SonicWall NSa Reviews

The solution is a security system we install in our customer's office. It's a firewall. We have a control panel to manage and view some data and this control panel is in the cloud. However, the firewalls themselves are in the customer's office.

The security is great.

It has great performance.

The prices are similar to other vendors and the support is good.

The deployment process is simple. 

I can't speak to any missing features. They've recently released a new version and it's quite good. Right now, it's the best solution.

I'd like to see integration with Microsoft 365 for authentication.

We've been using the solution for a while. We've definitely used it over the past year.

The stability and performance are great. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. It's true that SonicWall had a lot of problems in the past, however, now it's very stable. It works perfectly.

It's very scalable. In some cases, it's necessary to change the firewall, however, it's easy to change as SonicWall has the ability to migrate the configuration from all firewalls to the new one.

Technical support is great. They are helpful and responsive. We are quite happy with their capabilities.

I'm also familiar with Fortinet. I find SonicWall more secure. It also offers better performance. 

Previously, we installed a firewall directly with Linux and we configured it all at once. It was very manual. 

Now, the implementation is easy. In the past it was difficult. Companies needed a specialist to deploy new firewalls. Now, they have a system that a normal technician can install.

It takes a few hours to install and deploy the product.

We have two people that handle deployment and maintenance. 

The pricing is on par with others on the market. It's not overly expensive.

The cheaper option is between €100 and €200. However, NSa has different models and the more expensive one is for around €10,000, more or less.

When we purchase our NSa, we buy the firewall and the security services. The security services are for a period of time from one year to three years. When we arrive at the end of the contract we need to renew the security services, however, the firewall will still work. We only need to renew the security services.

When we decide to change from Linux firewalls to an appliance we looked at different companies, like Cisco and Fortinet, and we compared these different companies and products. We decided on SonicWall due to the relationship between performance and security.

We are partners.

I'd rate the solution at a nine out of ten.

Firewall/VPN appliance for SMB clients. Firewall provides advanced threat protection to internal hosts. It also provides a secure mechanism for remote access.

For the average SMB, this firewall does the job. Granular user controls, firewall and NAT rules that you would expect. Licensed features provide application control, content filtering, antivirus, and anti-malware all in a single appliance.  Be aware that their ATP is poorly implemented (stops downloads, forcing users to wait and click again).  Also be aware that the IPS/IDS, and Gateway Antivirus will do very little for modern threats such as ransomware.  We have had emotet trojans easily pass the firewall, connect to international foreign (and obviously) some kind of C&C without stopping it.  So little to no protection against modern threats, no HTTPS proxy as an option, poorly implemented ATP - it makes the case for a SonicWall very difficult to justify.  This vendor is frustratingly slow at adapting, evolving or improving their product.  They are unable to keep up with competition.

Application control: It allows us to block applications, i.e., websites by application type category. It is far more capable than content filtering alone. 

SonicWall has weaknesses. During its tenure with Dell, it was severely damaged (its reputation, innovation, etc.).  It is now recovering, but it may take time to get competitive again. They are clueless in some regards, which is unfortunate as they have the potential.

CPU: The CPUs are not able to compete with a similar price point to the Fortinet, WatchGuard, or Palo Alto product. Compare with the need to get 1Gbps throughput with full security (common nowadays), you are looking at NSA 5700. 

Wireless: What a disaster this has been historically. The new SonicWall will tell you it has been resolved and improved. It has improved - it actually works now, but performance is substandard. It is a terrible strategy to have a firewall act as an AP controller, in any case. Perhaps for an SMB, the integrated WiFi in their TZ series has a niche.

Anti-spam: Do not even consider it. It leaks like a shower head. What a mess that offering is. It requires a specific Java version on the server side (do not update it, otherwise it will break). In any case, a firewall doing anti-spam might be a low cost solution, but it is not your best strategy.

Logging/reporting: You need their analyzer to properly generate reports. This is an expensive, licensed feature, with a complex application or appliance back-end. 

MSP: They are not ready for managed security services.  Their Cloud GMS product is weak, barely out of beta (buggy).

