We just raised a $30M Series A: Read our story

SonicWall NSSP Competitors and Alternatives

Competitor
# Comparisons
Rating
Get our free report covering , and other competitors of SonicWall NSSP. Updated: November 2021.
552,305 professionals have used our research since 2012.

Read reviews of SonicWall NSSP competitors and alternatives

Oscar Bashford
Network Operations Support at EOS IT Management Solutions Ltd
MSP
Top 10
Fast with good usability and fairly scalable

Pros and Cons

  • "I'm told the solution is the fastest, and, so far, I do find that to be the case."
  • "It could use more tutorials."

What is our primary use case?

I primarily use the solution for experimentation. I just wanted to create a site to site VPN. I was hoping that you can make the SRX like a hub, so if I had a site here and then I had a new site, I could just create another VPN from that new site to the virtual X in the cloud. I don't know if it works like that. I'm skeptical if it can. Maybe there is a roundabout with the actual Azure AWS, however, I'm not so sure about that part. That's why I'm learning about Azure, and how that works in connecting to the cloud.

What is most valuable?

I'm told the solution is the fastest, and, so far, I do find that to be the case. 

I'm familiar with the solution, so I'm pretty comfortable with the processes. There's pretty good usability.

What needs improvement?

Largely the solution seems fine to me.

It could use more tutorials.

I think there's a step missing or the use cases are missing information. I'm not sure why you have to connect from the descendant to another SRX. The why part, why would I do that and what's practical, is not really answered in any documentation I have access to. At my last job, we used to hook up a VPN to the data center, and then at each site we would have a device connecting to that data center. Now that project is not 100% right now, I'm still wondering if I were to go and do that project, how would I do it? Should I make it cloud-based?

If I want to use it virtually in the cloud as a hub, I want to see if that's possible, and, if it's possible, they should have documentation on that.

I looked at the config. I played around with the config and then I say, "Okay, I see what they're doing, with the actual Azure part, and yet, on AWS, I'm having the same problem." It's something to do with the public IP. It's only functioning on the management side, on the virtual firewall. I can't get the other side, the other network interface to connect out. I don't have a connection out technically. I could ping, but through management and that's not how it's supposed to work. It's just through the management. I'm not seeing the departments.

For how long have I used the solution?

I haven't been using the solution for that long. Basically it's just this year. I've been tinkering with it since March.

What do I think about the stability of the solution?

The solution is stable. It seemed very good. I'm just trying to learn everything right now, however, from what I've experienced, I'd say it's reliable.

What do I think about the scalability of the solution?

Scalability is very good. I'm not an expert yet, however, I would recommend it to anybody who needs to expand.

There's hundreds, if not thousands, or users on the solution currently.

How are customer service and technical support?

I believe there is something on Amazon and you can ask questions about the solution. I was trying to go through something like that, and maybe they can help. I didn't really follow through, due to the fact that I didn't get an email, so I don't know who could contact me. With Azure, I didn't really go that far in depth.

Mostly I just do my own research and try to troubleshoot issues on my own. I'm figuring out everything from scratch.

Which solution did I use previously and why did I switch?

I'm kind of familiar with ASA firewalls from Cisco. I've worked with SonicWall a lot and Pablo Alto a little bit, however, I'm not 100% familiar with it. I've worked on it, but not every day. For Palo Alto, I just worked on it once. I know the interface. I know some other firewalls as well, however, I don't think they need to be mentioned, as they're not that popular. ASA firewall, I would say, is the most popular one.

How was the initial setup?

At first the implementation was straightforward. I got around quickly. I was able to, after a week, feel like I had the hang of everything. I can move around in Azure and AWS. That said, it's just the part with the elastic IP. I don't know if it's a Juniper issue or it's on there and there's another connection, and that's the part I'm not getting.

I was able to deploy the solution in days. It's just getting it to work properly, however. In that sense, it took weeks, or, at least a week and a half. I had to say "Okay, let me give up this for now" before I really got anywhere.

There isn't really maintenance per se. It's just running. There's 24/7 support. When it goes down, I guess, we're there.

What about the implementation team?

I did the implementation myself, however, I have a lot of tutorials and documentation on hand. I use YouTube as well. I even got Pluralsight the other day. I have IME. I have CBT Nuggets. Anything I can use to find out more about the product I will look at. What has really helped me was I got a lot of PDF files from Juniper and it had some stuff about AWS.

Which other solutions did I evaluate?

I would say this solution was the default selection, however, I know that ASA is up there too. That said, the virtual SRX is what's most popular now.

What other advice do I have?

Our organization is partners with Juniper. We have a business relationship with them.

