We just raised a $30M Series A: Read our story

SonicWall NSa OverviewUNIXBusinessApplication

SonicWall NSa is #15 ranked solution in best firewalls. IT Central Station users give SonicWall NSa an average rating of 8 out of 10. SonicWall NSa is most commonly compared to Meraki MX:SonicWall NSa vs Meraki MX. The top industry researching this solution are professionals from a comms service provider, accounting for 27% of all views.
What is SonicWall NSa?
Achieve a deeper level of security with the SonicWALL Network Security Appliance (NSA) Series of next-generation firewalls. NSA Series appliances integrate automated and dynamic security capabilities into a single platform, combining the patented, SonicWALL Reassembly Free Deep Packet Inspection (RFDPI) firewall engine with a powerful, massively scalable, multi-core architecture. Now you can block even the most sophisticated threats with an intrusion prevention system (IPS) featuring advanced anti-evasion capabilities, SSL decryption and inspection, and network-based malware protection that leverages the power of the cloud.

SonicWall NSa is also known as NSA 250M, NSA 2600, NSA 3600, NSA 4600, NSA 5600, Dell SonicWALL NSA.

SonicWall NSa Buyer's Guide

Download the SonicWall NSa Buyer's Guide including reviews and more. Updated: November 2021

SonicWall NSa Customers
Orange County Rescue Mission, First Source, Michaels & Taylor, Green Clinic Health System, Aspire Chiltern Skills and Enterprise Centre, UnitedStack, Faith Lutheran College Redlands, Celtic Manor Resort, Star Kay White, Air Works, Unimat Life, NHS Yorkshire and Humber Commissioning Support (YHCS), Hutt City Council, Mato Grosso do Sul, Nspyre
SonicWall NSa Video

Archived SonicWall NSa Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
MV
Solutions Specialist with 201-500 employees
Real User
Regularly updated signatures for IPS, Application Control, and Web Content filter

Pros and Cons

  • "With the deployment of the SonicWall NSA solution, we never suffered a problem due to invasion or contamination of any kind."
  • "This product is unable to secure access to endpoints for our external employees."

What is our primary use case?

Our operation depends heavily on Internet access and we depend on a solution that can provide us with productivity and security for the continuity of our business.
With this need, we implemented a SonicWall NSA firewall to control all access to and from the Internet.

How has it helped my organization?

With the deployment of the SonicWall NSA solution, we never suffered a problem due to invasion or contamination of any kind.

The solution always responded very efficiently, delivering us:

  • High productivity in our operation through access control capabilities;
  • Security for our information with advanced deep inspection features, including SSL traffic.

What is most valuable?

This solution has always delivered us security features with great efficiency like:

  • Web content filter with a very extensive and always updated database;
  • IPS with an extensive list of signature attacks;
  • Anti-virus system with cloud sandbox that inspects 'file-less' attacks and delivers only after the verdict;
  • Real time flow inspection system;
  • Application Control with an extensive list of signatures;
  • DPI-SSL inspection in the data layer;
  • SSO with LDAP directory services.

What needs improvement?

The solution was deployed to suit all areas of the company.

This product is unable to secure access to endpoints for our external employees. Our next plan will be to deploy a solution for visibility and control of 'shadow IT' applications and also to provide security for accesses outside our company. We plan to use another solution from SonicWall, such as Cloud App Security (CASB), to meet the needs of our external employees.

For how long have I used the solution?

Eleven years.

What do I think about the stability of the solution?

The solution has always been very stable and efficient.

What do I think about the scalability of the solution?

My impression is that the solution is quite scalable.

How are customer service and technical support?

Support services are categorized by the criticality level. We had a few critical events, but each was attended quickly and efficiently.

Which solution did I use previously and why did I switch?

Before this solution, we used Microsoft Forefront TMG Server.

We migrated because the solution was proxy-based and did not have the features of NG firewalls.

How was the initial setup?

Initially, we had to review our security policy and this was the stage that involved the highest level of complexity.

With the policy defined according to our needs, the initial configuration of the solution was simple, but obviously, because it is an advanced-level security solution, it must be implemented by a specialized professional.

What about the implementation team?

The solution was implemented by our internal team. Our team participated in an official solution training prior to deployment.

What was our ROI?

This question is very relative as we are dealing with an asset. But for our business, it was positive for a short period of time.