VPN: Site-to-site is another problem area - Client-based VPN is another hot mess. Global VPN client issues and mobile connect issues. Do not even consider NetExtender - probably one of the most horrific, nightmare grade Java-based VPN clients. We have but all given up trying to make it work reliably.   If VPN is important for you - look elsewhere.  You have to pay for licenses (most competitive vendors include this by default).  You will have 4 different methods, 3 different clients, 2 licenses and all of this to have a horrible VPN connectivity.  No proper or modern 2FA for additional security.  AVOID!

AGSS / ATP: This is poorly implemented.  A user will click to download a new type of file, and nothing happens.  They have to wait an indeterminate amount of time, and try again to see if it works.  It is so annoying, most clients avoid this capability, just nullifying the whole purpose of it.

App Control:  Be aware that either due to firmware updates, or bugs - app control will behave poorly (cause packet loss, or outright blocking) with normal and legitimate activities.  Resetting and re-configuring it is the work-around (super annoying).

More than ten years.

Yes. The VPN client connectivity and licensing has been a major complaint, especially during COVID-19

Yes. The CPUs are very weak.

During the Dell years, support was terrible. It has since improved.

No. We have always only deployed SonicWall.

Setup is easy. Anyone with basic firewall experience can do it.

In-house only. Level 2 techs can handle most tasks.

All advanced features are licensed capabilities, such as Advanced Gateway Security Suite or Comprehensive Gateway Security Suite.  VPN clients are licensed, and you have to choose a type of license you want (how ridiculous is that). 

We have evaluated Sophos, Fortinet, Palo Alto, Barracuda, WatchGuard and now CheckPoint

Avoid this company.  They have no idea what they are doing, except a slick marketing campaign.  They don't listen to their customers.  The only evolution of the product in the last few years was a slight redesign of the web interface and DNS proxy.   They will push their SonicWall "Capture" but this has nothing to do with the Firewall product itself, it is a windows based NextGen A/V based on Sentinal with ATP.

We use the solution on campus for students. We are not a non-profit organization working with financial constraints. We are an academic institute, so not very much security is required. We are required to provide real-time security.

SonicWall's technical support is very good. We get real-time support from them. The product also works fine. There are no issues with the hardware. The security is also good.

One issue with the solution is that no authorization or authentication features exist. We have to use another software, which should be built for authentication.

Other than that, it's become difficult to get the best price from SonicWall.

I've been using SonicWall NSa for the last nine years.

I rate SonicWall NSa's stability a ten out of ten.

I rate SonicWall NSa's scalability an eight out of ten. We have 700 student users on campus, but fewer than 500 concurrencies exist.

The setup process is very simple. I am 100% aware of how to install and configure it and how to make policies and implement them, such as website application blocking. I'm very comfortable with this firewall because it is simple. There is very little complexity.

We are checking the viability of Sophos over SonicWall. When we started using Firewall or UTM, Sophos was Cyberoam. The license was user-based. We saw that Cyberoam was costlier than SonicWall. We could not get financial approval for that.

SonicWall NSA is a good product, and we are not facing any issues. I rate it a ten out of ten.

We use SonicWall NSa as a firewall to protect our branches. We use the solution for intrusion prevention systems (IPS), intrusion detection systems (IDS), and networking. We have VPN connections with our data center and other branches.

SonicWall NSa is very easy to configure. For example, it's very easy to give internet access to a user. We have configured groups, and I can remove and add them whenever required. We use SonicWall NSa for authenticating MAC (media access control) ID from the PC.

SonicWall NSa's reporting could be improved.

I have been using SonicWall NSa for three years.

SonicWall NSa is quite a stable solution. We faced some issues regarding the VPN connectivity. Sometimes it drops, but it also depends on the box on the other side.

SonicWall NSa is not a scalable solution because we are using small boxes and can't scale them. For example, the solution works fine if it's for 20 users. The moment you add more than 20 users, it becomes slow.

Around 20 users are using SonicWall NSa in our organization. The solution is used extensively, 24/7, in our organization.

