I am a consultant. I work with a software dealer in the IT security business.
I deployed SonicWall for a customer just last month.
SonicWall NSa was previously known as NSA 250M, NSA 2600, NSA 3600, NSA 4600, NSA 5600, Dell SonicWALL NSA.
Download the SonicWall NSa Buyer's Guide including reviews and more. Updated: January 2022
I am a consultant. I work with a software dealer in the IT security business.
I deployed SonicWall for a customer just last month.
It's very simple to use and the support is great. I am in India and they have a support office here. As a company product, SonicWall firewalls and their support has been excellent.
It's a simple, rugged product. When I say rugged, mechanically, it's a very rugged box. The same thing applies to Sophos also, it's also a very rugged box. It's rugged technology, it can take a beating and still be operational.
One of the greatest strengths of the SonicWall system is that they have multiple portals for multiple tasks, whereas all the other solutions have no single tool for doing multiple tasks. That has been one major advantage of SonicWall. Regarding the SonicWall box, you need to be capable of taking multiple loads compared to the competition. That's a very unique feature of the SonicWall system. They also have an antivirus solution that is tied to their system which is called SentinelOne.
The support is very good. The product is also very reliable. There are always new, frequent updates — nothing more or less. It's very flexible; it's ready to go right out of the box, unlike some other solutions which require a lot of training. The GUI is very user-friendly. Even if you've never touched a firewall in your life, with a bit of time and practice, you'll get the hang of it.
In terms of improvement, they should consider changing the logic of how the rules are created. Everything is spread out into multiple pockets, so to speak; it should be more condensed. The technology is sound; I am not saying that it's brilliant, but it is very sound for most mid-range uses — it does a fantastic job.
They should consider upgrading the capabilities within the GUI. The way the GUI is configured for creating rules, I would say they should consider making that a bit more flexible. That would really help a lot.
I have used SonicWall NSA for three years.
SonicWall NSA is very stable. I ran my last box for 10 years before I switched it off. 10 years is a long time for anything. If it can run for 10 years, it's stable. It's money made twice over. It might not be technologically up to speed and it may not be upgradeable, but that's a different matter.
These boxes are well-known for the amount of mechanics and users they can handle.
The initial setup is very easy.
The basic setup takes roughly half an hour. After that, when it comes to configuring the rules and dependencies, with ideal conditions, I would say that it takes roughly a week. Overall, within two to three weeks, we were in production.
Roughly 90% (50% in the worst-case scenario) of the customer's settings are ready within a couple of days from the time the box is powered up. When you power up the box, you have to set the rules. So, I implement it, engage the rules, and then ask somebody to test some of the connections and give me some feedback. That takes a bit of time, but otherwise, it only takes a couple of days until the box is ready. If you want to push it, within a week it's possible to reach roughly 90% to 95% production — the rules and the performance have to be fine-tuned which takes a little bit of time.
I would definitely recommend SonicWall for their simplicity of use, but if you can configure SonicWall, have a look at Sophos also. Sophos has put a lot of hard work into their connections and the GUI. SonicWall's GUI is slightly lacking compared to Sophos' GUI; however, capabilities-wise, Sophos doesn't have a lead over SonicWall.
If I had to make a recommendation to a customer, I would tell them to look at both products. I would push the Sophos box because it has certain advantages, technologically, compared to SonicWall. For example, they have their own antivirus solution — the Sophos antivirus solution. It's a firewall as well and the tool will communicate with the central cloud. From the cloud instance, you can control the system.
The Sophos gateway has got allied products, like SD run connectors. You can manage the same rules between multiple firewalls because they're all connected to the same account. Overall, Sophos is superior to SonicWall.
The first requirement of a paying customer, independent of their choice of product, is to check if the technical support of the product is locally available. That's the first requirement I would give to any customer. The product may be great but if the support in your geographical region is not there, then it's not worth it.
Take Trend Micro for example. If you're a customer of Trend Micro but you're not in the immediate support region, then what happens? You will have to raise a ticket and wait, but you don't have anybody on the ground to come to your office and do an emergency scan and raise your ticket, so it's a bit of a dangerous issue. I would recommend a product that has both local technical and physical support.