What's my experience with pricing, setup cost, and licensing?

In our evaluation, we found that the costs of deploying the solution, and also purchasing the hardware and licenses, were very attractive.

The ratio of costs vs efficiency of SonicWall products is very good.

Which other solutions did I evaluate?

We did not test other solutions.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
BH
Senior Security Consultant. at Ingram Micro Inc.
Real User
Performance is unique among firewall products, but it is lacking some next-generation functionality

Pros and Cons

  • "I really like the performance; there are no delays and no latency, which is a unique quality in firewalls nowadays."
  • "The cloud services may be in need of some improvement."

What is our primary use case?

The primary use cases for this solution are protection and for a VPN.

How has it helped my organization?

My former company is a SonicWall distributor and I am looking to work with this solution in future projects.

What is most valuable?

I really like the performance; there are no delays and no latency, which is a unique quality in firewalls nowadays.

What needs improvement?

  • The cloud services may be in need of some improvement.
  • ADR needs to be added to the portfolio.
  • Some next-generation features are not included in the product.

For how long have I used the solution?

Approximately eight months.

What do I think about the stability of the solution?

This is a very stable solution and I have heard no objections from customers about it.

What do I think about the scalability of the solution?

It is very scalable.

How are customer service and technical support?

We have had no interaction with their technical support.

How was the initial setup?

The initial setup of this product is very easy.

Two engineers are required for deployment and maintenance.

What about the implementation team?

I have implemented this solution many times. Some of these were on my own, while in some cases I obtained the help of a consultant. The consultants are great. They are well educated and know how to use the product.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing are the best part. SonicWall is great compared to competitors, such as Palo Alto, and it has the same features. Considering the market, I believe that the price of this solution is great. 

What other advice do I have?

This product is not as well known as some others because it is not marketed as well as it could be.

My advice for others who are implementing the solution is to do the sizing well. If it is done correctly then there will not be any problems.

I would rate this solution a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about SonicWall NSa. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,136 professionals have used our research since 2012.
AV
IT Services Coordinator with 11-50 employees
Real User
Simple management interface, although the SSL VPN client software needs improvement

What is our primary use case?

Our primary use case is as a corporate firewall, and to provide security for the network while allowing connectivity between multiple sites. We also use it as a VPN gateway for multiple users via SSL.

How has it helped my organization?

Our old firewall was running as HA (High Availability) on two different but identical rack mounted servers. Moving to SonicWall allowed the company to move to one unit, yet accommodate more connections because it had sixteen ports and handled fail-over better than the old firewall solution.

What is most valuable?

Compact 1u, 1/4 depth size. 16 x 10/100/1000 Mbps ports, fibre ready. Management interface that is relatively simple to figure out.

What needs improvement?

I feel that the SSL VPN client software needs a…

What is our primary use case?

Our primary use case is as a corporate firewall, and to provide security for the network while allowing connectivity between multiple sites. We also use it as a VPN gateway for multiple users via SSL.

How has it helped my organization?

Our old firewall was running as HA (High Availability) on two different but identical rack mounted servers. Moving to SonicWall allowed the company to move to one unit, yet accommodate more connections because it had sixteen ports and handled fail-over better than the old firewall solution.

What is most valuable?

Compact 1u, 1/4 depth size. 16 x 10/100/1000 Mbps ports, fibre ready. Management interface that is relatively simple to figure out.

What needs improvement?

I feel that the SSL VPN client software needs a lot of improvement.

For how long have I used the solution?

Three to five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
SP
Lead Technical Consultant at a tech services company with 11-50 employees
Real User
Provides us with the content filtering and sandboxing we need

Pros and Cons

  • "Content Filtering and sandboxing are valuable features."
  • "The only thing that we would want would be single-pane management, which it has, but the GMS is not very good. It's purely the management of multiple devices for multiple customers, that's the only thing that it's lacking."

What is our primary use case?

It's for firewalls and content filtering. It performs pretty much faultlessly for us.

How has it helped my organization?

It does what it says it will do; it works and it's pretty reliable.

What is most valuable?

  • Content Filtering
  • Sandboxing

What needs improvement?

The only thing that we would want would be single-pane management, which it has, but the GMS is not very good. It's purely the management of multiple devices for multiple customers, that's the only thing that it's lacking.

What do I think about the stability of the solution?

It's very stable.