SonicWall NSa's technical support is quite good because they respond and solve our issues whenever we call them.

Before SonicWall NSa, we previously used Cyberoam.

SonicWall NSa's initial setup is very easy.

Our networking team deploys SonicWall NSam in one or two days. Just one network engineer is required to deploy and maintain SonicWall NSa.

We have seen a return on investment with SonicWall NSa.

Compared to Fortinet and Cisco, SonicWall NSa is a cheaper solution. You have to pay additionally for IPS, which is not part of the solution's license.

I use the latest version of SonicWall NSa.

I would not recommend SonicWall NSa to other users compared to Fortinet or Cisco.

Overall, I rate SonicWall NSa a seven out of ten.

My company uses SonicWall NSa as the primary firewall and the SonicWall TZ series as a backup firewall. I have no idea why the company needs to support two firewalls. Still, sometimes, SonicWall NSa has an issue, so the company removes the memory card from it, then replaces it with the memory card from the backup firewall.

I like that SonicWall NSa is a stable product. It's also a scalable product.

One area for improvement in SonicWall NSa is the GUI. It isn't easy to understand.

The support for SonicWall NSa is mediocre, which is another area for improvement.

The product speed also has room for improvement.

SonicWall NSa also uses old technology compared to other firewalls, so it needs to upgrade some of its functionalities, such as the VPN.

We've been using SonicWall NSa since 2018.

SonicWall NSa is stable, and it has no issues, stability-wise, so it's an eight on a scale of one to ten.

The scalability for SonicWall NSa is fine, so it's a seven out of ten.

The technical support for SonicWall NSa is a two on a scale of one to ten. It isn't good because SonicWall support will only call you if they have time.

Negative

I'm looking for a different solution so my company can switch to it from SonicWall NSa. I worked with CyberDome and then Fortinet.

Compared to SonicWall NSa, I noticed that the interface is easier than the SonicWall NSa interface. However, I'm describing non-enterprise solutions. 

Support is also excellent versus the support SonicWall NSa provides. If you email or call the support team of Fortinet or CyberDome, you'll get a call. In contrast, the SonicWall NSa technical support team rarely calls, even when I could not configure the product, and my team could only see the logs. However, SonicWall NSa has strong endpoint visibility, which lets my company identify where the issue lies on the network or the infected system.

Fortinet offers a free VPN feature, while SonicWall NSa charges you for that.

The initial setup for SonicWall NSa was complex. The product took a lot of work to configure. That was critical because you had to configure rules, ports, and other parts. I'm describing new setups because, in terms of SonicWall NSa deployment for my company, I wasn't there during the deployment as I recently joined the company.

I don't deal with pricing for SonicWall NSa, so I have no information on that.

Right now, my company uses SonicWall NSa.

I work for a large enterprise using the SonicWall TZ series and SonicWall NSa.

My company uses version 600 of SonicWall NSa.

The SonicWall TZ series is horrible because whenever you remove the hardware, for example, the power supply, it will take five to ten minutes before it powers on. The last time, it didn't respond, so I had to remove the firewall and reboot SonicWall TZ, which took half an hour. The firewall was entirely down, and that time was critical, so SonicWall has to fix the reboot time issue on SonicWall TZ. That was a very, very bad experience.

The company has eleven locations with a total of one thousand SonicWall NSa users.

One non-technical staff maintains SonicWall NSa. The product doesn't require much maintenance.

My rating for SonicWall NSa is four out of ten.

I'd advise others not to go with SonicWall NSa because the interface has many issues. Another issue I have with the product is the reboot time. In particular, the hard reboot is very slow in SonicWall NSa.

My company is a SonicWall customer.

I use SonicWall NSa for bandwidth monitoring and aggregation. I also use it to control browsing.

What I like best about SonicWall NSa is the security it offers compared to other solutions in the market. Its reduction rate is also better than others.

SonicWall NSa has multiple areas for improvement.

One is that it doesn't have a proxy. It also doesn't have the quota management feature required in specific scenarios where you need to limit user bandwidth for a particular day, so one user isn't using up too much bandwidth compared to other users.

