-bit)/MD5, SHA-256, SHA-384, Suite B Cryptography | ||||
| Key exchange | Diffie Hellman Groups 1, 2, 5, 14v | ||||
| Route-based VPN | RIP, OSPF, BGP | ||||
| Certificate support | Verisign, Thawte, Cybertrust, RSA Keon, Entrust and Microsoft CA for SonicWall-to- SonicWall VPN, SCEP | ||||
| VPN features | Dead Peer Detection, DHCP Over VPN, IPSec NAT Traversal, Redundant VPN Gateway, Route-based VPN | ||||
| Global VPN client platforms supported | Microsoft® Windows 10 and Windows 11 | ||||
| NetExtender | Microsoft® Windows 10 and Windows 11, Linux | ||||
| Mobile Connect | Apple® iOS, Mac OS X, Google® Android™ | ||||
| SonicWall Private Access powered by Cloud Secure Edge5 | Included in 3&Free Loyalty Program | ||||
| Security Services | |||||
| Deep Packet Inspection services | Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, TLS Decryption | ||||
| Content Filtering Service (CFS) | Reputation-based URL filtering, HTTP URL, HTTPS IP, keyword and content scanning, Comprehensive filtering based on file types such as ActiveX, Java, Cookies for privacy, allow/forbid lists | ||||
| Comprehensive Anti-Spam Service | Yes | ||||
| Application Visualization | Yes | ||||
| Application Control | Yes | ||||
| Capture Advanced Threat Protection | Yes | ||||
| Advanced DNS Filtering | Yes | ||||
| Networking | |||||
| IP address assignment | Static (DHCP, PPPoE, L2TP and PPTP client), Internal DHCP server, DHCP relay | ||||
| NAT modes | 1:1, 1:many, many:1, many:many, flexible NAT (overlapping IPs), PAT, transparent mode | ||||
| Routing protocols4 | BGP, OSPF, RIPv1/v2, static routes, policy-based routing | ||||
| QoS | Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP marking, 802.1e (WMM) | ||||
| Authentication | LDAP (multiple domains), XAUTH/RADIUS,TACACS+, SAML SSO1, Radius accounting NTLM, internal user database, 2FA, Terminal Services, Citrix, Common Access Card (CAC) | ||||
| Local user database | 1000 | ||||
| VoIP | Full H3230v1.5 SIP | ||||
| Standards | TCP/IP, UDP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP, PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3 | ||||
| Certifications | IPv6 | ||||
| High availability | Active/Standby with stateful synchronization | ||||
| Hardware | |||||
| Form factor | Desktop4 | ||||
| Power supply | 12V/1.03A | 12V/1.14A (TZ380) 12V/1.45A (TZ380W) |
12V/1.13A | 12V/1.34A | 12V/1.34A |
| Maximum power consumption (W) | 12.36 | 13.77 (TZ380) 17.4 (TZ380W) |
13.77 | 15.6 | 16.99 |
| Input power | 100-240 VAC, 50-60Hz, 0.27A |
100-240 VAC, 50-60Hz, 0.27A |
100-240 VAC, 50-60Hz, 0.27A |
100-240 VAC, 50-60Hz, 0.29A |
100-240 VAC, 50-60Hz, 0.27A |
| Redundant power supply | 1 (Optional) | 1 (Optional) | 1 (Optional) | 1 (Optional) | 1 (Optional) |
| Total heat dissipation (BTU) | 42.43 | 46.95 (TZ380) 59.33 (TZ380W) |
42.43 | 56.74 | 57.93 |
| Dimensions (Unit: cm) | 3.5x13x19 Shipping: 7.2x22.8x23 |
3.5x13x19 Shipping: 7.2x22.8x23 |
3.5x13x19 Shipping: 7.2x22.8x23 |
3.5x13x19 Shipping: 7.2x22.8x23 |
3.5x13x19 Shipping: 7.2x22.8x23 |
| Weight | 0.82 Kg | 0.82 Kg (TZ380) 0.85 Kg (TZ380W) |
0.82 Kg | 0.97 Kg | 0.97 Kg |
| WEEE weight | 1.18 Kg | 1.18 Kg (TZ380) 1.24 Kg (TZ380W) |
1.18 Kg | 1.42 Kg | 1.42 Kg |
| Shipping weight | 1.41 Kg | 1.41 Kg (TZ380) 1.47 Kg (TZ380W) |
1.41 Kg | 1.93 Kg | 1.93 Kg |
| MTBF @25oC in years | 51.7 | 46.4 (TZ380) 24.9 (TZ380W) |
52.8 | 30.7 | 29.9 |
| Environment (Operating/Storage) | 0°C to +40°C / -40°C to +70°C | ||||
| Humidity | 5-95% non-condensing | ||||
| Regulatory | |||||
| Regulatory model numbers | APL70-11D | APL72-120 (TZ380) APL72-121 (TZ380W) |
APL72-120 | APL72-120 | APL72-120 |