At work I see it a lot, however, a lot of tasks are automated at work. It's not like you have hands-on from scratch experience. In my position, I'm doing more support or some automation to build the VRX or the virtuals needed for lab equipment. At home and in the labs I am able to learn from scratch, and I'm trying to connect VPNs, etc. I am hoping to get into the cloud in the future.

The version of the solution we use should be the latest. I downloaded it a couple of months ago. It should be the latest, due to the fact that I have a virtual that's a trial. I get it through the partnership through my job. The virtual that I've got is on AWS. Azure is the recommended platform.

I'd recommend the solution. I'd rate it ten out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PM
Network Engineer at a pharma/biotech company with 201-500 employees
Real User
Top 20
Protects your system against threats and advanced malware

Pros and Cons

  • "If configured, Firepower provides us with application visibility and control."
  • "FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."

What is our primary use case?

We use it for the actual firewall and also site-to-site VPN.

Our company is always growing. Every day's a new day and there is always something new to learn. We are a mature organization, but we can never sit still. We have two company locations and we use Cisco Firepower as our main firewall at both locations.

Overall, for security, we use about seven tools.

Within our company, there are just two people that maintain this solution. Myself and the IT manager. I'm the network administrator.

How has it helped my organization?

We were the subject of a ransomware attack a little over a year ago. Due to our console, we're able to easily see where the threat came from, all the while being able to shut down the network but maintain our network on the other side — or the other side of the site-to-site VPN. Then we could fix what we needed to be fixed here, and then subsequently correct the issues on the other side.

What is most valuable?

The manageability through the FMC is superb. I have a single dashboard that I can manage my firewalls from. I can see and manage all of my objects and control all my policies. I can look at all my logs and control my whole network from one dashboard.

What needs improvement?

FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it. Maybe more of an IDS approach. I don't know a better way to say it, but more of a heavier proactive approach rather than a reactive one.

For how long have I used the solution?

I have been using Cisco Firepower NGFW Firewall for two years.

What do I think about the stability of the solution?

I have had little to no issues except with the first version that we had. There was a known issue with Cisco in the first version. When I went to do a restore, there was a known issue with something with the Linux kernel. It took us about two weeks to get the restore working. It was a scary moment for us, but we worked through it, and ever since we've had no issues, stability-wise.

How are customer service and technical support?

I have contacted support multiple times and I have no problems with them. I think they do the best with what they have — especially with the pandemic this year. I think they've done everything they can do with what they have. They don't stop. They don't give up until the issue is resolved. They're really good with following-up too, making sure that the issue hasn't come back.

Which solution did I use previously and why did I switch?

We have another product that monitors all traffic. It just sits back and idols in the background — It integrates, but it doesn't if you know what I mean. It's a separate dashboard, but it alerts us. We can control the security — level zero through one hundred. If a threat registers above 54% (we have the limit set at 51) it alerts us. If it's a specific threat, it can shut down services, ports, machines, authentication, and so on and so forth.

We also use AMP, Umbrella, SecureX, and Duo. They're pretty easy to integrate. I wouldn't say beginner level, but if you have a working knowledge of networks and security, you can easily get them integrated. Also, if you need help, Cisco's always there to assist.

We use Firepower Management Center — it's a wonderful tool. It has an awesome all-in-one pane of glass dashboard so you can manage multiple devices from one dashboard. It's also very easy to set up.

We used to use SonicWall. Cisco was purchased right before I came on board, but from my knowledge, we had issues with the licensing of SonicWall. We are a Cisco shop. Both my manager and I prefer Cisco over other vendors. We have more experience with Cisco and their customer support and the products themselves are just better in our experience.

How was the initial setup?

The deployment was with all new networks, so the architecture was with a peer. We first sat down and discussed or laid out our network and what it would look like through IP schemes and everything else in that sense. We then figured out how many users we would have and decide what size of hardware we would need. We decided on what type of VPN connection and what certificates we would need. After that, once we were able to secure those tunnels and get communication going between our two locations, we then started tightening down our two networks as we have multiple networks within each location.

We had to decide what all needed to communicate with one another. Not every network needed to touch the outside world.

What about the implementation team?

From start to finish, including production rollout for other areas, deployment took roughly one month. We did it all in-house.

Some maintenance is required involving security patches. Cisco is really good at deploying those or not deploying those, but putting those out and having release notes and upgrade paths and just the information behind all of their patches. Cisco does a really good job with that.

What's my experience with pricing, setup cost, and licensing?

With any solution from anybody, I always think that licensing is a little high — but it's comparable to other companies. It definitely competes with the other vendors in the market.