What do I think about the scalability of the solution?

It's very sclable.

How is customer service and technical support?

Technical support is very, very good.

How was the initial setup?

The setup is straightforward. I'm a fully-certified SonicWall engineer. I have had all the training.

What other advice do I have?

It does everything that they say it does. It works.

The most important factors when choosing a new solution are

  • price
  • functionality
  • security of the device.

I would rate SonicWall a 10 out of 10. It's the only firewall that we predominantly use for our customers.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SA
Network Administrator at Nigerian Security Printing & Minting Plc
Real User
Top 20
Anti-Spam reduces unwanted mail on corporate exchange services. However, after-Sales support and hands-On training facilities are not available in my country

Pros and Cons

  • "Anti-Spam reduces unwanted mail on corporate exchange services."
  • "Content filtering reduces the load on the available bandwidth and restricts employees from using distracting websites on the job, which leads to more productive hours."
  • "After-sales support and hands-on training facilities are not available in my country."

What is our primary use case?

The NSA 2400 is used as our edge device. We subscribe to two services.

  • Comprehensive Gateway Security Suite
  • Anti Spam Service

How has it helped my organization?

The ability to configure the appliances for efficient usage.

  • Content filtering
  • Anti-Spam
  • URL blocking
  • Bandwidth management

What is most valuable?

  • Content filtering reduces the load on the available bandwidth and restricts employees from using distracting websites on the job, which leads to more productive hours.
  • Anti-Spam reduces unwanted mail on corporate exchange services.

What needs improvement?

After-sales support and hands-on training facilities are poor or not available in my country. Improving these will help users like me optimally manage and administer this solution.

For how long have I used the solution?

More than five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
LV
IT Superintendent at a mining and metals company with 11-50 employees
Real User
Difficult to manage and a large number of sessions slows it down

Pros and Cons

  • "It has good reporting, the reporting is marvelous."
  • "The problem primarily with SonicWall is it's a Unix box. And it's all software, all the activities, blocking, censoring, everything has to happen in the software. If you start hitting the box with a lot of sessions it slows down and that's not what I expect from a firewall."
  • "It's very hard to manage this box. You really need a lot of skills to operate the SonicWall. There is training and the like, but it's just hard to manage. Even if you have the knowledge, there are too many options. The menus are not very clear, where you should find the information."

What is our primary use case?

Primary use is Office 365, all our users have cloud-based email. The rest is business emails, business procurement, etc. And if users are on after hours and they want to see more, we allow it, but still, blocking is difficult on the SonicWall. It's not easy. We have about 300 users who go through the internet.

What is most valuable?

At the moment, none. It just doesn't do its task. Users, no matter how you configure it - and it's configured quite carefully in the sense of censoring - seem to be able to punch to the file. It just doesn't do its job.

It seems to have all the features, it's just not performing.

It has good reporting, the reporting is marvelous, but reporting is always after the fact and you want to be proactive if you're a firewall. You don't want to be saying “Ah! We had a bot running on the network,” while SonicWall itself didn't give that indication in an active way.

What needs improvement?

The problem primarily with SonicWall is it's a Unix box. And it's all software, all the activities, blocking, censoring, everything has to happen in the software. If you start hitting the box with a lot of sessions it slows down and that's not what I expect from a firewall.

I have worked with this box for six months, and it's a daily task to manage this thing. You don't have to always have time to do this.

The room for improvement is to step away from the Unix platform. It needs to be a specialized system that manages firewall activity. You don't want to rely on two systems, one being Unix and one being the firewall. Unix is a powerful system, I have no doubts about it. I've set up Unix systems my whole life and they're very powerful. However, when it comes to dedicated tasks it's not suitable. That's Unix. Unix is general. It does everything. And by doing everything, it's not always as powerful as a dedicated system like a hardware solution, like Fortigate.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It's fairly stable. In the last six months, I've had to restart the box about five or six times because it just didn't do what it needed to do. And after the restart it started working again. So it's not as reliable, in my view.

It might be working in other environments, but in my view - we have a satellite connection of only 8 megabits - it's very hard to control bandwidth on the SonicWall to allow certain types of traffic to have priority. You can't really dedicate certain bandwidth for, let's say, an Office 365 solution. It's all very global. And global makes it hard to manage on a slow link, and 8 megabits is a slow link.

