IT Central Station is now PeerSpot: Here's why

Palo Alto Networks VM-Series vs SonicWall NSa comparison

Cancel
You must select at least 2 products to compare!
Featured Review
Buyer's Guide
Palo Alto Networks VM-Series vs. SonicWall NSa
May 2022
Find out what your peers are saying about Palo Alto Networks VM-Series vs. SonicWall NSa and other solutions. Updated: May 2022.
609,272 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"I like the firewall features, Snort, and the Intrusion Prevention System (IPS).""The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable.""With Cisco, there are a lot of features such as the network map. Cisco builds the whole network map of the machines you have behind your firewall and gives you insight into the vulnerabilities and attributes that the host has. Checkpoint and Fortinet don't have that functionality directly on the firewall.""You do not have to do everything through a command line which makes it a lot easier to apply rules.""Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity.""Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports.""The most valuable features of this solution are advanced malware protection, IPS, and IDS.""It's got the capabilities of amassing a lot of throughput with remote access and VPNs."

More Cisco Firepower NGFW Firewall Pros →

"The most valuable features are the User ID, URL filtering, and application filtering.""The Palo Alto VM-Series is nice because I can move the firewalls easily.""Palo Alto’s Panorama centralized management system simplifies our security posture based on our requirements. Instead of manually pulling logs, then generating them into readable formats, it gives us the console in a readable format to view.""The most valuable feature is that you can launch it in a very short time. You don't have to wait for the hardware to arrive and get it staged and installed. From that perspective, it is easy to launch. It is also scalable.""It has excellent scalability.""The VM series has an advantage over the physical version because we are able to change the sources that the machine has, such as the amount of available RAM.""In Palo Alto the most important feature is the App-ID.""The feature that I have found the most useful is that it meets all our requirements technically."

More Palo Alto Networks VM-Series Pros →

"It is able to fulfill my requirements. It protects our network environment. It has control over IPS, signatures, and it can also manage bandwidth and mapping. It is also stable and has good support.""The most valuable aspect of the solution is its ability to work like any other firewall.""The filtering is excellent.""This product has kept us safe and we haven't had any breaches.""I like the solution's configuration, interfaces, and user guides.""It's very flexible and meets our customer's needs.""SonicWall's sales support is much better than other vendors'.""The functionality is the same whether it is on hardware or a virtual appliance. The interface is the same. It's nice that it's standardized."

More SonicWall NSa Pros →

Cons
"Cisco Firepower is not completely integrated with Active Directory. We are trying to use Active Directory to restrict users by using some security groups that are not integrated within the Cisco Firepower module. This is the main issue that we are facing.""Cisco Firepower NGFW Firewall can be more secure.""When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance.""The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore.""They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me.""One issue with Firepower Management Center is deployment time. It takes seven to 10 minutes and that's a long time for deployment. In that amount of time, management or someone else can ask me to change something or to provide permissions, but during that time, doing so is not possible. It's a drawback with Cisco. Other vendors, like Palo Alto or Fortinet do not have this deployment time issue.""One of my colleagues is using the firewall as an IPS, but he is worried about Firepower's performance... With the 10 Gb devices, when it gets to 5 Gbps, the CPU usage goes up a lot and he cannot manage the IPS.""Web filtering needs improvement because sometimes the URL is miscategorized."

More Cisco Firepower NGFW Firewall Cons →

"They made only a halfhearted attempt to put in DLP (Data Loss Prevention).""The one issue that I didn't like is that the SNMP integration with interfaces didn't record the interface counters.""Its web interface is a bit outdated, and it needs to be updated. They can also improve the NAT functionality. We have had issues with the NAT setup.""The disadvantage with Palo Alto is that they don't have a cloud-based solution that includes a secure web gateway.""It would be helpful if we had a direct number for the support manager or the supporting engineer. That would be better than having to email every time because there would be less wait.""At the beginning of the implementation, we had some difficulties with the scripts, but Palo Alto Networks support together with a local partner finally fixed it.""It'll help if Palo Alto Networks provided better documentation.""The implementation should be simplified."