What other advice do I have?

If configured, Firepower provides us with application visibility and control.

The ability to futureproof our security strategy is definitely there. There are a lot of functions that we don't yet use. When I say we don't use a function, I mean that the functionality or the ability is not turned on yet simply because we have not gotten around to it. The ability is there, the capability is there. That also goes into the reasoning behind why we chose it.

Do your research, know your skillset, be comfortable with your skillset, and don't be afraid to challenge yourself.

Overall, on a scale from one to ten, I would give this solution a rating of eight.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
TG
Senior Network Engineer at a tech services company with 201-500 employees
MSP
Top 10
Combines many tools in one appliance, giving us a single point of view for our firewall and all related security issues

Pros and Cons

  • "The most valuable features include the different security zones and the ability to identify applications not only by port numbers but by the applications themselves... And with the single-pass architecture, it provides a good trade-off between security and network performance. It provides good security and good network throughput."
  • "The machine learning in Palo Alto NG Firewalls for securing networks against threats that are able to evolve and morph rapidly is good, in general. But there have been some cases where we get false positives and Palo Alto has denied traffic when there have been new updates and signature releases. Valid traffic gets blocked. We have had some bad experiences with this. If there were an ability, before it denies traffic, to get some kind of notification that some traffic is going to be blocked, that would be good."

What is our primary use case?

We use it to segregate traffic between different tenant instances and to manage secure access to environments, DMZ zones, and to communicate what the firewall is doing.

How has it helped my organization?

With Palo Alto NG Firewalls, we can pass all compliance requirements. We trust it and we are building the security of our environment based on it. We feel that we are secure in our network.

It also provides a unified platform that natively integrates all security capabilities. It's very important because it gives us one solution that covers all aspects of security. The unified platform helps to eliminate security holes by enabling detection. It helps us to manage edge access to our network from outside sources on the internet and we can do so per application. It also provides URL filtering. The unified platform has helped to eliminate multiple network security tools and the effort needed to get them to work together with each other. In one appliance it combines URL filtering, intrusion prevention and detection, general firewall rules, and reporting. It combines all of those tools in one appliance. As a result, our network operations are better because we have a single point of view for our firewall and all related security issues. It's definitely a benefit that we don't need different appliances, different interfaces, and different configurations. Everything is managed from one place.

What is most valuable?

The most valuable features include the different security zones and the ability to identify applications not only by port numbers but by the applications themselves.

The DNS Security with predictive analytics and machine learning for instantly blocking DNS-related attacks works fine. We are happy with it.

And with the single-pass architecture, it provides a good trade-off between security and network performance. It provides good security and good network throughput.

What needs improvement?

The machine learning in Palo Alto NG Firewalls for securing networks against threats that are able to evolve and morph rapidly is good, in general. But there have been some cases where we get false positives and Palo Alto has denied traffic when there have been new updates and signature releases. Valid traffic gets blocked. We have had some bad experiences with this. If there were an ability, before it denies traffic, to get some kind of notification that some traffic is going to be blocked, that would be good.

In addition, there is room for improvement with the troubleshooting tools and packet simulator. It would help to be able to see how packets traverse the firewall and, if it's denied, at what level it is denied. We would like to see this information if we simulate traffic so we can predict behavior of the traffic flow, and not just see that information on real traffic.

For how long have I used the solution?

I have been using Palo Alto Networks NG Firewalls for about three years.

What do I think about the stability of the solution?

The solution is pretty stable.

What do I think about the scalability of the solution?

The scalability is good.

In terms of the extensiveness of use, it depends on business needs. Every communication from the company is going through this solution, so it's highly used and we are highly dependent on the solution. 

In terms of increasing our use of the solution, it all comes down to business needs. If the business needs it, and we get to the limit of the current appliance, we will consider updating it or adding more appliances. At this point, we're good.

Which solution did I use previously and why did I switch?

We previously used Cisco. The switch was a business decision and may have had to do with cost savings, but I'm not sure what the driver was.

How was the initial setup?

The initial setup was a little bit complex, but not terrible. The complexity was not related to the product. It was more to do with needing to prepare and plan things properly so that in the future the solution will be scalable. If there were some predefined templates for different use cases, that would help. Maybe it has that feature, but I'm not familiar with it.

The time needed for deployment depends on the requirements. We also continuously optimized it, so we didn't just deploy it and forget it.

Our implementation strategy was to start with allowing less access and then allowing more and more as needed. We made the first configuration more restrictive to collect data on denied traffic, and then we analyzed the traffic and allowed it as needed.