On a scale from one to ten, I would give SonicWall a rating of eight.
Firewall/VPN appliance for SMB clients. Firewall provides advanced threat protection to internal hosts. It also provides a secure mechanism for remote access.
For the average SMB, this firewall does the job. Granular user controls, firewall and NAT rules that you would expect. Licensed features provide application control, content filtering, antivirus, and anti-malware all in a single appliance. Be aware that their ATP is poorly implemented (stops downloads, forcing users to wait and click again). Also be aware that the IPS/IDS, and Gateway Antivirus will do very little for modern threats such as ransomware. We have had emotet trojans easily pass the firewall, connect to international foreign (and obviously) some kind of C&C without stopping it. So little to no protection against modern threats, no HTTPS proxy as an option, poorly implemented ATP - it makes the case for a SonicWall very difficult to justify. This vendor is frustratingly slow at adapting, evolving or improving their product. They are unable to keep up with competition.
Application control: It allows us to block applications, i.e., websites by application type category. It is far more capable than content filtering alone.
SonicWall has weaknesses. During its tenure with Dell, it was severely damaged (its reputation, innovation, etc.). It is now recovering, but it may take time to get competitive again. They are clueless in some regards, which is unfortunate as they have the potential.
CPU: The CPUs are not able to compete with a similar price point to the Fortinet, WatchGuard, or Palo Alto product. Compare with the need to get 1Gbps throughput with full security (common nowadays), you are looking at NSA 5700.
Wireless: What a disaster this has been historically. The new SonicWall will tell you it has been resolved and improved. It has improved - it actually works now, but performance is substandard. It is a terrible strategy to have a firewall act as an AP controller, in any case. Perhaps for an SMB, the integrated WiFi in their TZ series has a niche.
Anti-spam: Do not even consider it. It leaks like a shower head. What a mess that offering is. It requires a specific Java version on the server side (do not update it, otherwise it will break). In any case, a firewall doing anti-spam might be a low cost solution, but it is not your best strategy.
Logging/reporting: You need their analyzer to properly generate reports. This is an expensive, licensed feature, with a complex application or appliance back-end.
MSP: They are not ready for managed security services. Their Cloud GMS product is weak, barely out of beta (buggy).
VPN: Site-to-site is another problem area - Client-based VPN is another hot mess. Global VPN client issues and mobile connect issues. Do not even consider NetExtender - probably one of the most horrific, nightmare grade Java-based VPN clients. We have but all given up trying to make it work reliably. If VPN is important for you - look elsewhere. You have to pay for licenses (most competitive vendors include this by default). You will have 4 different methods, 3 different clients, 2 licenses and all of this to have a horrible VPN connectivity. No proper or modern 2FA for additional security. AVOID!
AGSS / ATP: This is poorly implemented. A user will click to download a new type of file, and nothing happens. They have to wait an indeterminate amount of time, and try again to see if it works. It is so annoying, most clients avoid this capability, just nullifying the whole purpose of it.
App Control: Be aware that either due to firmware updates, or bugs - app control will behave poorly (cause packet loss, or outright blocking) with normal and legitimate activities. Resetting and re-configuring it is the work-around (super annoying).
More than ten years.
Yes. The VPN client connectivity and licensing has been a major complaint, especially during COVID-19
Yes. The CPUs are very weak.
During the Dell years, support was terrible. It has since improved.
No. We have always only deployed SonicWall.
Setup is easy. Anyone with basic firewall experience can do it.
In-house only. Level 2 techs can handle most tasks.
All advanced features are licensed capabilities, such as Advanced Gateway Security Suite or Comprehensive Gateway Security Suite. VPN clients are licensed, and you have to choose a type of license you want (how ridiculous is that).
We have evaluated Sophos, Fortinet, Palo Alto, Barracuda, WatchGuard and now CheckPoint
Avoid this company. They have no idea what they are doing, except a slick marketing campaign. They don't listen to their customers. The only evolution of the product in the last few years was a slight redesign of the web interface and DNS proxy. They will push their SonicWall "Capture" but this has nothing to do with the Firewall product itself, it is a windows based NextGen A/V based on Sentinal with ATP.
