Sangfor NGAF vs SonicWall NSa comparison

Sangfor and SonicWall are both solutions in the Firewalls category. Sangfor is ranked #19 with an average rating of 7.9, while SonicWall is ranked #20 with an average rating of 8.0. Sangfor holds a 1.2% mindshare in Firewalls, compared to SonicWall’s 1.6% mindshare. Additionally, 90% of Sangfor users are willing to recommend the solution, compared to 88% of SonicWall users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jan 5, 2025

SonicWall NSa and Sangfor NGAF compete in the network security category. Sangfor NGAF appears to have the upper hand with better pricing and deployment flexibility, making it more appealing for smaller businesses.

Features: SonicWall NSa offers deep packet inspection, application control, and user-friendly management for VPN and security at the gateway level. Sangfor NGAF provides competitive application control, strong anti-intrusion features, and a unique vulnerability assessment capability.

Room for Improvement: SonicWall NSa could improve complex configuration, GUI simplicity, and active-active HA capabilities, while addressing outdated technology and slow support responses. Sangfor NGAF should refine its user interface, cloud service support, and application control compatibility.

Ease of Deployment and Customer Service: SonicWall NSa mainly supports on-premises deployments, aligning with traditional infrastructure but requiring improvements in response times and service efficiency. Sangfor NGAF offers hybrid deployment options and is noted for efficient customer service, although it should enhance interface usability.

Pricing and ROI: SonicWall NSa offers good ROI through security bundles but incurs added costs with extra licensing. Sangfor NGAF is perceived as more cost-effective, particularly attractive to smaller businesses due to its lower base price and competitive licensing model.

To learn more, read our detailed Sangfor NGAF vs. SonicWall NSa Report (Updated: January 2025).

Buyer's Guide

Sangfor NGAF vs. SonicWall NSa

January 2025

Download the complete report

Helped 832,138 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Fortinet FortiGate

Mindshare comparison

As of February 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 20.7%, up from 17.7% compared to the previous year. The mindshare of Sangfor NGAF is 1.2%, up from 0.8% compared to the previous year. The mindshare of SonicWall NSa is 1.6%, up from 1.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Firewalls

Featured Reviews

EhabAli

Sr. Cybersecurity Solutions Architect at BMB

Efficient, user-friendly, and affordable

In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets. For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line. The stability has room for improvement. When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.

Read full review

Zaid Farooqui

CIO at Indus Motor Company

Enhanced threat detection with integrated security features and good support

We are using application firewalling, WAF, and SD-WAN. The capabilities are mostly within the box. For example, you will get web application firewall WAF as part and parcel of this. SD-WAN is also bundled. It integrates with their SIEM and SOAR solutions very nicely. Lastly, the pricing point is very cost-efficient as well.

Read full review

MohammedMateen

Network Administrator at Transgulf Readymix

Easy to scale advanced threat protection solution with knowledgeable technical support, but has occasional bugs

An area for improvement in SonicWall NSa is that sometimes, we experience bugs when upgrading, so we have to contact their technical support to fix issues. It would be much easier if this improvement was in place: if the one-time password which is built-in, was provided as an OTP for the administrator logging into the console, so that we'll have a quicker awareness of it, rather than needing to check emails for it. Having a Telegram or WhatsApp bot integrated with the device, for example, will be very helpful for us, so we can instantly take action, without us needing to log into and check our emails, meaning we'll be able to put things right faster. This may not be possible in SonicWall NSa, but I'm also looking for any kind of controller or device for the Windows server or client, e.g. Windows 11 and Windows 10 from SonicWall NSa itself, so that a security domain or the gateway of the organization would be able to identify the latest update for a product, whether that product is installed or not. This feature would be very helpful, and it's what I'd like to see in the next release.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Its user interface is good, and it is always working fine."

"The dashboard I have found the most valuable in Fortinet FortiGate."

"It works very well. It has a lot of different functionalities. Its cost is also fine for our customers."