What do I think about the scalability of the solution?

I don't know about scalability because I have only worked with this box. There are probably faster boxes on the market. This box should be sufficient for 300 employees and my impression is that performance is suffering if too many people are trying to get through it.

Which solution did I use previously and why did I switch?

The main reason this was bought was it was cheap. We all know that Fortigate is far more expensive. But, then again, it's more like the Rolls-Royce of firewalls. And what you can do with it in hardware has no comparison with any of the software solutions on the market. Yes, everything performs, every firewall-type solution, whatever you want to use, does its job. But you want to have a management-free solution. If you look at Fortigate, no matter how you look at it, you know it works. With Unix boxes, you never know. It's a Unix system and, for whatever reason, it can stop working and you have to reboot the machine, which is not the most beneficial solution.

I've used Fortigates. Fortigates have no problems if you start adding a thousand users, depending on what kind of service provider you have. A big difference is that it's global censoring on the SonicWall. On the Fortigate you can censor per rule, and that's a big difference if you are in a multi-user environment where you have different types of actions.

At my current company, this was set up at the beginning, when the company started. They have never had a different solution. They have another location with Zyxel firewalls, which will also be replaced with Fortigates. They all perform. That's probably the best thing I can say about them. What we're going to implement now is a far broader solution with authentication and everything else. At this stage, that is not implemented on the SonicWall. My fear is that if we implemented that on the SonicWall, we would have more problems. It's really not that flexible.

My most important criteria when selecting a vendor are manageability and the features, and by features I mean complete management of the firewall.

How was the initial setup?

The setup is fairly simple. That's why I'm surprised that this box is struggling. That's not what I would expect from this type of solution.

What other advice do I have?

Do your homework. Go to your website, compare firewalls, not only SonicWall, not only Fortigate. Compare them for the task that it needs to run for your company. That's the bottom line. There are small firewalls which will suffice for certain companies. You might need bigger ones, you might need more features. So really, you have to do your homework.

I work in an African country, knowledge is something they are still gaining, and SonicWall is too difficult for most people to manage, versus a Fortigate where it's really a step-through and you know what you're doing, you can see what you're doing. You can't really see that on a SonicWall.

It's very hard to manage this box. You really need a lot of skills to operate the SonicWall. There is training and the like, but it's just hard to manage. Even if you have the knowledge, there are too many options. The menus are not very clear, where you should find the information.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
TC
Manager at Smeja Enterprises
User
Port forwarding could use streamlining, but support is usually good when it comes to helping with issues

What is our primary use case?

I walked into a job where we had an end of life ns2400 that was a mess. Coming from a Meraki environment there was a learning curve on how to navigate the sometimes overly complicated user interface. Tasks I should have been able to complete in 10-15 minutes took longer and I bounced between menus to hash out NAT rules and port forwarding.

How has it helped my organization?

There is no Network Engineer on site, and there are too many piecemeal options to realize the full effect of the firewall's capabilities.

What is most valuable?

Support is usually good when it comes to helping out with issues. Once the matrix is learned, it becomes a much better tool, but the learning curve is pretty large.

What needs improvement?

Port forwarding could use…

What is our primary use case?

I walked into a job where we had an end of life ns2400 that was a mess. Coming from a Meraki environment there was a learning curve on how to navigate the sometimes overly complicated user interface. Tasks I should have been able to complete in 10-15 minutes took longer and I bounced between menus to hash out NAT rules and port forwarding.

How has it helped my organization?

There is no Network Engineer on site, and there are too many piecemeal options to realize the full effect of the firewall's capabilities.

What is most valuable?

Support is usually good when it comes to helping out with issues. Once the matrix is learned, it becomes a much better tool, but the learning curve is pretty large.

What needs improvement?

Port forwarding could use streamlining. Otherwise, once you learn the user interface, the capabilities of the firewall are good.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Vaniele Ferreira
Consultant at Techmail
User
Valuable features include the web filter, DHCP, and monitoring capabilities

What is our primary use case?

Our network has 150 users. We have two internet connections, an IPsec VPN, a DHCP server, a DMZ, WiFi, access controls and a load balancer, and two appliances with HA.

How has it helped my organization?

It is a good product, but very modular and with native resources which are much lower than its competitors. 

What is most valuable?

Web filter DHCP Monitoring capabilities IPsec VPN and other security controls Integration with the active directory and other security controls (IPS and IDS).