The solution is used basically a parameter firewall and to secure the company network.
The content filtering is very good.
The solution is easy to use.
They offer good antivirus solutions. It's basically a complete package.
The solution is stable.
There's always room for improvement.
For example, the monitoring system is in need of improvement. Their monitoring system is too expensive. Most of the company doesn't apply the monitoring system as it's too expensive. Some more monitoring features should be built into the firewall device itself.
Management spends a lot of money on the device, and they want to know what is working, et cetera. To understand this, we need some reports, graphs, and figures. Without these items, management may not be convinced they are spending the money in the right way. Having reports that reflect the work done to keep the network secure would show the benefits and the ROI in a positive way that would help sell management on the product itself.
The ongoing service fees are high.
The solution could use more online educational tools to help users understand the underlying functionality of the product. Things like videos and tutorials could help a lot.
I've been working with the solution for the last nine years or so at this point. It's been almost a decade.
The solution is very stable. We can do 80% to 90% of tasks with no issues whatsoever. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.
The solution can scale, however, in Pakistan, it's not easy not to spend so much. One device can last over five to six years. You can say scale, however, you need to have an understanding of what functionality you will need over the years. Over four to six years, the device can fulfill your requirements. After six to seven years, you can replace it with another model or another brand to meet your updated needs.
I didn't use support over the last nine years, except for handling the device replacement itself. I needed a device replacement due to some damage, and they fulfilled my request and requirements. In terms of tasks such as configuration issues, I've never actually asked for assistance for those queries and therefore could not rate how helpful or responsive they are when they cover those matters.
In the past, I have also used Fortinet and FortiGate as well as Juniper. I have 19 years of experience with various solutions. I have used multiple devices including Cisco, Juniper, FortiGate, SonicWall, and others. Basically, FortiGate and SonicWall are more or less the same types of solution. However, the SonicWall is easier to install than FortiGate.
I have deployed the solution myself. I did not need the help of an integrator or consultant.
The pricing is reasonable, however, all firewalls have high prices for subscriptions for their services to cover after warranty needs for content filtering, for antiviruses, for web filtering, et cetera. All firewalls have extra prices.
After spending so much money year over year, we were surprised that we had to still pay more than the device cost just to covers services. That's why you may find that most companies stop their services and just running the firewall as a box. Most small companies stop their services just due to the high subscription fees. That said, multinationals or larger organizations likely still pay the service fees.
In places like Pakistan, a developing country, it's hard to continuously pay, as we find the continuing service fees expensive. They should work to make an exception for certain regions such as ours.
I'm a customer and an end-user.
I can't remember the exact versions we are using. We may be on version 6, and the models I have used include the 2600, 2500, and 3600 series.
I'd warn new users that the box is huge. The box has multiple functionalities and most users are not trained. They can't benefit from all the functionality as they don't know that it exists. Due to the lack of knowledge, most users don't leverage additional functionalities which they should. While the solution offers good devices and reasonable pricing for the box, companies need to educate themselves on how they can best use the product to their advantage. SonicWall can help by posting more videos and sharing more information.
I'd rate the solution at an eight out of ten.
We primarily use the solution from our firewall endpoint VPN. It does have a spam filter, SSL, DPI, and numerous other security features. We've got the full license suite.
The DPI-SSL is the solution's most valuable aspect. It's handy. It's nice.
The scalability is okay.
The initial implementation isn't too bad, once you get used to the process.
We're not happy with the device itself. We're obviously moving away from it for a reason that they're a Swiss pocket-knife of devices and they do a lot. However, nothing is really done well. They don't specialize in one thing that they excel at. They try instead to do almost everything and end up failing.
We're not particularly fond of the way it generally performs. We are finding ourselves rebooting often. There are freeze-ups and that kind of thing. The stability needs to improve exponentially.
Technical support is pretty slow to respond and escalate matters.
The cost of the solution is quite high.