"One of the nice things about FortiGate is that it can be deployed on the cloud or on-premises. You can actually do both. That's the biggest reason why I stick with this solution as opposed to something like Cisco Meraki. Another nice thing is that I can log directly into a FortiGate or get to it through their FortiCloud access products. They're pretty reliable and consistent. One of the reasons why I started using the product was their single pane of management. I can deploy their line of firewalls in conjunction with their switching and access points, and I can manage the entire network from one interface. I don't have to log into one interface for the firewall, another one for the access points, and another one for the switches. These firewalls have access point controller functionality built right into the system, so I don't even have to purchase additional devices to manage them."

"The customization potential is quite impressive."

"The initial setup of Fortinet FortiGate was straightforward."

"Their proxy-based inspection is responsive and secure."

"Customers are more inclined towards FortiGate because of application control, web filtering, and anti-spam features. The support from the FortiGate team is good, and price-wise, it is affordable."

More Fortinet FortiGate pros

"The absolute best part of Sangfor NGAF is their support. It's a 24/7 support channel, and the last time I requested their assistance I got a reply within three minutes. They helped solve the problem immediately."

"Sangfor's tech features and technologies are more powerful than those of the other solution providers in terms of security. They also have big solutions in terms of cybersecurity."

"Sangfor has the best capabilities for securing connections, securing web browsers, securing servers, and general threat protection."

"I think the tool has the feature to detect and kill ransomware in three seconds."

"Technical support is very good."

"The most valuable features are the WAN optimization, the internet access gateway (IAG), and the central console, which allows us to implement on their firewall."

"Sangfor is a good solution that provides a WAF and firewall solution. Most other vendors, like Sophos and Fortinet and Cisco, only provide one solution. That's a valuable feature of Sangfor."

"Sangfor NGAF's standout feature is its powerful application control, enabling precise restrictions on mobile user access to approved applications."

More Sangfor NGAF pros

"I really like the performance; there are no delays and no latency, which is a unique quality in firewalls nowadays."

"The tool's most valuable feature is application security. I am satisfied with its threat-prevention capabilities and have no issues with its incident response rate. We have no issues with its integration."

"SonicWall NS has a lot of valuable features. One of the best SonicWall NSa features is the ability to collect mini routers and get only one user connection."

"The functionality is the same whether it is on hardware or a virtual appliance. The interface is the same. It's nice that it's standardized."

"It is a very stable solution."

"One of the main features is the built-in storage capacity."

"The solution has many useful features, such as content management, user management, user filtering, and domain controller connectivity mapping."

"The most valuable aspect of the solution is its ability to work like any other firewall."

More SonicWall NSa pros

Cons

"Fortinet Fortigate could benefit by simplifying some of their processes."

"The configuration part was challenging, especially converting configurations from another OEM to FortiGate."

"Compared to some other products, the DLP is not at par for the moment."

"The monitor and the visibility, in this proxy, is very weak."

"I haven't had a single issue since using Fortinet."

"A sandbox would be good in order to be able to inspect the emails containing spam and be able to validate the emails that contain malware, prior to delivering to the customer."

"Maybe they could make some features more accessible, such as a way to translate directions between two networks that share the same subnets."

"It is quite new for us, and we need to go more in-depth into the monitoring tools. It provides different features that we need to do what we want. So far, it is okay for us. In terms of improvement, in the future, they can provide a faster implementation of features. Some of the features are first available in other solutions. Fortinet sometimes takes a little bit longer than other solutions, such as Check Point, to implement new features."

More Fortinet FortiGate cons

"The solution has too many bugs and these slow down the implementation."

"Sangfor has recently increased their prices."

"Scalability for any network device is not very easy in terms of vertical scalability."

"I would be happy if Sangfor developed a firewall designed specifically for home use, as well as for small businesses such as clinics and so on. A household version of the Sangfor firewall for your personal computer or laptop would be ideal, in my opinion."

"The setup phase is quite complex."

"The interface and user experience are horrible."

"It has an issue with the Sangfor Cloud Platform rather than the firewall. When we run a virtual machine, the window tabs display Chinese characters."

"It does not offer any recommendations on how to mitigate or control attacks."