What needs improvement?

Load balance algorithms Resource usage graphs (throughput, connections, external accesses, and the possibility to export the content of the address object).

For how long have I used the solution?

More than five years.

What's my

What is our primary use case?

Our network has 150 users. We have two internet connections, an IPsec VPN, a DHCP server, a DMZ, WiFi, access controls and a load balancer, and two appliances with HA.

How has it helped my organization?

It is a good product, but very modular and with native resources which are much lower than its competitors. 

What is most valuable?

  • Web filter
  • DHCP
  • Monitoring capabilities
  • IPsec VPN and other security controls
  • Integration with the active directory and other security controls (IPS and IDS).

What needs improvement?

  • Load balance algorithms
  • Resource usage graphs (throughput, connections, external accesses, and the possibility to export the content of the address object).

For how long have I used the solution?

More than five years.

What's my experience with pricing, setup cost, and licensing?

Additional resources are too expensive.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
IT Supervisor at a tech services company with 501-1,000 employees
Consultant
Has high availability and stateful firewall capabilities

What is most valuable?

Since we have a strict SLA of 99.98% up-time on our network per year, (including maintenance), resilience is our main concern. It is a good thing that our very own NSA 4600 has high availability/stateful firewall capabilities.

How has it helped my organization?

We have had zero downtime since the deployment of NSA 4600 (HA).

What needs improvement?

I'm not quite impressed with their new logging interface.

For how long have I used the solution?

I've been using SonicWall NGFWs for almost five years now. We started using the NSA 4600 (HA) in March.

What do I think about the stability of the solution?

There were no stability issues at all!

What do I think about the scalability of the solution?

There were no scalability issues at all!

How are customer service and technical support?

I would give technical support a rating of seven out of 10. Their follow up is good. However, if the agent who is handling the case is not around, your support case will not progress. Hopefully, they can improve this.

Which solution did I use previously and why did I switch?

SonicWall NGFW has always provided the protection and uptime that we have needed. We never thought of switching to other vendors.

How was the initial setup?

I've been with SonicWall since my internship. Although we have a complex setup (Site-to-site VPN, SSL VPN, Bunch of NAT, custom Zones and Firewall policies), the initial setup for a new site has always been straightforward for us. This was due to the available knowledge base documents throughout the internet.

What's my experience with pricing, setup cost, and licensing?

SonicWall's Next Generation Firewall itself, I believe, is not expensive for the features and the protection it offers. Though the licensing is the big problem, especially for those companies with flat budgets for IT. My advice would be for everyone to avail themselves of at least three years of licensing to save tons of money.

Which other solutions did I evaluate?

We never had the chance to evaluate other options. But lots of my friends are bugging me to take a look at Sophos XG firewalls.

What other advice do I have?

Ask for a demo unit first before buying this.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Network Systems Specialist at a educational organization with 1,001-5,000 employees
Vendor
We switched to a UTM to have a comprehensive security solution and one interface to manage it

What is most valuable?

Because this is a UTM, we appreciate having a single pane of glass for a firewall, content filtering, and IPS/IDS services. It is much easier to manage and costs less.

How has it helped my organization?

In a K-12 environment, internet security is paramount and threats change quickly.

The main improvement for the organization is uptime and the ability to quickly affect security changes.

The second plus is the ability to improve throughput during peak traffic hours.

What needs improvement?

SonicWall uses a cloud-based database for content filtering. If the NSA cannot contact that online DB, filtering is handled one of two ways. Traffic is either halted completely or it is passed-through totally unfiltered.

In a K-12 school environment, neither is acceptable. It would be better if the DB can reside on the NSA and is used in the event the online DB is unavailable. Other than that, it works fine.

For how long have I used the solution?

This product has been online for over four years.

What do I think about the stability of the solution?

On two occasions, we had a 10GB SFP failure. But because we have an HA configuration there was no disruption. 10 GB SFPs seem to be fragile. Other than that, the system is quite stable.

What do I think about the scalability of the solution?

None.

How are customer service and technical support?

Technical support has been very good, the few times we've needed it.

Which solution did I use previously and why did I switch?

A Cisco ASA 5500 was used prior to the NSA 6600. We switched to a UTM to have a comprehensive security solution and one interface to manage it.

How was the initial setup?