The solution could use an invisible DPI-SSL or something that doesn't require a certificate rewrite. Most of the other vendors are doing that now.
The SSL VPN performance-wise is terrible.
We've been using the solution for about three years at this point.
The stability isn't the best. It freezes. We have to reboot a lot. The device just doesn't work very well.
The scalability is okay, It's marginal, however, it is possible.
We have about 300 people on-premises that use the solution.
We've been in touch with technical support, ad currently, we find them to be below average in their support capabilities. Firewall support is just adequate. Right now, with COVID and everything, you are looking at 45 minutes to an hour to get the first technician on the phone. Often it takes two or three days to get it escalated. It's slow.
I personally previously used Cisco devices at another company, and therefore I have some experience with them.
We're currently migrating away from this solution at the moment. We do not like the way the device performs.
In terms of deployment, there is a bit of a learning curve right off the top, as I come from a Cisco ASA background. It's more object-based, a little bit different. Once you get the knack of it, it's actually pretty nice in some ways.
That said, operationally, I would recommend anybody that deploys one of these to make sure they develop their own SOP for naming conventions, for objects, object groups, object types, service groups, service objects, et cetera, so that it's easier to manage and understand what you're doing. Generally speaking, it's just a best practices kind of process for administrative work. If you've got multiple admins, it's important that everything is contiguous, meaning everybody understands and works under that same parameters. It's like any other operating environment.
In terms of maintenance, there are two of us that generally manage it and maintain it on a fairly regular basis. I'm a network engineer and the department manager, who's not a system engineer, (however, is well-versed), also can perform maintenance as needed.
We handled the implementation in-house. We did not need an integrator or consultant to assist us.
While I don't know the exact amount off the top of my head, I would estimate the licensing package was about $15,000 to $20,000 a year.
Your original purchase includes the purchase of the hardware, licensing, and support. It's not a cheap device.
We are customers and end-users.
We are currently using the NSA 4600. It's a full security appliance. We're using the latest version of the solution.
It's our primary firewall/VPN endpoint. It's used 24/7, 365. Due to the nature of our work, uptime is critical.
Ultimately, if you were to ask me if I were to recommend this device, I would say no.
I'd rate the solution at a three out of ten, simple due to the fact that the stability isn't there, and it's an expensive solution.
We primarily use the solution just for IPsec tunnels. It's two routers between locations with IPsec tunnels, nothing more. We don't use their firewall capabilities.
The functionality is the same whether it is on hardware or a virtual appliance. The interface is the same. It's nice that it's standardized.
The solution is a good product with a good value for money.
The security capabilities and policies are good. They can do a lot of tasks with ease.
The product is very useful for organizations with many locations. If you've got a lot of locations, the product can save you money as you don't need a physical box at each location.
The scalability is very good as it really can cover multiple locations.
SonicWall offers NG capabilities in virtual appliances.
It's not as easy to use, as, for example, Palo Alto.
Some of the configurations could be better.
The solution is stable. We haven't had any issues so far.
The scalability is quite good. You can scale well across locations very well for not too much cost. If a company needs to expand, it can do so relatively easily.
Also, cost-wise, it's very affordable to scale up. It's not expensive to add hardware and licenses as needed. They make upgrading very cheap.
We have 200 people on the solution. That said, they are using with IPsec tunnel. They don't use all of the capabilities of the hardware. They are using it just to encrypt tunneling between the sites.
We may not continue to sue the solution as we have found a solution that is better and that can help us get faster than IPsec can. We're looking instead at MACsec.
I've never opened up a technical support case with the product. It's worked quite well, and we haven't run into trouble that would require us to reach out. I can't really speak to how helpful or responsive they are due to the fact that I have no experience with them.
We've also worked with Palo Alto, Barracuda, and Sophos.
Palo Alto is more expensive to use and to scale. Sophos is very easy to set up. Barracuda also has NG capabilities, like SonicWall, and has the same limitations in terms of security policies. It also can take a bit longer to set up.
I have ten years of IT experience, and therefore, for me, the entire implementation process was not overly difficult. They have good manuals that you can read through at the start. It's not a difficult process, especially if you are already comfortable with the technology.
