SonicWall NSa Reviews

Security and Filtering. We bought this device for security and to filter traffic on our network -- these features are working fine.

I think these are the most important features for anyone who is interested in UTM.

Security and Filtering.

Firmware. Sometimes the integrated certificates get expired and you need to contact support to get these certificates updated on your device -- to let all the services work properly.

Three to four years.

I didn't encounter any issues with stability.

I don't know because we are not using >30% resources of this device.

Good.

This is our first time choosing a UTM.

Complex in Configuring DUAL WAN and VPN Connections because of Routing Config.

If you need DUAL WAN and VPN Config, you need a network professional to set it up.

It's expensive but has worth.

Fortinet, Dreytek.

• SSL VPN & Application Control
• SSL VPN is important since several people are mobile and need files to access the server in the office. This is convenient, since they don’t need to go back to the office just use the SSL VPN.
• Application control is important to limit the users in the office from consuming bandwidth such as downloads by torrent and games. This also protects us from malicious applications such as anonymous proxy.

• Creating site to site VPN for HQ
• Branch via satellite connection for the branch

Access management port: This needs improving by SonicWall firmware.

We have been using the solution for three years.

We did not encounter any issues with stability.

We had a scalability issue.

Level-3 technical support is good.

We switched because of stability issues when turning on the UTM feature.

The initial setup was simple.

Pricing and licensing are competitive for this product.

We evaluated Sophos, Fortigate, and Stonesoft.

If you looking for a simple site-to-site VPN, stable UTM feature, and easy SSL VPN setup, then this solution is OK.

I like that you can run a packet capture from within SonicWall and configure it to automatically upload the packet captures to an FTP server. This is useful when trying to troubleshoot an intermittent issue. It can capture for as long as you have disk space on the FTP server.

We are more aware of security issues since SonicWall can be configured to send e-mail alerts. Server-side Outlook rules and Exchange transport rules (more informational subject lines) can be helpful in sorting and making sense of the many alerts it can generate. We have also configured it to send logs to a syslog server. They also offer SonicWall Analyzer which can reportedly be very helpful when viewing logs but I have no experience with it.

I am not sure if SonicWall has finally addressed this issue but a major area for improvement would be being able to export the settings file in a non-binary readable and editable format. It is not possible to export, make changes and then upload a revised configuration. Since the settings file is binary and non-readable, it seems to always be suspect when any strange issues arise with the appliance. I have had their techical support many times through the years question whether our settings file was corrupt. Of course it would be very easy to know if it was possible to look at it but it’s binary.

Another issue we had was with SonicWall auto-creating firewall rules for VPN tunnels until I learned to disable that feature and not allow it. SonicWall will not let an admin delete an auto-created object. I personally believe an admin should be able to delete anything. We had cases where a VPN tunnel was deleted first and auto-created objects for the tunnel would get abandoned. Other objects can also get abandoned. A time or two I was able to delete abandoned objects by recreating what created them in the first place and then deleting things in the right manner to cause the auto-deletion of the objects. If that doesn’t work, you will need to restore from a backup settings file or live with the abandoned object(s). We made it a policy to always backup the settings before any change and again after the change with the file names of the settings files reflecting what was changed. It also helps to send an e-mail to the team or record in a ticket details on any changes made, e.g. screen shots of all changes. If the settings file becomes corrupt you will need to load a previous settings file. It will be helpful to have a previous version along with a record of all changes made since that settings file was saved. This is another example of how helpful it would be to be able to view the settings file, make changes and delete objects if needed and then reload it. It would be so much easier and faster.

I have used SonicWall products for about eleven years, these models for about eight years. They are near EOL.

Years ago, we would often have problems after firmware upgrades. Once after a firmware upgrade all firewall rules were still present except for HTTP and HTTPS which of course meant our web servers were dead until all the rules were recreated. We began to experience spontaneous reboots after another firmware upgrade. In recent years, they now issue early release firmware, often many versions of it, until they release a new general release. We never upgrade to early release and chose to only use general release after it’s been released for three months (true for all vendor firmware and software) and after we have searched for horror stories on the Internet. You can also open a tech support case and specifically ask the tech if the firmware is still considered a good and stable release. They will usually tell you honestly whether it is or not. We have had technical support tell us early release is tested and just as good as general release firmware while other technical support has told us it is not fully QA-tested and might cause problems. Using only general release firmware, our SonicWall has been rock solid and very stable for many years even when they were newer and had more frequent firmware releases.

We never tried to scale it.

SonicWall technical support is quite good. As with all contact with any technical support, I always document the issue, who I spoke to and their response. This can prove to be very valuable if trying to demonstrate a longstanding issue. It helps to have in hand previous dates, case numbers, names of previous tech support with notes on what they said and details on the previous attempts to fix things. For the most part, SonicWall technical support can quickly identify and resolve most issues.

We had a SonicWall 5060 PRO and upgraded to the SonicWall NSA 4500s. They are near EOL and another upgrade will soon be required.

I built them from scratch since our settings file in the 5060 PRO was suspected to have corruption. I documented all of the settings in the previous firewall and manually created all of the address objects, service objects, firewall and NAT rules to duplicate what was in the SonicWall 5060 PRO. I previously built the 5060 PRO so I knew it was configured correctly.

SonicWall absolutely has the best bang for the buck hands down. Other firewalls are two to three times as expensive both in initial cost and recurring maintenance cost. SonicWall does not require duplicate licenses if you have an HA-pair in Active/Passive mode since only one unit will be active at any given time, which is a big savings in cost compared to other vendors. If you buy a security bundle you get even greater savings. SonicWall does, however, license user VPN access unlike most other vendors.