Initial setup was complex. But that was expected when migrating from three separate security systems into one unified system. There was a basic template for converting some Cisco's ASA command line instructions to those used by SonicOS. Most of the configuration had to be developed or cleaned up in the SonicOS GUI.

ASA has a much better CLI, especially if you’re used to Cisco IOS. SonicOS CLI is mostly used by tech support.

Initially, it was a bit of a learning curve, but the SonicOS GUI is efficient and easy to use, enough for our needs, anyway. Once network and firewall rules (80% of the complexity) were configured, content filtering, IDS/IPS and other security services were enabled with check boxes.

What about the implementation team?

I recommend a 30-day test run in monitor mode. If you decide on this product, spend the extra dollars and get a second unit to setup an HA system. No down time during SonicOS upgrades or major configuration changes.

If you expect to operate at 10GB, keep one or two extra 10GB SFPs as spares, even though they are not cheap.

What's my experience with pricing, setup cost, and licensing?

The NSA series has several suites available depending on your security needs. Pricing and licensing is straightforward based on the suite you choose.

Which other solutions did I evaluate?

We considered upgrading the ASA to include the IPS module and adding a second unit for HA.

We also considered PaloAlto but at the time considered it too pricey for our needs. As for as an online evaluation, we did not do that. Time and rack space constraints prevented it.

However, a trusted VAR (more than 12 years) helped to ease our decision to go with the SonicWall.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Muhammed Yasir
Director Information Systems at a transportation company with 51-200 employees
Real User
We bought this device for Security and to filter traffic on our network.

What is most valuable?

Security and Filtering. We bought this device for security and to filter traffic on our network -- these features are working fine.

I think these are the most important features for anyone who is interested in UTM.

How has it helped my organization?

Security and Filtering.

What needs improvement?

Firmware. Sometimes the integrated certificates get expired and you need to contact support to get these certificates updated on your device -- to let all the services work properly.

For how long have I used the solution?

Three to four years.

What do I think about the stability of the solution?

I didn't encounter any issues with stability.

What do I think about the scalability of the solution?

I don't know because we are not using >30% resources of this device.

How are customer service and technical support?

Good.

Which solution did I use previously and why did I switch?

This is our first time choosing a UTM.

How was the initial setup?

Complex in Configuring DUAL WAN and VPN Connections because of Routing Config.

What about the implementation team?

If you need DUAL WAN and VPN Config, you need a network professional to set it up.

What's my experience with pricing, setup cost, and licensing?

It's expensive but has worth.

Which other solutions did I evaluate?

Fortinet, Dreytek.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Presalesa8b7
Presales Manager
Real User
Valuable features include SSL VPN and Application Control.

What is most valuable?

  • SSL VPN & Application Control
  • SSL VPN is important since several people are mobile and need files to access the server in the office. This is convenient, since they don’t need to go back to the office just use the SSL VPN.
  • Application control is important to limit the users in the office from consuming bandwidth such as downloads by torrent and games. This also protects us from malicious applications such as anonymous proxy.

How has it helped my organization?

  • Creating site to site VPN for HQ
  • Branch via satellite connection for the branch

What needs improvement?

Access management port: This needs improving by SonicWall firmware.

For how long have I used the solution?

We have been using the solution for three years.

What do I think about the stability of the solution?

We did not encounter any issues with stability.

What do I think about the scalability of the solution?

We had a scalability issue.

How are customer service and technical support?

Level-3 technical support is good.

Which solution did I use previously and why did I switch?

We switched because of stability issues when turning on the UTM feature.

How was the initial setup?

The initial setup was simple.

What's my experience with pricing, setup cost, and licensing?

Pricing and licensing are competitive for this product.

Which other solutions did I evaluate?

We evaluated Sophos, Fortigate, and Stonesoft.

What other advice do I have?

If you looking for a simple site-to-site VPN, stable UTM feature, and easy SSL VPN setup, then this solution is OK.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user634512
Sr. Network Administrator at a tech vendor with 51-200 employees
Real User
I like that you can run a packet capture from within the product. Absolutely has the best bang for the buck.

What is most valuable?

I like that you can run a packet capture from within SonicWall and configure it to automatically upload the packet captures to an FTP server. This is useful when trying to troubleshoot an intermittent issue. It can capture for as long as you have disk space on the FTP server.

How has it helped my organization?