Of course, it's not quite as straightforward as something like Sophos, which you can just plug in and have the vendor configure for you. However, that said, it's not too difficult.
SonicWall still is only a dollar or Euro per gigabit. This means, of the IPsec, it's the cheapest solution.
Due to the fact that we've got some projects now, we might abandon IPsec, as we had two Blade fibers with separate paths to a secondary location and we will start using MACsec. It's a layer 2 security. Therefore, we don't need IPsec anymore.
Originally, actually, we bought it without any licenses, just boxes with IPsec capabilities.
The pricing, in comparison to some solutions, such as Palo Alto, is much better.
We're just a customer and an end-user.
I'd recommend the solution to other organizations. I tell everybody, if your business is a lot of locations and not so many personal policies, to check the SonicWall portfolio. You can configure it with two boxes and if you need to you can scale it without any trouble into the tens or hundreds.
In general, I would rate the solution at a seven out of ten.
The solution is primarily used as a perimeter firewall for a gateway toward public internet traffic. Basically, it is a gateway between our internal network and public traffic.
Feature wise, the content filtering is good.
The basic firewall rules of the solution are great.
The product has a lot of bugs, actually. We are facing some issues with this product. The DPI SSL feature which is there, it is not working properly.
The IRL, when it was installed, had us facing some issues. However, as they kept on uploading the images, the issues are starting to get fixed.
They already have this feature of advanced capture, set rotation, and so it is a next-generation firewall only. They could improve on their software side. Their software, which is managing the hardware, it's not up to the mark.
We've been using our current particular model (NSA 5600, the most current model) for the last two years. The other firewall we were using, SonicWall 5500 we've used for the last seven or eight years.
It took some time for us to establish stability within the solution at the beginning. At this point, we find it to be quite stable except for the DPI SSL feature.
We had already scaled from the older version, the 5500, however, the 5600, is quite a new product. They have since changed the OS, so it ended up being a bit complex from the earlier version. The complexity is there, obviously. It's not that easy to manage. You really need to have someone with knowledge right there with you.
It is an internal firewall. All of our traffic, internal traffic, goes through this firewall only. There are somewhere around, at any point in time, 600, 700 users. We have total sync of 2,000 users, 2,000 plus. But at any point in time, 600 users are there, connected. It runs continuously, on a daily basis.
We've never contacted technical support in the past. We go through our vendor. We don't call SonicWall.
While there are a lot of options on the market, we only use SonicWall at this time. We have used Sophos in the past previously. We found that Sophos Firewall had more flexibility compared to SonicWall, especially in the configuration capabilities.
he initial setup was actually it was done by our vendor partner. And it was not difficult for them. However, during the initial set up, we faced some issues. It was not easy until there were image upgrades, and now those issues are fixed.
We've also outsourced the maintenance part of the solution's upkeep to our vendor. We only do the followup and we level call. Basic manageability, they do the operation, we manage at our end. Basic operations. But for other calls, we level call with the vendor.
We hired our vendor partner to do the initial implementation for us. We didn't handle it in-house.
I'm not sure what the pricing of the product is. It falls within a middle range in terms of pricing. It' not the cheapest or more expensive.
The SSL VPN feature, which is what we needed to purchase, is a separate license.
There's a lot of firewalls available, including Cisco, FortiGate, and Juniper firewalls too. There are many alternatives.
We're just a customer. We don't have a business relationship with SonicWall.
I wouldn't recommend the solution, actually. It's hard to set up and the stability takes a while to establish. They need to do better on their software side, and other solutions, like Sophos, have more flexibility in their configuration capabilities.
I'd rate the solution seven out of ten.
We use it to secure the perimeter of our company. We use all the integrated features of this Next-Generation Firewall. We are using NSA 3650.
The bandwidth consumption of the company has improved since we took control and restricted the music on YouTube being accessed on office computers. A lot of computers in the company were streaming, and we used the intelligent application control feature to control that.
Deep packet inspection and intelligent application control are the most valuable features.
It is a very updated solution. It is very current as compared to other brands and vendors.