More Palo Alto Networks VM-Series Cons →

"They should consider upgrading the capabilities within the GUI.""The pricing for this product in India is high and the fees should be reduced.""The scalability is something that should be improved.""Initially, it may be difficult for some people to learn and become acquainted with it.""Needs a more detailed reporting feature.""There are a few areas that need improvement including the VPN, user management, and reporting.""The dynamics needs to be improved. The solution is not very compatible compared to the market products.""Competitors provide SSL encryption licenses for free, whereas SonicWall only provides two licenses by default, but you have to pay for the rest of the licenses."

More SonicWall NSa Cons →

Pricing and Cost Advice
  • "Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
  • "This product requires licenses for advanced features including Snort, IPS, and malware detection."
  • "This product is expensive."
  • "For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
  • "The price of Firepower is not bad compared to other products."
  • "The solution was chosen because of its price compared to other similar solutions."
  • "The price is comparable."
  • "It definitely competes with the other vendors in the market."
  • More Cisco Firepower NGFW Firewall Pricing and Cost Advice →

  • "Palo Alto can be as much as two times the price of competing products that have twice the capabilities."
  • "The cost of this product varies from customer to customer and the relationship with IBM, including how many offerings from IBM are already being used."
  • "Because I work for a university and the URL is for the institution, it's a free license for us."
  • "It is not the cheapest on the market. The total cost for two firewall instances is $75,000. This includes licenses, deployment fees, and support for two years."
  • "The VM series is licensed annually."
  • "Palo Alto definitely needs to be more competitive compared to other products. The problem that I have faced is that the price of licensing is very high and not very competitive."
  • "Initially, pricing was high. Later on, we were able to negotiate the pricing and get something that fits our budget."
  • More Palo Alto Networks VM-Series Pricing and Cost Advice →

  • "If you want to connect more than five concurrent users by VPN then you have to pay an additional fee."
  • "SonicWall is a one-time purchase and there is no renewal license."
  • "The pricing and value are good."
  • "The pricing is good and we are satisfied with the cost of this solution."
  • "SonicWall is not an expensive solution."
  • "The price is reasonable for what it does."
  • "When implemented properly, the total cost of operation is very low."
  • "Licensing fees are paid on a yearly basis, and we are happy with the pricing."
  • More SonicWall NSa Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    609,272 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and… more »
    Top Answer: The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer:Both products are very stable and easily scalable. The setup of Azure Firewall is easy and very user-friendly and the… more »
    Top Answer:Palo Alto’s Panorama centralized management system simplifies our security posture based on our requirements. Instead of… more »
    Top Answer:Initially, pricing was high. Later on, we were able to negotiate the pricing and get something that fits our budget. The… more »
    Top Answer:SonicWall NSa's most valuable features are the ease of configuration and the GUI.
    Top Answer:You don't need to pay an annual fee, but any cost matters to the customer. Let's say SonicWall is giving me a firewall… more »
    Top Answer:An area for improvement would be SonicWall NSa's integration with antiviruses. In the next release, SonicWall should… more »
    Comparisons
    Also Known As
    Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
    NSA 250M, NSA 2600, NSA 3600, NSA 4600, NSA 5600, Dell SonicWALL NSA
    Learn More
    Overview

    Cisco Firepower Next-Generation Firewall (NGFW) is a firewall that provides capabilities beyond those of a standard firewall and delivers comprehensive, unified policy management of firewall functions, application control, threat prevention, and advanced malware protection from the network to the endpoint.

    Cisco NGFW Firewalls include advanced threat defense capabilities to meet diverse needs, from small offices to high-performance data centers and service providers, and are deployed in leading private and public clouds. Available in a wide range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Cisco NGFW firewalls are also available with clustering for increased performance, high availability configurations, and more.

    Key Features of Cisco NGFW Firewalls

    • Breach prevention and advanced security: Prevent attacks before they get inside. Cisco provides its firewalls with the latest intelligence to stop emerging threats and employs filtering to enforce policies on hundreds of millions of URLs. Cisco NGFW offers built-in sandboxing and advanced malware protection that continuously analyzes file behavior to quickly detect and eliminate threats.