We are more aware of security issues since SonicWall can be configured to send e-mail alerts. Server-side Outlook rules and Exchange transport rules (more informational subject lines) can be helpful in sorting and making sense of the many alerts it can generate. We have also configured it to send logs to a syslog server. They also offer SonicWall Analyzer which can reportedly be very helpful when viewing logs but I have no experience with it.

What needs improvement?

I am not sure if SonicWall has finally addressed this issue but a major area for improvement would be being able to export the settings file in a non-binary readable and editable format. It is not possible to export, make changes and then upload a revised configuration. Since the settings file is binary and non-readable, it seems to always be suspect when any strange issues arise with the appliance. I have had their techical support many times through the years question whether our settings file was corrupt. Of course it would be very easy to know if it was possible to look at it but it’s binary.

Another issue we had was with SonicWall auto-creating firewall rules for VPN tunnels until I learned to disable that feature and not allow it. SonicWall will not let an admin delete an auto-created object. I personally believe an admin should be able to delete anything. We had cases where a VPN tunnel was deleted first and auto-created objects for the tunnel would get abandoned. Other objects can also get abandoned. A time or two I was able to delete abandoned objects by recreating what created them in the first place and then deleting things in the right manner to cause the auto-deletion of the objects. If that doesn’t work, you will need to restore from a backup settings file or live with the abandoned object(s). We made it a policy to always backup the settings before any change and again after the change with the file names of the settings files reflecting what was changed. It also helps to send an e-mail to the team or record in a ticket details on any changes made, e.g. screen shots of all changes. If the settings file becomes corrupt you will need to load a previous settings file. It will be helpful to have a previous version along with a record of all changes made since that settings file was saved. This is another example of how helpful it would be to be able to view the settings file, make changes and delete objects if needed and then reload it. It would be so much easier and faster.

For how long have I used the solution?

I have used SonicWall products for about eleven years, these models for about eight years. They are near EOL.

What do I think about the stability of the solution?

Years ago, we would often have problems after firmware upgrades. Once after a firmware upgrade all firewall rules were still present except for HTTP and HTTPS which of course meant our web servers were dead until all the rules were recreated. We began to experience spontaneous reboots after another firmware upgrade. In recent years, they now issue early release firmware, often many versions of it, until they release a new general release. We never upgrade to early release and chose to only use general release after it’s been released for three months (true for all vendor firmware and software) and after we have searched for horror stories on the Internet. You can also open a tech support case and specifically ask the tech if the firmware is still considered a good and stable release. They will usually tell you honestly whether it is or not. We have had technical support tell us early release is tested and just as good as general release firmware while other technical support has told us it is not fully QA-tested and might cause problems. Using only general release firmware, our SonicWall has been rock solid and very stable for many years even when they were newer and had more frequent firmware releases.

What do I think about the scalability of the solution?

We never tried to scale it.

How are customer service and technical support?

SonicWall technical support is quite good. As with all contact with any technical support, I always document the issue, who I spoke to and their response. This can prove to be very valuable if trying to demonstrate a longstanding issue. It helps to have in hand previous dates, case numbers, names of previous tech support with notes on what they said and details on the previous attempts to fix things. For the most part, SonicWall technical support can quickly identify and resolve most issues.

Which solution did I use previously and why did I switch?

We had a SonicWall 5060 PRO and upgraded to the SonicWall NSA 4500s. They are near EOL and another upgrade will soon be required.

How was the initial setup?

I built them from scratch since our settings file in the 5060 PRO was suspected to have corruption. I documented all of the settings in the previous firewall and manually created all of the address objects, service objects, firewall and NAT rules to duplicate what was in the SonicWall 5060 PRO. I previously built the 5060 PRO so I knew it was configured correctly.

What's my experience with pricing, setup cost, and licensing?

SonicWall absolutely has the best bang for the buck hands down. Other firewalls are two to three times as expensive both in initial cost and recurring maintenance cost. SonicWall does not require duplicate licenses if you have an HA-pair in Active/Passive mode since only one unit will be active at any given time, which is a big savings in cost compared to other vendors. If you buy a security bundle you get even greater savings. SonicWall does, however, license user VPN access unlike most other vendors.

Which other solutions did I evaluate?

It’s been so long ago I can’t remember.

What other advice do I have?