More Sangfor NGAF cons

"I would like to have a built-in vulnerability scanner in the firewall. It would be great to have such functionality. Its price could also be better. It would also be good to have a local warehouse. It doesn't get damaged a lot, but if a customer needs a replacement, currently, it has to come from Miami or Mexico, which can take a few days. It would be better if they have a local warehouse from where we can just pick replacements and quickly solve a client's needs in terms of replacing equipment. It would be great to have it locally instead of waiting for it from Mexico or the USA."

"In terms of improvement, features like App Control do not work properly"

"The stability is not there. The features are there, but they are not stable. They need to improve on this product because I feel that they have launched this product without much R&D."

"The scalability is something that should be improved."

"My company can't connect directly with SonicWall's support team, making it an area where improvements are required."

"It needs to be more monolithic, and more details in the analytical tools offered would be appreciated since it is not yet mature."

"SonicWall NSa doesn't have a proxy. It also needs a quota management feature in specific scenarios where you must limit user bandwidth for a particular day."

"I would like to see better integration."

More SonicWall NSa cons

Pricing and Cost Advice

"I do not have first-hand experience with the rice of Fortinet FortiGate, but I have heard the price was reasonable."

"The price of the license and warranty can be better because it is very expensive."

"The pricing is fair."

"If you compare Fortinet FortiGate with Sophos and other firewall products available in the market, this solution is affordable."

"We saved a bundle by not needing all the past appliances from an NGFW."

"Fortinet costs are 25% lower than the high-cost provider. There is an equipment cost and a recurring monthly cost for licenses and technical support."

"FortiGate's pricing falls within the mid-range when compared to other leading firewall solutions."

"Fortinet FortiGate is reasonably priced."

More Fortinet FortiGate pricing and cost advice

"For over 2000 users, the cost is around 5000 to 6000 USD. If you want a web application firewall, you have to purchase an additional license for it."

"The license of Sangfor NGAF can be purchased at different interval lengths, such as annually or three years. They offer a range of packages to choose from, such as combo or hybrid packages. We are using the complete solution package which includes IM, NGF and SSL VPN, and WAF."

"It is one of the cheapest tools in the market."

"The product is very cost-effective compared to other brands or vendors."

"Price-wise, I would not consider Sangfor NGAF to be a cheap product. It is an expensive firewall solution, though not as expensive as something like Palo Alto, which is costly. However, the higher price point is justifiable given the feature set the tool provides that other firewalls may not offer in a single dedicated appliance."

"It costs about 8 to 10 thousand dollars per year for 500 users, standard licensing fees included."

"The price could be more competitive."

"When it comes to the price of firewall solutions, Sangfor NGAF takes the cake."

More Sangfor NGAF pricing and cost advice

"The CPUs are not able to compete with a similar price point to the Fortinet, WatchGuard, or Palo Alto product."

"SonicWall is not an expensive solution."

"There are different pricing models for SonicWall NSa."

"When implemented properly, the total cost of operation is very low."

"The pricing and value are good."

"They do have the option to purchase yearly, or two years, and three years renewal."

"The price is reasonable."

"The return on investment is very good."

More SonicWall NSa pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Firewalls solutions are best for your needs.

See recommendations

832,138 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Educational Organization

22%

Computer Software Company

14%

Comms Service Provider

Manufacturing Company

Computer Software Company

13%

Manufacturing Company

11%

Financial Services Firm

Educational Organization

Computer Software Company

15%

Manufacturing Company

Educational Organization

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?

When you compare these firewalls you can identify them with different features, advantages, practices and usage a...

See all answers

What is the biggest difference between Sophos XG and FortiGate?

From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...

See all answers

What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?

As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...

See all answers

What do you like most about Sangfor NGAF?

I think Sangfor NGAF is more valuable than Cisco products because of its simplicity and ease of management. If I comp...

See all answers

What is your experience regarding pricing and costs for Sangfor NGAF?

The licensing cost is quite high compared to other available firewalls in the market.

See all answers

What needs improvement with Sangfor NGAF?

The cost of licensing is very high compared to other firewalls available here. There should be improvements in hardwa...

See all answers

What do you like most about SonicWall NSa?

The product blocks access when I visit unrecognized websites.

See all answers

What is your experience regarding pricing and costs for SonicWall NSa?

