Communication-STEM Ltd

NSv Series Virtual Firewall

The SonicWall NSv Series virtual firewall offers you all the security advantages of a physical firewall with the benefits of virtualization. NSv shields all critical components of your private/public cloud environments from resource misuse attacks, cross-virtual-machine attacks, side-channel attacks and common network-based exploits and threats.

Features

• Next-gen firewall with automated real-time breach detection and prevention capabilities
• Patent pending real-time deep memory inspection (RTDMI) technology
• Patented reassembly free deep packet inspection (RFDPI) technology
• Complete end-to-end visibility and streamlined management with unified policy
• Application intelligence and control
• Segmentation security and security zoning
• Supports private cloud ESXi, Hyper-V, KVM and Nutanix platforms
• Supports public cloud AWS and Azure platforms

Benefits

• Detection and prevention of malware
• Detection and prevention of zero-day threats and ransomware
• Analyses traffic in real-time without added latency or size limit
• Unified policy can be created and pushed to multiple firewalls
• Application level visibility and control
• Control and secure traffic between different VLANs/Segments

£1,606.61 a device a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrea.le.velle@c-stem.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

542858449134866

Contact

Andrea le Velle
0345 241 0000
andrea.le.velle@c-stem.co.uk

Service scope

• Service constraints: No
• System requirements:
  • Private cloud requires ESXi, Hyper-V, KVM or Nutanix
  • Public cloud requires AWS, Azure or C-STEM's cloud hosting
  • Minimum resource requirements described in documentation

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Depends on the severity of the case; with an additional support contract you can prioritise a specific case.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: SonicWall Manufacturer Support delivers decades of expertise, through multiple support options:; ; Premier Service - Dedicated service account management, pin-activated emergency phone support for critical issues, serviced by SonicWall approved subject matter experts, monthly newsletter & reporting. ; ; Online Self-Service - Online collaboration forums, interactive knowledge base, technical documentation, how-to video libraries. ; ; Professional Services - Remote installation assistance. Project-based deployment & project management services. ; Health check services - Remote & onsite technical assistance. ; ; Standard Service - Break fix support for Q&A. Follow-the-sun support, globally serviced.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: C-STEM will put together an implementation team to assist the customer with the initial setup and handover to service. In addition SonicWall online provides many resources that will be available to the buyer including knowledge base articles and SonicWall University along with technical documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Configuration can be exported. Virtual appliance can be wiped clean if desired.
• End-of-contract process: Security services and support functions cease to be updated.

Using the service

• Web browser interface: Yes
• Using the web interface: The primary method of configuration and control is through the web interface. Through the web interface, all features can be configured and controlled using a point and click GUI.
• Web interface accessibility standard: WCAG 2.1 A
• Web interface accessibility testing: Sonicwall have commissioned a report in 2022 to evaluate the accessibility of the web interface.
• API: Yes
• What users can and can't do using the API: There is a fully restful API available for the SonicWall NSv. It allows commands to be sent to configure the appliance (all web UI configuration is supported in the API). The API also allows for information to be retrieved from the appliance - such as status of a policy, if a rule has been consumed, event details etc.
• API automation tools:
  • Ansible
  • Terraform
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
  • Other
• Using the command line interface: The SonicWall® Enterprise Command Line Interface (E-CLI) provides a concise and powerful way to configure SonicWall network security appliances without using the SonicOS web-based management user; interface (UI).; You can use the CLI commands individually on the command line, or in scripts for automating configuration tasks. In addition, with SonicWall E-CLI, you can copy the output of a show command and post it back as a CLI command at the prompt. This feature gives the interface even greater speed and flexibility. All settings can be configured with the CLI. CLI access is available using SSH.