We have less than 10 users and their roles are security engineers and network engineers. We have three to four people for deployment and maintenance and for coordinating with the business, including things such as downtime and a cut-over. The network and security engineers work to confirm that the configuration of the solution is meeting our requirements.

What about the implementation team?

We did it ourselves.

What's my experience with pricing, setup cost, and licensing?

I'm not sure about pricing. I don't know if Palo Alto NG Firewalls are cheaper or not, but I would definitely recommend Palo Alto as an option.

If you need additional features, you need additional licenses, but I'm not aware of the cost details.

Which other solutions did I evaluate?

We evaluated Cisco, Sophos, Dell EMC SonicWall, and FortiGate. Cost and reputation were some of the key factors we looked at, as well as the flexibility of configuration. Another factor was how many users could comfortably work on the solution when publicly deployed.

What other advice do I have?

The fact that Palo Alto NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention is important, but I still don't completely trust it. I haven't really seen this feature. Maybe it's somewhere in the background, but I haven't gotten any notifications that something was found or prevented. At this point, we still use traditional approaches with human interaction.

Overall, what I have learned from using Palo Alto is that you need to be very detailed in  your requirements.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Manuel Gellida
Owner at Dinamica en Microsistemas de Informatica, S.A. de C.V.
Reseller
Top 5
Easy to use and deploy with an improved pricing structure in place

Pros and Cons

  • "The initial setup is pretty easy."
  • "They need to allow their solution to integrate with other products and not just other Sophos solutions."

What is our primary use case?

My clients are mostly based in the government. They are my core clients. I install the solution for my clients.

What is most valuable?

The solution is very easy to use. 

Of course, we have the skills, however, it's very easy for us to deploy the solution. That's one of the valuable features. 

They have a communication between the endpoint and the firewall which is very, very useful for security purposes.

Pricing is now pretty good. They changed the pricing structure a few months ago.

The initial setup is pretty easy.

What needs improvement?

The integration could be a bit better. They need to allow their solution to integrate with other products and not just other Sophos solutions.

Sophos has a feature that in my opinion is very limited. They don't have enough VPNs on their models. They have the XG 750, which is a sizeable appliance. On those models, they used to have not enough VPNs. They always were short on that area. 

Pricing used to be very bad, however, they've adjusted their strategy recently. 

The product needs to improve its marketing in Mexico. It's not a well-recognized product in our country.

The solution's technical support is very bad.

There is an overall lack of documentation in relation to features and capabilities. We need these to help explain aspects of the solution to our clients. 

For how long have I used the solution?

I've used the solution since around 2014. I have about six years of experience at this point. It's been a while. I've definitely worked with the product in the last 12 months.

What do I think about the stability of the solution?

The solution is quite stable. There are no bugs and glitches. It doesn't crash and freeze. It's quite reliable. We don't have problems with it.

What do I think about the scalability of the solution?

The solution is very scalable. It is not a problem. Sometimes we have issues when we are trying to do something with a different traditional version of hardware as sometimes the new hardware has more ports. However, if we are talking about scalability in a huge customer, we can do it very easily. 

Mexico is very different than other countries and continents as here, when we say it's a big customer, we are talking about 2,000 to maybe 3,000 users. There aren't too many large-scale operations in the country. However, in general, for our area, we tend to deal with large-scale companies.

For a company that has maybe 1,000 users, Sophos seems to work very well. We have one operation with 10,000 endpoints and it is working quite well.

How are customer service and technical support?

Technical support from Sophos is very bad.

Sometimes we lose a project due to the fact that we need to solve some issues or answer questions. Things that may be technical but also involve the administrative side. I'm talking about licensing and the capabilities of the feature. We need some documentation, something we can show clients. They can better in those cases. They can either help us or supply us with what we need. 

In response time, they are terrible. In the area of technical knowledge, they are getting better, however, they aren't where they need to be. Right now, we are not satisfied with the level of support provided.

How was the initial setup?

The initial setup is not complex. However, here in Mexico, it's very complex to sell the product. The brand is not as well known.

That said, the process is pretty straightforward. 

The deployment times vary. It depends on the end-user and what they need. Sometimes, it's easy as they don't have too many policies. The more policies they have, the longer it takes.

In other cases, clients may have a lot of VPNs. We have to work on those VPNs, and we have to do a lot of routing. However, that depends on the customer. Not all are like that.

For one appliance, you just need one person for deployment and maintenance. If we are working a lot of VPNs, we would have to use more people. We need to involve maybe two or three individuals and re-apply the configuration in that case. 

What about the implementation team?