SonicWall is much cheaper compared to Fortinet, particularly regarding renewal and licensing costs.

See all answers

What needs improvement with SonicWall NSa?

I would like more free VPN licenses. It would be beneficial if they could enhance the analytics part. It needs to be ...

See all answers

Comparisons

Sophos XG vs Fortinet FortiGate

Compared 23% of the time

Netgate pfSense vs Fortinet FortiGate

Compared 14% of the time

Cisco Secure Firewall vs Fortinet FortiGate

Compared 11% of the time

WatchGuard Firebox vs Fortinet FortiGate

Compared 5% of the time

More Fortinet FortiGate Competitors

Sophos XG vs Sangfor NGAF

Compared 17% of the time

Netgate pfSense vs Sangfor NGAF

Compared 4% of the time

Palo Alto Networks NG Firewalls vs Sangfor NGAF

Compared 4% of the time

Sophos XGS vs Sangfor NGAF

Compared 4% of the time

Check Point NGFW vs Sangfor NGAF

Compared 3% of the time

More Sangfor NGAF Competitors

Sophos XG vs SonicWall NSa

Compared 16% of the time

SonicWall TZ vs SonicWall NSa

Compared 12% of the time

Meraki MX vs SonicWall NSa

Compared 9% of the time

Cisco Secure Firewall vs SonicWall NSa

Compared 5% of the time

OPNsense vs SonicWall NSa

Compared 5% of the time

More SonicWall NSa Competitors

Product Reports

Buyer's Guide

Fortinet FortiGate

February 2025

Download Fortinet FortiGate product report

Buyer's Guide

Sangfor NGAF

January 2025

Download Sangfor NGAF product report

Buyer's Guide

SonicWall NSa

January 2025

Download SonicWall NSa product report

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall

Sangfor NGAF Firewall Platform

NSA 250M, NSA 2600, NSA 3600, NSA 4600, NSA 5600, Dell SonicWALL NSA

Overview

Fortinet FortiGate offers comprehensive network security and firewall protection across multiple locations. It effectively manages data traffic and secures environments with features like VPN, intrusion prevention, and UTM controls.

Organizations rely on Fortinet FortiGate for its robust integration with advanced security policies, ensuring significant protection for enterprises, cloud environments, and educational sectors. It facilitates network segmentation, application-level security, and authentication management, securing communication within and between locations such as branches and data centers. Its efficient SD-WAN and UTM features enable streamlined data management and enhanced threat protection capabilities. Users appreciate its centralized management, facilitating seamless operations across diverse environments.

What are the key features of Fortinet FortiGate?

VPN Capabilities: Ensure secure remote access for users and seamless site-to-site connections.
Intrusion Prevention System (IPS): Detect and prevent security threats and vulnerabilities.
Advanced Firewall: Offers robust firewalling with application control and web filtering.
SD-WAN: Optimizes application performance and enhances bandwidth management.
SSL VPN: Provides reliable and secure access for remote workers.

What benefits should users expect from Fortinet FortiGate?

High-performance Security: Delivers effective threat mitigation with high availability.
Centralized Management: Simplifies network operations with cloud-based management tools.
Detailed Analytics: Provides comprehensive insights into network activity and security threats.
Load Balancing: Ensures optimal resource distribution and traffic management.

Fortinet FortiGate is crucial in sectors like education, offering robust networks for secure data flow between campuses and facilitating remote learning. In enterprise environments, it allows efficient management of application traffic and security across multiple branches, while in the cloud, it seamlessly integrates with diverse platforms to enhance security infrastructure.

Fortinet

Sangfor Next Generation Firewall (also known as NGAF) is a converged security solution providing protection against advanced threat, malware, viruses, ransomware and web-based attacks using integrated security features like firewall, IPS, anti-virus, anti-malware, APT, URL filtering, Cloud Sandbox, and WAF. As the world's first AI-enabled and fully integrated Next Generation Firewall & Web Application Firewall (WAF), NGAF offering the security visibility, real-time detection and response, simplified operation and maintenance and high-performance application layer security needed to operate an enterprise network in total security. Tested and proven to provide cutting-edge network security by ICSA Labs and endorsed by Gartner Inc., NGAF harnesses the power of Sangfor’s Neural-X threat intelligence and analytics platform and Engine Zero’s innovative malware detection to provide next-generation protection for today’s enterprise.