Active/Active HA is also missing in the product.

What I want to be added to SonicWall NSa in the future is the bandwidth optimization feature.

I've been using SonicWall NSa for fifteen years.

SonicWall NSa is a stable product.

To scale SonicWall NSa, you need to keep changing the model of the box, but this is the case in any other solution, so you go for hardware appliances, such as Fortinet, Sophos, Palo Alto Networks, and Check Point because after reaching a specific capacity, you need to change the model.

SonicWall NSa has good technical support, so support-wise, I'm giving it a ten out of ten.

Positive

My company chose SonicWall NSa over other products because it was good. It was better than others.

SonicWall NSa is easy to implement. It took two hours to deploy the product completely.

We implemented SonicWall NSa as we're SonicWall resellers.

There's ROI from SonicWall NSa, and its reduction rate is the best.

There are different pricing models for SonicWall NSa.

My company uses a next-generation firewall from SonicWall, SonicWall NSa.

I'm using version 2650 of SonicWall NSa.

My company is a SonicWall NSa reseller.

In the company, everyone uses SonicWall NSa, particularly fifty people.

My advice to people looking into implementing SonicWall NSa is that it depends on the setup. What my company does is first understand the setup and why the customer wants to deploy the product. Based on the customer's answers, my company presents solutions that would work. For example, if you require a proxy or a quota management feature, SonicWall NSa will not be a complete solution. If you need Active/Active HA, SonicWall NSa won't be the right match. You need to understand what you require from the product. If you need browsing and management turnovers, then SonicWall NSa will be good enough. Overall, the product still has some areas for improvement.

My rating for SonicWall NSa is seven out of ten. For me to give it a higher rating, it should have more features. Right now, I'm unable to market it well because it doesn't score very well in Gartner. I can only position SonicWall NSa as having the best reduction rate. The product is relatively good and stable but still needs certain features.

The solution is used basically a parameter firewall and to secure the company network.

The content filtering is very good.

The solution is easy to use.

They offer good antivirus solutions. It's basically a complete package.

The solution is stable. 

There's always room for improvement. 

For example, the monitoring system is in need of improvement. Their monitoring system is too expensive. Most of the company doesn't apply the monitoring system as it's too expensive. Some more monitoring features should be built into the firewall device itself.

Management spends a lot of money on the device, and they want to know what is working, et cetera. To understand this, we need some reports, graphs, and figures. Without these items, management may not be convinced they are spending the money in the right way. Having reports that reflect the work done to keep the network secure would show the benefits and the ROI in a positive way that would help sell management on the product itself.

The ongoing service fees are high.

The solution could use more online educational tools to help users understand the underlying functionality of the product. Things like videos and tutorials could help a lot. 

I've been working with the solution for the last nine years or so at this point. It's been almost a decade.

The solution is very stable. We can do 80% to 90% of tasks with no issues whatsoever. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.

The solution can scale, however, in Pakistan, it's not easy not to spend so much. One device can last over five to six years. You can say scale, however, you need to have an understanding of what functionality you will need over the years. Over four to six years, the device can fulfill your requirements. After six to seven years, you can replace it with another model or another brand to meet your updated needs.

I didn't use support over the last nine years, except for handling the device replacement itself. I needed a device replacement due to some damage, and they fulfilled my request and requirements. In terms of tasks such as configuration issues, I've never actually asked for assistance for those queries and therefore could not rate how helpful or responsive they are when they cover those matters. 

In the past, I have also used Fortinet and FortiGate as well as Juniper. I have 19 years of experience with various solutions. I have used multiple devices including Cisco, Juniper, FortiGate, SonicWall, and others. Basically, FortiGate and SonicWall are more or less the same types of solution. However, the SonicWall is easier to install than FortiGate.

I have deployed the solution myself. I did not need the help of an integrator or consultant.

The pricing is reasonable, however, all firewalls have high prices for subscriptions for their services to cover after warranty needs for content filtering, for antiviruses, for web filtering, et cetera. All firewalls have extra prices. 