We handle the installation process ourselves. We do not need the assistance of consultants.

What's my experience with pricing, setup cost, and licensing?

The pricing has recently changed on Sophos. Their licensing and cost structures are much more clear now. It's much better than it was.

Which other solutions did I evaluate?

Clients, in many cases, evaluate for Check Point, Forcepoint, and sometimes Fortinet. Occasionally, they may look at SonicWall, or Palo Alto however, the others are the main big competitors. 

Palo Alto is very expensive as are Check Point and Forcepoint. That's why we sometimes win the projects. We find Fortinet, is very, very hard to beat as they have a lot of market share, have a lot of marketing. Sophos doesn't have that presence, that marketing. Also, when you have to think about prices, Fortinet gives customers everything and it's hard to beat.

The biggest issue I've found with Sophos is the small number of VPNs that we can do compared to a similar appliance with Fortinet or in the same level center. In fact, many other brands offer more VPNs than Sophos.

What other advice do I have?

I'm a Sophos reseller.

We use multiple versions. We have worked with XG 460 and XG 135 and some others -such as XG 230. In those cases, sometimes it has been Rev 1 and in other cases Rev 2 in terms of the hardware versions.

I mostly work with on-premise deployments. The only item I have installed in the cloud is an email solution by Sophos.

I'd recommend the solution to other organizations. Overall, I would rate it at a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
AT
Project manager at computer care company
Real User
Top 20
Robust operating in an HA environment, but it is expensive and the training videos should be improved

Pros and Cons

  • "The most valuable feature is robustness."
  • "The training videos that are available need to be improved, and made more educative."

What is our primary use case?

We are a solution provider and we work closely with our clients to identify their requirements, and then we suggest a solution. Once they accept it, we implement it. The Juniper SRX is one of the models that our clients have chosen.

It is primarily used as a firewall.

What is most valuable?

The most valuable feature is robustness.

What needs improvement?

The training videos that are available need to be improved, and made more educative. This will help users to become more familiar with the product.

For how long have I used the solution?

I have been using Juniper SRX for the past four years.

What do I think about the stability of the solution?

We had suggested an HA-based environment, or architecture in the majority of places that we have implemented Juniper. In these cases, it has been very stable. There have been other products that we couldn't upgrade to the latest format, but Juniper could always be upgraded. It always worked and never crashed.

What do I think about the scalability of the solution?

I am not very sure about scalability, but I believe that we were able to migrate a few of the lower models to the high-end models and it worked perfectly well. There was no problem.

How are customer service and technical support?

They have technical support over the phone as well as the online ticketing system and that has worked out pretty well. They have been able to solve problems for us, although I do not know all of the details because we direct our clients to them. When our clients get in touch with customer support to resolve their issues, they share the information with us later.

Which solution did I use previously and why did I switch?

I sell other products from vendors such as F5, and they have a good training facility online. Juniper is behind in terms of video training that they have available.

How was the initial setup?

The initial setup is not very easy. We had faced problems in the GUI, so we had to switch back to the CLI to get things done. While using the GUI, it was pretty easy and we could accomplish things by just clicking. However, for some reason, there were errors and we had to complete it using the CLI. I have no idea why this was the case, but we finally achieved what we wanted.

What about the implementation team?

Our team implements this product for our clients.

What's my experience with pricing, setup cost, and licensing?

This is an expensive product. The buying power of companies in my region is such that perhaps 5% of them are pretty good. The majority of them are very bad in terms of buying power, so they look at the cost of these solutions and Juniper is not able to match the price.

Which other solutions did I evaluate?

There are several options that we offer for our clients. These include Pala Alto, Cisco, Dell, SonicWall, F5, and FireEye. Some of our clients choosing Juniper, whereas others choose a solution from another vendor. The majority of our clients choose Cisco or FireEye.

What other advice do I have?

Most of the companies that we deal with have a committee that takes care of purchases. We sit with the committee and they iterate through the various benefits of the solutions, after which the purchase is finalized. We are not biassed toward any particular product. We explain everything to our clients, show them the prices, and they come back to say what product they have chosen.

In summary, this is a good product, although it is a little bit expensive and the training could be improved. Training is something that is very important, and we were not able to get much information. For example, we couldn't get the best-recommended practices, which is something that we look at when implementing solutions. We were able to get a few of them, although not all of them have been updated. Consequently, we have a shortage of information about Juniper. Nonetheless, customer support has been able to help us in a big way.

Overall, things have been a bit slow, but we have been able to catch up.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Get our free report covering , and other competitors of SonicWall NSSP. Updated: November 2021.
552,305 professionals have used our research since 2012.