    • Comprehensive network visibility: Constantly monitor your network so you can rapidly spot and stop bad behavior. Cisco NGFW provides a holistic view of all activity and provides a clear picture of threat activity across users, hosts, networks, and devices, as well as information on threats and website, application, and VM activities.

    • Flexible management and deployment options: Centrally deploy, customize, and manage all your appliances.

    • Fast detection: Detect threats in seconds and detect the presence of a successful breach within hours or minutes. Cisco NGFW allows you to deploy consistent policy that's easy to maintain, with automatic enforcement across all the different parts of your organization.

    • Automation and product integrations: Seamlessly integrate with Cisco tools and automatically share threat information, event data, policy, and contextual information with email, web, endpoint, and network security tools. Cisco NGFW automates security tasks like impact assessment, policy management and tuning, and user identification.

    Reviews from Real Users

    Cisco NGFW stands out among its competitors for a number of reasons. Two major ones are its extensive discovery abilities that enable you to constantly see what is happening on your network and take action when necessary, and the high level of protection it provides.

    Mike B., a director of IT security at a wellness & fitness company, writes, "It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."

    Zhulien K., the lead network security engineer at TechnoCore LTD, notes, " The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy. Again, with that being said, I cannot shy away from giving kudos to all of the other features such as AVC (Application Visibility and Control), SSL Decryption, Identity policy, Correlation policy, REST API, and more. All of the features that are incorporated in the Cisco Firepower NGFW are awesome and easy to configure if you know what you are doing. Things almost always work, unless you hit a bug, which is fixed with a simple software update. "

    The VM-Series is a virtualized form factor of our next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware, Amazon Web Services, Microsoft, Citrix and KVM.

    The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core elements of your business can then be used as integral components of your security policy, enabling you to improve your security efficacy through a positive control model and reduce your incident response time though complete visibility into applications across all ports.

    In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, protecting your workloads with application enablement and threat prevention policies.

    SonicWall NSa dispenses advanced threat protection using a high-performance security platform. The NSa series implements intuitive deep learning technologies in the SonicWall Capture Cloud Platform to dispatch the automated real-time threat detection and deterrence enterprise organizations need today. SonicWall Network Security appliance (NSa) series is best for mid-sized organizations to distributed enterprises and data centers.

    SonicWall NSa series next-generation firewalls (NFGWS) combine two very robust security ideologies to deliver advanced threat protection to keep users’ networks safe. Boosting SonicWall’s multi-engine advanced threat protection (ATP) is their Real-time Deep Memory Inspection (RTDMI™). The RTDMI intuitively identifies and stops aggressive zero-day threats and vicious malware by investigating memory directly. This real-time process allows SonicWall RTDMI to be accurate, lessen false positives and discover and alleviate malicious threats and attacks. SonicWall’s single-pass Reassembly-Free Deep Packet Inspection (RFDPI) will audit every byte of each and every packet by investigating both outbound and inbound traffic on the firewall. By combining the SonicWall Capture Cloud Platform along with on-box offerings such as intrusion prevention, web/URL filtering, and anti-malware, the NSa series is able to block the most malicious and dangerous threats at the gateway.

    Additionally, SonicWall firewalls supply absolute protection by executing complete inspection and decryption of SSH and TLS/SSL encryption connections - no matter the port or protocol. The firewall takes a deep dive into each and every packet (the header and data) routing out any anomalies, zero-day intrusions, threats, and protocol non-compliance. Users can also define unique criteria specific to their organization to ensure their networks remain safe. This aggressive deep packet inspection is able to identify and block malicious attacks, stop dangerous malware downloads, prevent the spread of infections, and defeat command and control (C&C) communications and data exfiltration. Protocols involving inclusion and exclusion allow users complete control to decide, based on specific governance policies, organizational policies, or government or legal compliance, which traffic is to be investigated for decryption or inspection.