After spending so much money year over year, we were surprised that we had to still pay more than the device cost just to covers services. That's why you may find that most companies stop their services and just running the firewall as a box. Most small companies stop their services just due to the high subscription fees. That said, multinationals or larger organizations likely still pay the service fees.

In places like Pakistan, a developing country, it's hard to continuously pay, as we find the continuing service fees expensive. They should work to make an exception for certain regions such as ours.

I'm a customer and an end-user.

I can't remember the exact versions we are using. We may be on version 6, and the models I have used include the 2600, 2500, and 3600 series.

I'd warn new users that the box is huge. The box has multiple functionalities and most users are not trained. They can't benefit from all the functionality as they don't know that it exists. Due to the lack of knowledge, most users don't leverage additional functionalities which they should. While the solution offers good devices and reasonable pricing for the box, companies need to educate themselves on how they can best use the product to their advantage. SonicWall can help by posting more videos and sharing more information.

I'd rate the solution at an eight out of ten.

We primarily use the solution from our firewall endpoint VPN. It does have a spam filter, SSL, DPI, and numerous other security features. We've got the full license suite.

The DPI-SSL is the solution's most valuable aspect. It's handy. It's nice.

The scalability is okay.

The initial implementation isn't too bad, once you get used to the process.

We're not happy with the device itself. We're obviously moving away from it for a reason that they're a Swiss pocket-knife of devices and they do a lot. However, nothing is really done well. They don't specialize in one thing that they excel at. They try instead to do almost everything and end up failing.

We're not particularly fond of the way it generally performs. We are finding ourselves rebooting often. There are freeze-ups and that kind of thing. The stability needs to improve exponentially.

Technical support is pretty slow to respond and escalate matters.

The cost of the solution is quite high.

The solution could use an invisible DPI-SSL or something that doesn't require a certificate rewrite. Most of the other vendors are doing that now. 

The SSL VPN performance-wise is terrible.

We've been using the solution for about three years at this point.

The stability isn't the best. It freezes. We have to reboot a lot. The device just doesn't work very well.

The scalability is okay, It's marginal, however, it is possible.

We have about 300 people on-premises that use the solution.

We've been in touch with technical support, ad currently, we find them to be below average in their support capabilities. Firewall support is just adequate. Right now, with COVID and everything, you are looking at 45 minutes to an hour to get the first technician on the phone. Often it takes two or three days to get it escalated. It's slow.

I personally previously used Cisco devices at another company, and therefore I have some experience with them. 

We're currently migrating away from this solution at the moment. We do not like the way the device performs.

In terms of deployment, there is a bit of a learning curve right off the top, as I come from a Cisco ASA background. It's more object-based, a little bit different. Once you get the knack of it, it's actually pretty nice in some ways.

That said, operationally, I would recommend anybody that deploys one of these to make sure they develop their own SOP for naming conventions, for objects, object groups, object types, service groups, service objects, et cetera, so that it's easier to manage and understand what you're doing. Generally speaking, it's just a best practices kind of process for administrative work. If you've got multiple admins, it's important that everything is contiguous, meaning everybody understands and works under that same parameters. It's like any other operating environment.

In terms of maintenance, there are two of us that generally manage it and maintain it on a fairly regular basis. I'm a network engineer and the department manager, who's not a system engineer, (however, is well-versed), also can perform maintenance as needed.

We handled the implementation in-house. We did not need an integrator or consultant to assist us.

While I don't know the exact amount off the top of my head, I would estimate the licensing package was about $15,000 to $20,000 a year.

Your original purchase includes the purchase of the hardware, licensing, and support. It's not a cheap device. 

We are customers and end-users.

We are currently using the NSA 4600. It's a full security appliance. We're using the latest version of the solution.

It's our primary firewall/VPN endpoint. It's used 24/7, 365. Due to the nature of our work, uptime is critical.

Ultimately, if you were to ask me if I were to recommend this device, I would say no.

I'd rate the solution at a three out of ten, simple due to the fact that the stability isn't there, and it's an expensive solution.