SonicWall NSa Reviews

Our primary use case is as a corporate firewall, and to provide security for the network while allowing connectivity between multiple sites. We also use it as a VPN gateway for multiple users via SSL.

Our old firewall was running as HA (High Availability) on two different but identical rack mounted servers. Moving to SonicWall allowed the company to move to one unit, yet accommodate more connections because it had sixteen ports and handled fail-over better than the old firewall solution.

Compact 1u, 1/4 depth size. 16 x 10/100/1000 Mbps ports, fibre ready. Management interface that is relatively simple to figure out.

I feel that the SSL VPN client software needs a lot of improvement.

It's for firewalls and content filtering. It performs pretty much faultlessly for us.

It does what it says it will do; it works and it's pretty reliable.

• Content Filtering
• Sandboxing

The only thing that we would want would be single-pane management, which it has, but the GMS is not very good. It's purely the management of multiple devices for multiple customers, that's the only thing that it's lacking.

It's very stable.

It's very sclable.

Technical support is very, very good.

The setup is straightforward. I'm a fully-certified SonicWall engineer. I have had all the training.

It does everything that they say it does. It works.

The most important factors when choosing a new solution are

• price
• functionality
• security of the device.

I would rate SonicWall a 10 out of 10. It's the only firewall that we predominantly use for our customers.

The NSA 2400 is used as our edge device. We subscribe to two services.

• Comprehensive Gateway Security Suite
• Anti Spam Service

The ability to configure the appliances for efficient usage.

• Content filtering
• Anti-Spam
• URL blocking
• Bandwidth management
  

• Content filtering reduces the load on the available bandwidth and restricts employees from using distracting websites on the job, which leads to more productive hours.
• Anti-Spam reduces unwanted mail on corporate exchange services.

After-sales support and hands-on training facilities are poor or not available in my country. Improving these will help users like me optimally manage and administer this solution.

Primary use is Office 365, all our users have cloud-based email. The rest is business emails, business procurement, etc. And if users are on after hours and they want to see more, we allow it, but still, blocking is difficult on the SonicWall. It's not easy. We have about 300 users who go through the internet.

At the moment, none. It just doesn't do its task. Users, no matter how you configure it - and it's configured quite carefully in the sense of censoring - seem to be able to punch to the file. It just doesn't do its job.

It seems to have all the features, it's just not performing.

It has good reporting, the reporting is marvelous, but reporting is always after the fact and you want to be proactive if you're a firewall. You don't want to be saying “Ah! We had a bot running on the network,” while SonicWall itself didn't give that indication in an active way.

The problem primarily with SonicWall is it's a Unix box. And it's all software, all the activities, blocking, censoring, everything has to happen in the software. If you start hitting the box with a lot of sessions it slows down and that's not what I expect from a firewall.

I have worked with this box for six months, and it's a daily task to manage this thing. You don't have to always have time to do this.

The room for improvement is to step away from the Unix platform. It needs to be a specialized system that manages firewall activity. You don't want to rely on two systems, one being Unix and one being the firewall. Unix is a powerful system, I have no doubts about it. I've set up Unix systems my whole life and they're very powerful. However, when it comes to dedicated tasks it's not suitable. That's Unix. Unix is general. It does everything. And by doing everything, it's not always as powerful as a dedicated system like a hardware solution, like Fortigate.

It's fairly stable. In the last six months, I've had to restart the box about five or six times because it just didn't do what it needed to do. And after the restart it started working again. So it's not as reliable, in my view.

It might be working in other environments, but in my view - we have a satellite connection of only 8 megabits - it's very hard to control bandwidth on the SonicWall to allow certain types of traffic to have priority. You can't really dedicate certain bandwidth for, let's say, an Office 365 solution. It's all very global. And global makes it hard to manage on a slow link, and 8 megabits is a slow link.

I don't know about scalability because I have only worked with this box. There are probably faster boxes on the market. This box should be sufficient for 300 employees and my impression is that performance is suffering if too many people are trying to get through it.

The main reason this was bought was it was cheap. We all know that Fortigate is far more expensive. But, then again, it's more like the Rolls-Royce of firewalls. And what you can do with it in hardware has no comparison with any of the software solutions on the market. Yes, everything performs, every firewall-type solution, whatever you want to use, does its job. But you want to have a management-free solution. If you look at Fortigate, no matter how you look at it, you know it works. With Unix boxes, you never know. It's a Unix system and, for whatever reason, it can stop working and you have to reboot the machine, which is not the most beneficial solution.

I've used Fortigates. Fortigates have no problems if you start adding a thousand users, depending on what kind of service provider you have. A big difference is that it's global censoring on the SonicWall. On the Fortigate you can censor per rule, and that's a big difference if you are in a multi-user environment where you have different types of actions.

At my current company, this was set up at the beginning, when the company started. They have never had a different solution. They have another location with Zyxel firewalls, which will also be replaced with Fortigates. They all perform. That's probably the best thing I can say about them. What we're going to implement now is a far broader solution with authentication and everything else. At this stage, that is not implemented on the SonicWall. My fear is that if we implemented that on the SonicWall, we would have more problems. It's really not that flexible.

My most important criteria when selecting a vendor are manageability and the features, and by features I mean complete management of the firewall.

The setup is fairly simple. That's why I'm surprised that this box is struggling. That's not what I would expect from this type of solution.