It’s been so long ago I can’t remember.

At the time of this post SonicWall is now owned by private equity firm Francisco Partners and Elliott Management. I would research those firms and form an opinion as to the possible future of SonicWall and then decide accordingly. If you have already made your purchase, utilize tech support often if needed. They have been invaluable to me through the years and have always helped me in getting answers to any questions. They have always been there to assist me in setting up something new and unfamiliar when needed.

• Site-to-Site VPN
• Deep Packet Inspection
• Easy routing capabilities
• Stability
• AD integration
• Traffic shaping options
• VLAN options per interface
• APP based rules/filtering

With Site-to-Site VPN we can connect several branch office that we have and with the routing options we can setup a VPN backup route using different ISPs, this is great when the ISP stability is not good. The AD integration is not the best but it works, thru that option we enhance the security of the device in terms of manageability. Deep Packet Inspection helps us to block undesired traffic like p2p activity even in ssl encrypted tunnels, but this is far from being easy to setup. Traffic Shaping options give us the ability to limit interfaces like the "guest wifi interface" however you can setup this per interface, not per VLAN, you have to create a firewall rule then apply "Bandwidth management rule".

Sometimes, the GUI is extremely annoying and you need to implement external tools for better network monitoring.

The GUI needs to be worked on as sometimes it's annoying to configure because the options are separate. For configuring a simple port mapping you have to go to the address object menu, then the NAT menu, then theFirewall menu, and if you want to delete this rule, you have to go backwards.

The AD integration works but in some cases when the connectivity to the AD is lost, SonicWALL also lost the AD synchronization and we had to login using a local user to re-synchronize the appliance with the AD.

Last, but not less important, are the tools for monitoring the network. The appliance has a lot of monitoring tools, but they are not efficient. For example, you cannot see (in real time) what user is accessing what site, consuming bandwidth, etc. but you need external tool to do this. Dell need to take a look at their Kerio control software).

I have been using it for eight months.

None, the deployment was done in conjunction with a Dell partner. They had some difficulties, but all of them related to our specific scenario. In that time we use all the configurations per IP basis and not per zone basis like Dell recommends.

Some, but they were very strange. For example, one of our ISPs gave us an IP address through DHCP, and in two cases the interface won't take a new IP address, even if we reboot the appliance, we have to use another interface to solve this. For other cases, we use LenovoEMC Storage Connector.

That software floods the connections of SonicWALL reaching the 322000 simultaneous connections/sessions. Until we find this software, the SonicWALL becomes very slow almost unresponsive, also we start to losing connection to other networks that are being handled by the SonicWALL. We solved this by applying connection limits but the final solution was uninstalling that Lenovo software.

None, but if you need more you have to pay licenses and if it is no enough that you have to buy a mayor model of SonicWall.

We use our Dell Partner who are slow, but efficient.

Our Dell partner have great technicians and they know the product. However they were slow to solve some problems because the GUI didn´t allow a fluent workflow/management.

We didn't have a solution in place previously.

Because our scenario requirements were complex, the initial setup was somewhat complex.

We used a Dell partner who had a great level of expertise.

You have to look if this device will do the task that you need, and if it does with which license do it. If you haven't got a license, you almost cannot use this equipment. Here you have a license for all, from the device itself to the user VPN license, so you have to be careful with this. Also, the licenses are not perpetual so my advice is talk with a Dell partner, know the product, know the limitations and compare with other brands.

We didn't look at any other options.

SonicWALL offers two operating modes, per IP basis, and per zone basis. You should design your network for work on the per zone basis. It will be easier and effective to manage the device.

The solution helps with VPN. 

The most valuable feature I've found is VPN and web protection, particularly with navigation assessment. We use the application control feature to create rules controlling specific application navigation. 

The web interface administration of SonicWall NSa could be improved. Compared to Sophos and FortiGate, making rules is easier with those systems.

The solution is expensive. Its pricing is based on the number of users. 

I rate the overall product an eight out of ten. 

Our primary use case of NSa is for security. We are customers of SonicWall and I'm an IT administrator. 

The solution is user-friendly with good security and application control which is very important these days. 

The support is severely lacking with very slow response times. There are latency issues with this solution. I'd like to see improved performance and an updated dashboard.

I've been using this product for seven years. 

The stability is fine although there are some security and latency issues. 

The scalability is fine. 

Customer support requires additional engineers because their long response times are problematic. 

Neutral

The initial setup is relatively straightforward. We have several hundred users, predominantly IT specialists, engineers and developers. I'm the maintenance person for this product. 

I rate this solution eight out of 10. 

Licensing costs are reasonable. 

In general, this is a good solution and I rate it eight out of 10.  

We use SonicWall NSa for security, site-to-site connectivity, and a VPN. 

The tool's most valuable feature is application security. I am satisfied with its threat-prevention capabilities and have no issues with its incident response rate.  We have no issues with its integration. 

The tool needs to improve its reporting features. 

I have been using the product for 10-15 years. 

I rate SonicWall NSa's stability as nine out of ten. 

I rate the product's scalability a nine out of ten. 

SonicWall NSa's support takes longer to respond. 

Neutral

We worked with Microsoft before SonicWall NSa. We chose SonicWall NSa because of its pricing and local support. 

SonicWall NSa's deployment is easy and takes only a few hours to complete. We have two engineers for the solution's maintenance. 

SonicWall NSa's pricing is subscription-based and I rate it a six out of ten. 

I rate the overall solution a nine out of ten.