Scaling

• Scaling available: No
• Independence of resources: There is no users number limit, it depends on the traffic size and number of connections, the client can scale up and select the higher models if more resources are required.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
  • Network
  • Other
• Other metrics:
  • Active users
  • Active licensing
  • Top threats
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: SonicWall

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Never
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up: Full firewall configuration can be backed up
• Backup controls: A scheduled cloud backup can be created. These cloud backups are stored securely on the MySonicWall.com account that the firewall is registered too.
• Datacentre setup: Multiple datacentres
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: See our cloud hosting offering for SLA to host the virtual firewall on our platform. If used with customer's public/private cloud then the SLA of that provider will apply.
• Approach to resilience: The firewall can be configured with two appliances in a HA pair.
• Outage reporting: There is an email alerting settings in the NSv also If you are optionally using Network Security manager email alerting is provided if the Virtual appliance goes offline. Also your Platform of choice, such as Microsoft Azure, will offer alerting.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: The management interface can be restricted by only giving access to specified accounts of your choosing. Further more access can be limited by public IP to your chosen address. For access to support channels this would be achieved via mysonicwall.com. An account is needed in order to register the device. Mysonicwall.com requires a username and password as well as optional MFA.
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • FIPS 140-2
  • Common Criteria
  • DoDIN APL
  • CSfC
  • USGv6
  • NDAA section 889 compliance
  • TAA Compliance

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: No
• Security governance approach: The SonicWall Product Security Incident Response Team (PSIRT) is responsible for managing SonicWall security incidents (receipt, investigation, and public reporting of information about security vulnerabilities and issues related to SonicWall products or a third-party software component that is used in a SonicWall product).
• Information security policies and processes: The SonicWall Product Security Incident Response Team (PSIRT) is responsible for managing SonicWall security incidents (receipt, investigation, and public reporting of information about security vulnerabilities and issues related to SonicWall products or a third-party software component that is used in a SonicWall product).; ; SonicWall is currently active member of Mitre and FIRST. They follow ISO/IEC 29147:2014(E) – Information technology — Security techniques — Vulnerability disclosure for handling vulnerabilities.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Customer change requests are raised on our ticketing platform. Configuration changes will not be made to firewall policies by C-STEM without authorisation from the customer either as part of an incident, formal change request or project.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The SonicWall Product Security Incident Response Team (PSIRT) is responsible for managing SonicWall security incidents (receipt, investigation, and public reporting of information about security vulnerabilities and issues related to SonicWall products or a third-party software component that is used in a SonicWall product).
• Protective monitoring type: Undisclosed
• Protective monitoring approach: The SonicWall Product Security Incident Response Team (PSIRT) is responsible for managing SonicWall security incidents. The software is audited for potential vulnerabilities, additionally anyone can report an actual or suspected vulnerability. The vulnerability will be assigned a CVSS score. For any score greater than 4, a security advisory will be released alongside a fix for all non-EOL images. The time to provide a fix depends on the severity of the vulnerability and the availability of exploits for the vulnerability.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The approach follows ISO/IEC 29147:2014(E).

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Customer defined
• How shared infrastructure is kept separate: Logins to firewall and management platform are buyer specific and grant access to only the buyer's resources.

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Our employees are our most valuable resource and are a key factor in the delivery of services to our clients. We recognise that it is the calibre of the people that make up our teams that differentiates us from our competitors. As such, we work hard to recruit, develop and retain the best talent in the industry. As part of their personal development, each of our employees is given a clear route for progression, including technical and professional training. Further to this, it is crucial that all employees maintain a high level of safety and technical expertise, therefore regular training and advice is made available. We provide our employees with training to ensure they are aware of the company's legal obligations, policies and internal procedures relating to the provision of Equality and Diversity. This understanding of their obligations allows them to interact with their colleagues fairly and equally in all areas of their employment. Annual appraisals are conducted with all employees, allowing quality one-to-one time with their manager to discuss their performance, establish new objectives and determine the employee's individual training and development needs that are required to assist in achieving their goals.

Pricing

• Price: £1,606.61 a device a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Full features available for 14 day trial.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrea.le.velle@c-stem.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.