| Major regulatory compliance | FCC Class B, ICES Class B, CE (EMC, LVD, RoHS), UL, cUL, Mexico DGN Notice by UL, ANATEL, WEEE, REACH, SCIP, RCM, MIC Terminal, VCCI Class B, KCC/MSIP, BSMI, MTCTE/TEC, CB | FCC Class B, ICES Class B, CE (EMC, LVD, RoHS), UL, cUL, Mexico DGN Notice by UL, ANATEL, WEEE, REACH, SCIP, RCM, MIC Terminal, VCCI Class B, KCC/MSIP, BSMI, MTCTE/TEC, CB | FCC Class B, ICES Class B, CE (EMC, LVD, RoHS), UL, cUL, Mexico DGN Notice by UL, ANATEL, WEEE, REACH, SCIP, RCM, MIC Terminal, VCCI Class B, KCC/MSIP, BSMI, MTCTE/TEC, CB | FCC Class B, ICES Class B, CE (EMC, LVD, RoHS), UL, cUL, Mexico DGN Notice by UL, ANATEL, WEEE, REACH, SCIP, RCM, MIC Terminal, VCCI Class B, KCC/MSIP, BSMI, MTCTE/TEC, CB | FCC Class B, ICES Class B, CE (EMC, LVD, RoHS), UL, cUL, Mexico DGN Notice by UL, ANATEL, WEEE, REACH, SCIP, RCM, MIC Terminal, VCCI Class B, KCC/MSIP, BSMI, MTCTE/TEC, CB |
| Major regulatory compliance (wireless models) | N/A | FCC Class B, ICES Class B, CE (EMC, LVD, RoHS), UL, cUL, Mexico DGN Notice by UL, ANATEL, WEEE, REACH, SCIP, RCM, MIC Terminal, VCCI Class B, KCC/MSIP, BSMI, MTCTE/TEC, CB | N/A | N/A | N/A |
| Major regulatory compliance (PoE models) | N/A | N/A | N/A | N/A | N/A |
| Integrated Wireless (TZ380W ONLY) | |||||
| Standards | 802.11a/b/g/n/ac/ax WPA,WPA2, WPA3, 802.11i, EAP-PEAP, EAP-TTLS | ||||
| Frequency bands | 802.11a: 5.180-5.825 GHz; 802.11b/g: 2.412-2.472 GHz; 802.11n: 2.412-2.472 GHz, 5.180-5.825 GHz; 802.11ac: 5.180-5.825 GHz | ||||
| Operating channels | 802.11a: US and Canada 12, Europe 11, Japan 4, Singapore4, Taiwan 4; 802.11b/g: US and Canada 1-11, Europe 1-13, Japan (14-802.11b only); 802.11n (2.4 GHz): US and Canada 1-11, Europe 1-13, Japan 1-13; 802.11n (5 GHz): US and Canada 36-48/149-165, Europe 36-48, Japan 36-48, Spain 36-48/52-64; 802.11ac: US and Canada 36-48/149-165, Europe 36-48, Japan 36-48, Spain 36-48/52-64 | ||||
| Transmit output power | Based on the regulatory domain specified by the system administrator | ||||
| Transmit power control | Yes | ||||
| Data rates supported | 802.11a: 6,9,12,18,24,36,48,54 Mbps per channel; 802.11b: 1,2,5.5,11 Mbps per channel ; 802.11g: 6,9,12,18,24,36,48,54 Mbps per channel; 802.11n: 15,30,45,60,90,120,135,150,30,60,90,120,180,240,270, 300Mbps per channel; 802.11ac: 32.5,65,97.5,130,195,260,292.5,325,390,433.3,65,130,195,260,390,520, 585,650,780,866.6Mbps per channel; 802.11ax: 36,72,106,144,216,288,324,360,432,480,540,600,72,144, 216,288,432,576,648,720,864,960,1201 Mbps per channel | ||||
| Modulation technology spectrum | 802.11a: Orthogonal Frequency Division Multiplexing (OFDM)/64QAM; 802.11b:Direct Sequence Spread Spectrum (DSSS); 802.11g:Orthogonal Frequency Division Multiplexing (OFDM)/64QAM/Direct Sequence Spread Spectrum (DSSS); 802.11n:Orthogonal Frequency Division Multiplexing (OFDM)/64QAM; 802.11AC:Orthogonal Frequency Division Multiplexing (OFDM)/256QAM; 802.11ax: Orthogonal Frequency Division Multiplexing Access(OFDMA)/1024QAM | ||||
Note:
1 SAML Single Sign-On is available with the upcoming SonicOS 8.1, releasing soon
2 Testing Methodologies: Maximum performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services.
3 Threat Prevention/Gateway AV/Anti-Spyware/IPS throughput measured using industry standard Keysight HTTP performance test tools. Testing throughput measured with Gateway AV, Anti-Spyware, IPS and Application Control enabled
4 VPN throughput measured with UDP traffic using 1418 byte packet size AESGMAC16-256 Encryption adhering to RFC 2544. All specifications, features, and availabilities are subject to change.
5 Included with 3-year bundle