At the time of this post SonicWall is now owned by private equity firm Francisco Partners and Elliott Management. I would research those firms and form an opinion as to the possible future of SonicWall and then decide accordingly. If you have already made your purchase, utilize tech support often if needed. They have been invaluable to me through the years and have always helped me in getting answers to any questions. They have always been there to assist me in setting up something new and unfamiliar when needed.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
IT Infrastucture - Cloud Admin at Primary S.A.
Vendor
​With Site-to-Site VPN we can connect several branch office that we have and with the routing options we can setup a VPN backup route using different ISPs.

What is most valuable?

  • Site-to-Site VPN
  • Deep Packet Inspection
  • Easy routing capabilities
  • Stability
  • AD integration
  • Traffic shaping options
  • VLAN options per interface
  • APP based rules/filtering

How has it helped my organization?

With Site-to-Site VPN we can connect several branch office that we have and with the routing options we can setup a VPN backup route using different ISPs, this is great when the ISP stability is not good. The AD integration is not the best but it works, thru that option we enhance the security of the device in terms of manageability. Deep Packet Inspection helps us to block undesired traffic like p2p activity even in ssl encrypted tunnels, but this is far from being easy to setup. Traffic Shaping options give us the ability to limit interfaces like the "guest wifi interface" however you can setup this per interface, not per VLAN, you have to create a firewall rule then apply "Bandwidth management rule".

What needs improvement?

Sometimes, the GUI is extremely annoying and you need to implement external tools for better network monitoring.

The GUI needs to be worked on as sometimes it's annoying to configure because the options are separate. For configuring a simple port mapping you have to go to the address object menu, then the NAT menu, then theFirewall menu, and if you want to delete this rule, you have to go backwards.

The AD integration works but in some cases when the connectivity to the AD is lost, SonicWALL also lost the AD synchronization and we had to login using a local user to re-synchronize the appliance with the AD.

Last, but not less important, are the tools for monitoring the network. The appliance has a lot of monitoring tools, but they are not efficient. For example, you cannot see (in real time) what user is accessing what site, consuming bandwidth, etc. but you need external tool to do this. Dell need to take a look at their Kerio control software).

For how long have I used the solution?

I have been using it for eight months.

What was my experience with deployment of the solution?

None, the deployment was done in conjunction with a Dell partner. They had some difficulties, but all of them related to our specific scenario. In that time we use all the configurations per IP basis and not per zone basis like Dell recommends.

What do I think about the stability of the solution?

Some, but they were very strange. For example, one of our ISPs gave us an IP address through DHCP, and in two cases the interface won't take a new IP address, even if we reboot the appliance, we have to use another interface to solve this. For other cases, we use LenovoEMC Storage Connector.

That software floods the connections of SonicWALL reaching the 322000 simultaneous connections/sessions. Until we find this software, the SonicWALL becomes very slow almost unresponsive, also we start to losing connection to other networks that are being handled by the SonicWALL. We solved this by applying connection limits but the final solution was uninstalling that Lenovo software.

What do I think about the scalability of the solution?

None, but if you need more you have to pay licenses and if it is no enough that you have to buy a mayor model of SonicWall.

How are customer service and technical support?

Customer Service:

We use our Dell Partner who are slow, but efficient.

Technical Support:

Our Dell partner have great technicians and they know the product. However they were slow to solve some problems because the GUI didn´t allow a fluent workflow/management.

Which solution did I use previously and why did I switch?

We didn't have a solution in place previously.

How was the initial setup?

Because our scenario requirements were complex, the initial setup was somewhat complex.

What about the implementation team?

We used a Dell partner who had a great level of expertise.

What's my experience with pricing, setup cost, and licensing?

You have to look if this device will do the task that you need, and if it does with which license do it. If you haven't got a license, you almost cannot use this equipment. Here you have a license for all, from the device itself to the user VPN license, so you have to be careful with this. Also, the licenses are not perpetual so my advice is talk with a Dell partner, know the product, know the limitations and compare with other brands.

Which other solutions did I evaluate?

We didn't look at any other options.

What other advice do I have?

SonicWALL offers two operating modes, per IP basis, and per zone basis. You should design your network for work on the per zone basis. It will be easier and effective to manage the device.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Product Categories
Firewalls
Buyer's Guide
Download our free SonicWall NSa Report and get advice and tips from experienced pros sharing their opinions.