SonicWall TZ670 Network Security/Firewall Appliance

The SonicWall TZ670 is a desktop-form-factor next-generation firewall (NGFW) designed to deliver enterprise-grade security and high-speed connectivity for mid-sized organizations and distributed enterprises embracing Secure SD-Branch. This appliance combines a compact form factor with robust threat prevention, flexible networking, and streamlined management to protect branch offices, campuses, and remote locations without compromising performance. With 10 Gigabit Ethernet interfaces, the TZ670 enables fast, secure access to cloud services, data centers, and widely distributed networks, while its integrated security services provide real-time protection against evolving threats. Businesses choosing the TZ670 benefit from a scalable, easy-to-deploy firewall that harmonizes advanced security with an affordable price-performance ratio, helping to simplify security operations across multiple sites while maintaining a strong security posture.

• The TZ670 delivers powerful next-generation firewall protection in a desktop form factor, built to handle contemporary workloads and high-speed traffic. It combines advanced threat prevention with hardware-accelerated processing to minimize latency, enabling secure WAN edges and SD-Branch deployments without sacrificing performance or user experience. This enables organizations to enforce granular policies, inspect encrypted traffic, and apply application-aware controls across distributed sites while maintaining smooth, reliable connectivity for employees, partners, and customers.
• Designed for mid-sized organizations and distributed enterprises, the TZ670 supports Secure SD-Branch concepts by unifying network security, WAN connectivity, and branch management in a single device. Its architecture makes it ideal for branch offices, retail locations, and satellite campuses that require consistent security policies, centralized visibility, and effortless policy propagation across sites. IT teams can push updates, monitor security events, and adjust rules from a single pane of glass, reducing administrative overhead and speeding incident response.
• Industry-validated security effectiveness meets best-in-class price-performace, delivering robust protection against evolving cyber threats while remaining cost-efficient. The TZ670 combines deep packet inspection, intrusion prevention, anti-malware, and anti-spam capabilities with secure remote access and SSL/TLS inspection. Its threat intelligence and signature updates keep defenses up to date against new exploits, and its sandboxing capability provides additional protection by safely analyzing suspicious files before they reach endpoints or networks.
• Comprehensive security stack and flexible connectivity empower organizations to address complex networks. In addition to a stateful firewall and IPS, the TZ670 offers application control, URL filtering, SSL inspection, VPN (IPSec and SSL), and centralized management options. This ensures a consistent security policy across branches, reduces the risk of data exfiltration, and enables secure remote access for mobile and distributed workforces. The device also supports policy-based routing, high-availability considerations, and scalable management that grows with your network.
• Ease of deployment and ongoing management are hallmarks of the TZ670. It integrates with SonicWall management ecosystems for centralized monitoring, policy orchestration, and rapid deployment across multiple sites. The appliance supports streamlined firmware updates, policy synchronization, and cloud-assisted analytics, so administrators can quickly adapt to changing business needs while maintaining solid performance and reliable threat detection across environments.

Technical Details of SonicWall TZ670 Network Security/Firewall Appliance

• Form factor: Desktop network security appliance designed for secure edge deployments and SD-Branch integration.
• Interfaces: 10 Gigabit Ethernet interfaces for high-speed uplinks, interconnects, and robust internal networking across branches.
• Security features: Next-generation firewall with deep packet inspection, intrusion prevention system (IPS), application control, content filtering, and SSL/TLS inspection; includes Capture Advanced Threat Protection (sandboxing) for unknown-threat analysis.
• Threat prevention: Industry-standard threat prevention capabilities with real-time updates to detect and block emerging exploits, malware, and phishing attempts.
• VPN capabilities: Support for IPsec VPN and SSL VPN for secure remote access and site-to-site connectivity.
• SD-Branch readiness: Integrates with Secure SD-Branch solutions to unify network security, SD-WAN, and centralized management across distributed locations.
• Management: Compatible with SonicWall management platforms for centralized visibility, policy enforcement, and monitoring across multiple sites.
• Operating system: Runs SonicWall's security operating system with regular firmware updates to enhance features, performance, and threat protection.
• Security posture: Built to enforce granular policies, perform encrypted traffic inspection, and deliver robust protection while maintaining high usability and reliability.
• Deployment footprint: Compact desktop appliance designed for straightforward installation in branch offices, along with scalable security for growing networks.

How to install SonicWall TZ670

• Plan your deployment by outlining WAN, LAN, and management requirements, and verify that you have the required license and firmware version to support your security policies and SD-Branch integration.
• Unbox the TZ670 and physically place it in a suitable location with adequate airflow. Connect the power supply and attach the device to a stable network environment, ensuring the WAN link from your Internet provider is accessible and the LAN port connects to your internal switch or router.
• Power on the unit and connect a management computer to the dedicated management interface or a configured management network. Access the initial setup interface using the device’s default management address and credentials, following the on-screen setup wizard to establish a secure administrator account and change default passwords.
• Update firmware to the latest stable release and apply any available licenses or subscriptions required for advanced security features, threat prevention modules, and Capture ATP sandboxing. This ensures you begin with the most current protections and performance optimizations.
• Configure network interfaces, define WAN/LAN zones, and create security policies that reflect your organization’s needs. Set up VPN requirements (IPsec or SSL) for remote workers or partner networks, and establish SD-Branch settings to enable centralized policy propagation and monitoring across sites.
• Implement access controls, application rules, URL filtering, and SSL inspection policies as appropriate for your environment. Validate that traffic flows correctly, policies are enforced, and logs and alerts appear in your management console. Conduct a test with phased traffic to confirm that security rules, VPN connections, and SD-Branch integrations operate as intended.
• Perform ongoing maintenance by scheduling firmware updates, reviewing threat intelligence feeds, and adjusting policies based on security events and changing business requirements. Leverage reporting and analytics to monitor network health, user activity, and threat trends, ensuring rapid containment of incidents and optimized performance.

Frequently asked questions

• Q: What is the primary use case for the TZ670?
  A: The TZ670 is designed for mid-sized organizations and distributed enterprises that need a desktop NGFW with 10 Gigabit interfaces, SD-Branch readiness, and robust threat prevention to protect branch offices and remote sites.
• Q: Does the TZ670 support Secure SD-Branch deployments?
  A: Yes. The TZ670 is built to integrate with Secure SD-Branch ecosystems, enabling centralized policy management, unified security across sites, and simplified deployment across multiple branches.
• Q: What kind of VPN capabilities does it offer?
  A: The TZ670 supports both IPsec VPN for site-to-site connectivity and SSL VPN for secure remote access, enabling flexible connectivity options for employees and partners.
• Q: How do I manage updates and security policies?
  A: Updates and policy management are handled through SonicWall management platforms, with options for centralized administration, automated threat updates, and policy synchronization across sites.
• Q: Is SSL inspection included, and how does it impact performance?
  A: SSL/TLS inspection is part of the security stack to analyze encrypted traffic, improve threat detection, and enforce policies. Hardware acceleration and optimized processing help minimize performance impact while maintaining strong security.