Sangfor

SonicWall NSa dispenses advanced threat protection using a high-performance security platform. The NSa series implements intuitive deep learning technologies in the SonicWall Capture Cloud Platform to dispatch the automated real-time threat detection and deterrence enterprise organizations need today. SonicWall Network Security appliance (NSa) series is best for mid-sized organizations to distributed enterprises and data centers.

SonicWall NSa series next-generation firewalls (NFGWS) combine two very robust security ideologies to deliver advanced threat protection to keep users’ networks safe. Boosting SonicWall’s multi-engine advanced threat protection (ATP) is their Real-time Deep Memory Inspection (RTDMI™). The RTDMI intuitively identifies and stops aggressive zero-day threats and vicious malware by investigating memory directly. This real-time process allows SonicWall RTDMI to be accurate, lessen false positives and discover and alleviate malicious threats and attacks. SonicWall’s single-pass Reassembly-Free Deep Packet Inspection (RFDPI) will audit every byte of each and every packet by investigating both outbound and inbound traffic on the firewall. By combining the SonicWall Capture Cloud Platform along with on-box offerings such as intrusion prevention, web/URL filtering, and anti-malware, the NSa series is able to block the most malicious and dangerous threats at the gateway.

Additionally, SonicWall firewalls supply absolute protection by executing complete inspection and decryption of SSH and TLS/SSL encryption connections - no matter the port or protocol. The firewall takes a deep dive into each and every packet (the header and data) routing out any anomalies, zero-day intrusions, threats, and protocol non-compliance. Users can also define unique criteria specific to their organization to ensure their networks remain safe. This aggressive deep packet inspection is able to identify and block malicious attacks, stop dangerous malware downloads, prevent the spread of infections, and defeat command and control (C&C) communications and data exfiltration. Protocols involving inclusion and exclusion allow users complete control to decide, based on specific governance policies, organizational policies, or government or legal compliance, which traffic is to be investigated for decryption or inspection.

SonicWall Nsa offers enterprise organizations the network control and fluid flexibility they desire using an intrusion prevention system (IPS), VPN, real-time visualization, and other advanced powerful security features, making it a popular firewall solution in today's marketplace.

Reviews from Real Users

“The features that I have found most valuable are the firewalling, which is very good, and the GUI which is very intuitive. It is easy to use and provides great security.” - Network Engineer at a maritime company

“What's valuable in SonicWall NSa is the ATP (advanced threat protection). It can protect users from malicious links. SonicWall NSa also has a Sandboxing service that is very helpful for us, especially when end users accidentally click on malicious links. Another valuable feature of this solution is that it is very useful for site-to-site VPN connectivity issues. SonicWall NSa has very good hardware. I also love that SonicWall has very good technical support, who are very knowledgeable, provide good suggestions, and they're easy to reach.” - Mohammed M., Network Administrator at Transgulf Readymix

SonicWall

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya

The Ministry of Science, Technology, and Innovation (Indonesia), Lawson, Inc. (Philippines), Universiti Sultan Zainal Abidin (Indonesia), TEK Automotive (Italy), etc.

Orange County Rescue Mission, First Source, Michaels & Taylor, Green Clinic Health System, Aspire Chiltern Skills and Enterprise Centre, UnitedStack, Faith Lutheran College Redlands, Celtic Manor Resort, Star Kay White, Air Works, Unimat Life, NHS Yorkshire and Humber Commissioning Support (YHCS), Hutt City Council, Mato Grosso do Sul, Nspyre

Buyer's Guide

Sangfor NGAF vs. SonicWall NSa

January 2025

Free Report: Sangfor NGAF vs. SonicWall NSa

Find out what your peers are saying about Sangfor NGAF vs. SonicWall NSa and other solutions. Updated: January 2025.

DOWNLOAD NOW

832,138 professionals have used our research since 2012.

See our Sangfor NGAF vs. SonicWall NSa report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.