Do your homework. Go to your website, compare firewalls, not only SonicWall, not only Fortigate. Compare them for the task that it needs to run for your company. That's the bottom line. There are small firewalls which will suffice for certain companies. You might need bigger ones, you might need more features. So really, you have to do your homework.

I work in an African country, knowledge is something they are still gaining, and SonicWall is too difficult for most people to manage, versus a Fortigate where it's really a step-through and you know what you're doing, you can see what you're doing. You can't really see that on a SonicWall.

It's very hard to manage this box. You really need a lot of skills to operate the SonicWall. There is training and the like, but it's just hard to manage. Even if you have the knowledge, there are too many options. The menus are not very clear, where you should find the information.

I walked into a job where we had an end of life ns2400 that was a mess. Coming from a Meraki environment there was a learning curve on how to navigate the sometimes overly complicated user interface. Tasks I should have been able to complete in 10-15 minutes took longer and I bounced between menus to hash out NAT rules and port forwarding.

There is no Network Engineer on site, and there are too many piecemeal options to realize the full effect of the firewall's capabilities.

Support is usually good when it comes to helping out with issues. Once the matrix is learned, it becomes a much better tool, but the learning curve is pretty large.

Port forwarding could use streamlining. Otherwise, once you learn the user interface, the capabilities of the firewall are good.

Our network has 150 users. We have two internet connections, an IPsec VPN, a DHCP server, a DMZ, WiFi, access controls and a load balancer, and two appliances with HA.

It is a good product, but very modular and with native resources which are much lower than its competitors. 

• Web filter
• DHCP
• Monitoring capabilities
• IPsec VPN and other security controls
  
• Integration with the active directory and other security controls (IPS and IDS).

• Load balance algorithms
• Resource usage graphs (throughput, connections, external accesses, and the possibility to export the content of the address object).

Additional resources are too expensive.

Since we have a strict SLA of 99.98% up-time on our network per year, (including maintenance), resilience is our main concern. It is a good thing that our very own NSA 4600 has high availability/stateful firewall capabilities.

We have had zero downtime since the deployment of NSA 4600 (HA).

I'm not quite impressed with their new logging interface.

I've been using SonicWall NGFWs for almost five years now. We started using the NSA 4600 (HA) in March.

There were no stability issues at all!

There were no scalability issues at all!

I would give technical support a rating of seven out of 10. Their follow up is good. However, if the agent who is handling the case is not around, your support case will not progress. Hopefully, they can improve this.

SonicWall NGFW has always provided the protection and uptime that we have needed. We never thought of switching to other vendors.

I've been with SonicWall since my internship. Although we have a complex setup (Site-to-site VPN, SSL VPN, Bunch of NAT, custom Zones and Firewall policies), the initial setup for a new site has always been straightforward for us. This was due to the available knowledge base documents throughout the internet.

SonicWall's Next Generation Firewall itself, I believe, is not expensive for the features and the protection it offers. Though the licensing is the big problem, especially for those companies with flat budgets for IT. My advice would be for everyone to avail themselves of at least three years of licensing to save tons of money.

We never had the chance to evaluate other options. But lots of my friends are bugging me to take a look at Sophos XG firewalls.

Ask for a demo unit first before buying this.

Because this is a UTM, we appreciate having a single pane of glass for a firewall, content filtering, and IPS/IDS services. It is much easier to manage and costs less.

In a K-12 environment, internet security is paramount and threats change quickly.

The main improvement for the organization is uptime and the ability to quickly affect security changes.

The second plus is the ability to improve throughput during peak traffic hours.

SonicWall uses a cloud-based database for content filtering. If the NSA cannot contact that online DB, filtering is handled one of two ways. Traffic is either halted completely or it is passed-through totally unfiltered.

In a K-12 school environment, neither is acceptable. It would be better if the DB can reside on the NSA and is used in the event the online DB is unavailable. Other than that, it works fine.

This product has been online for over four years.

On two occasions, we had a 10GB SFP failure. But because we have an HA configuration there was no disruption. 10 GB SFPs seem to be fragile. Other than that, the system is quite stable.

None.

Technical support has been very good, the few times we've needed it.

A Cisco ASA 5500 was used prior to the NSA 6600. We switched to a UTM to have a comprehensive security solution and one interface to manage it.

Initial setup was complex. But that was expected when migrating from three separate security systems into one unified system. There was a basic template for converting some Cisco's ASA command line instructions to those used by SonicOS. Most of the configuration had to be developed or cleaned up in the SonicOS GUI.

ASA has a much better CLI, especially if you’re used to Cisco IOS. SonicOS CLI is mostly used by tech support.

Initially, it was a bit of a learning curve, but the SonicOS GUI is efficient and easy to use, enough for our needs, anyway. Once network and firewall rules (80% of the complexity) were configured, content filtering, IDS/IPS and other security services were enabled with check boxes.

I recommend a 30-day test run in monitor mode. If you decide on this product, spend the extra dollars and get a second unit to setup an HA system. No down time during SonicOS upgrades or major configuration changes.

If you expect to operate at 10GB, keep one or two extra 10GB SFPs as spares, even though they are not cheap.

The NSA series has several suites available depending on your security needs. Pricing and licensing is straightforward based on the suite you choose.

We considered upgrading the ASA to include the IPS module and adding a second unit for HA.

We also considered PaloAlto but at the time considered it too pricey for our needs. As for as an online evaluation, we did not do that. Time and rack space constraints prevented it.

However, a trusted VAR (more than 12 years) helped to ease our decision to go with the SonicWall.