I would like to have a built-in vulnerability scanner in the firewall. It would be great to have such functionality. Its price could also be better.
It would also be good to have a local warehouse. It doesn't get damaged a lot, but if a customer needs a replacement, currently, it has to come from Miami or Mexico, which can take a few days. It would be better if they have a local warehouse from where we can just pick replacements and quickly solve a client's needs in terms of replacing equipment. It would be great to have it locally instead of waiting for it from Mexico or the USA.
I have been using this solution for approximately seven years.
It is stable. We have been representing SonicWall in Panama for approximately seven years. Our customers usually don't need any help from us. We don't have any customer attacks or downtime because of the lack of features in the product. It has been a very good experience.
SonicWall has 12 different models for enterprises and service providers. They have a wide range of models to meet the needs of customers of all sizes.
We have all kinds of clients. We have service providers, and we have small, medium, and big companies as clients. In the biggest company, there are 25,000 users. It is a university here in Panama.
It is always there when we need it. They have a very good service.
Customers usually had FortiGate or WatchGuard. Those are the two major brands that we have replaced with SonicWall.
SonicWall is being represented by us here in Panama. FortiGate is a very strong solution here in Panama, but we're trying to get them out of our way. Price is the biggest thing that we might use to replace them.
Support from the vendor is also a big thing here. WatchGuard has no representatives in Panama. They have no presence, so, it is very easy to replace them, but FortiGate is a difficult one to replace.
It is straightforward. It has a wizard, and you just follow the steps.
It took us one month because our personnel had to be trained. We need two or three people for its deployment. It is not that demanding on services.
We implemented it with the assistance of SonicWall.
It would be better if it has a better price, but its price is okay considering the benefits that you receive.
The operating system of all boxes is pretty much the same for enterprises as well as small businesses. It has the same behavior from the smallest model to the biggest one, which is a major advantage of SonicWall.
I would rate SonicWall NSA an eight out of ten.
We primarily use the solution for just securing our users and creating a LAN through VPN tunnels. We use it to provide remote access to a cloud service.
It has allowed us to work remotely when the order to shelter in place went into effect in March of this year due to COVID-19.
The most valuable aspect of the solution is its ability to work like any other firewall.
The product is pretty easy to configure. It's easy to maintain and it works well with Windows.
There are features that offer 3G, 4G, failover, wireless, and things like that are very good. I'm not a firewall expert, however, in my opinion, the solution pretty much covers the needs of small and medium businesses.
Currently, I just have the basic modules turned on. I'd love to see how it works in terms of preventing more malware from getting through.
We still get phishing emails that manage to come through from time to time.
The solution could use a bit more security.
We had issues with the VPN tunnel between two sites. It wouldn't stay up. That was a problem for us. They need to fix it if they find it happens across the board to other customers.
This company has been using the solution for good three years.
The solution is stable. I've had one running for a little over 300 days without any problem. There aren't bugs or glitches. It doesn't crash or freeze. It's reliable.
The scalability is pretty good. I can scale out and add a firewall within a new office if I need to. If an organization wants to scale, they should be able to do so with no problems. Everyone working in our office uses the solution. Anybody that has a work laptop that needs to remote work from outside the office can do so as well. It's 100% used across the board.
I had to call support when one of my VPNs was failing. The VPN tunnel between two sites wouldn't stay up and they had us use a different security protocol.
They were very helpful. I found them to be quite responsive and knowledgeable. I don't think the problem with the VPN should have been there in the first place, however, that said, they did help us. I'd rate them, overall, at a nine out of ten.
The initial setup isn't too complex. My understanding is that it's straightforward. I didn't set it up myself, however, it's got configuration wizards to walk a user through. This no doubt is quite helpful and makes it pretty simple in terms of implementation.
The pricing is pretty reasonable. We don't find it to be overly expensive.
The version we are using is NSA 20 or 60.
If a company is looking for a good product that's easy to configure, I would suggest they consider SonicWall.
I'd rate the solution nine out of ten. If we didn't have that trouble with the VPN tunnel, I would give it a perfect score.