    SonicWall Nsa offers enterprise organizations the network control and fluid flexibility they desire using an intrusion prevention system (IPS), VPN, real-time visualization, and other advanced powerful security features, making it a popular firewall solution in today's marketplace.

    Reviews from Real Users

    “The features that I have found most valuable are the firewalling, which is very good, and the GUI which is very intuitive. It is easy to use and provides great security.” - Network Engineer at a maritime company

    “What's valuable in SonicWall NSa is the ATP (advanced threat protection). It can protect users from malicious links. SonicWall NSa also has a Sandboxing service that is very helpful for us, especially when end users accidentally click on malicious links. Another valuable feature of this solution is that it is very useful for site-to-site VPN connectivity issues. SonicWall NSa has very good hardware. I also love that SonicWall has very good technical support, who are very knowledgeable, provide good suggestions, and they're easy to reach.” - Mohammed M., Network Administrator at Transgulf Readymix

    Offer
    Learn more about Cisco Firepower NGFW Firewall
    Learn more about Palo Alto Networks VM-Series
    Learn more about SonicWall NSa
    Sample Customers
    Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
    Warren Rogers Associates
    Orange County Rescue Mission, First Source, Michaels & Taylor, Green Clinic Health System, Aspire Chiltern Skills and Enterprise Centre, UnitedStack, Faith Lutheran College Redlands, Celtic Manor Resort, Star Kay White, Air Works, Unimat Life, NHS Yorkshire and Humber Commissioning Support (YHCS), Hutt City Council, Mato Grosso do Sul, Nspyre
    Top Industries
    REVIEWERS
    Comms Service Provider19%
    Financial Services Firm17%
    Government13%
    Manufacturing Company6%
    VISITORS READING REVIEWS
    Comms Service Provider28%
    Computer Software Company21%
    Government7%
    Manufacturing Company4%
    REVIEWERS
    Financial Services Firm23%
    Government15%
    Manufacturing Company15%
    Healthcare Company8%
    VISITORS READING REVIEWS
    Computer Software Company28%
    Comms Service Provider16%
    Financial Services Firm6%
    Government5%
    REVIEWERS
    Manufacturing Company20%
    Educational Organization11%
    Construction Company11%
    Healthcare Company9%
    VISITORS READING REVIEWS
    Comms Service Provider24%
    Computer Software Company20%
    Government6%
    Educational Organization5%
    Company Size
    REVIEWERS
    Small Business40%
    Midsize Enterprise26%
    Large Enterprise34%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise20%
    Large Enterprise55%
    REVIEWERS
    Small Business36%
    Midsize Enterprise30%
    Large Enterprise33%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise17%
    Large Enterprise62%
    REVIEWERS
    Small Business61%
    Midsize Enterprise17%
    Large Enterprise22%
    VISITORS READING REVIEWS
    Small Business39%
    Midsize Enterprise19%
    Large Enterprise42%
    Buyer's Guide
    Palo Alto Networks VM-Series vs. SonicWall NSa
    May 2022
    Find out what your peers are saying about Palo Alto Networks VM-Series vs. SonicWall NSa and other solutions. Updated: May 2022.
    609,272 professionals have used our research since 2012.

    Palo Alto Networks VM-Series is ranked 10th in Firewalls with 14 reviews while SonicWall NSa is ranked 15th in Firewalls with 43 reviews. Palo Alto Networks VM-Series is rated 8.4, while SonicWall NSa is rated 7.8. The top reviewer of Palo Alto Networks VM-Series writes "An excellent solution for the right situations and businesses". On the other hand, the top reviewer of SonicWall NSa writes "Easy to scale advanced threat protection solution with knowledgeable technical support, but has occasional bugs". Palo Alto Networks VM-Series is most compared with Azure Firewall, Cisco ASA Firewall, Fortinet FortiGate, Juniper SRX and Check Point NGFW, whereas SonicWall NSa is most compared with Fortinet FortiGate, Meraki MX, SonicWall TZ, Sophos XG and pfSense. See our Palo Alto Networks VM-Series vs. SonicWall NSa report.

    See our list of best Firewalls vendors.

    We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.