SonicWall NSa Reviews

When it comes to securing VLANs, the primary use case for SonicWall NSa is VPNs. 

Compared to Cisco, SonicWall NSa is much easier to configure. Cisco tends to be cumbersome through the web interface. It's easy through the command line, but when you're troubleshooting something, you're usually not going through the command line. When you're digging through data trying to find if something happened, you're usually digging through the logs, through the web interface, because it should be much easier. In Cisco, the logs are odd and you have to be really particular on what you want. You have to look for specific details. 

This process is much easier SonicWall NSa. I want to know where the problem started and where it ended, that's it; and it's really clear in SonicWall NSa. Whereas in Cisco it's just not clear at all.

It would be amazing if all of the ports on the throughput devices were 10 gig or 100 gig. That would make it so much easier for me to designate 10 gigs throughout the whole network. Right now, with SonicWall NSa, I'm doing designations like "use 10 gigs through the whole network until you hit firewall." In that case, all of the traffic that has firewall enabled on it drops to one gig.

That causes issues with throughput, especially when you're talking about data stores and Ice Guzzy, or when you're splitting things out with VLANs. 

MAC address filtering on the VPN and on the firewall itself would be a good thing to add as well. If it's there, I don't know where it is.

Automation would also be good. 

The implementation for VLANs is a little bit cumbersome. It would be good to make that a little bit easier.

I've used SonicWall probably on and off for the last couple of years. It depends on which client I'm working with.

SonicWall NSa is stable. 

Just adding multiple sites is easy. Clustering them is pretty straightforward. But if I needed to expand them in series, that's a little bit more complicated.

I've never used SonicWall tech support. 

The initial setup is pretty straightforward. 

Hire a network guy or have a service that's going to monitor and manage SonicWall NSa for you.

Mainly our customers use this solution as a general firewall. 

Currently, our most popular firewall is Fortinet FortiGate 40F. We do have all the way up to 100's, but most of our customers are small, medium-sized businesses.

We have a FortiAnalyzer that resides on Azure and we're getting a FortiManager because of the new capability to roll them out based on the serial number

With FortiManager and FortiAnalyzer, you have many more capabilities than you do with SonicWall.

I wouldn't say that. If it has no impact on them, it's doing its job correctly.

There are no specific features that you can say are better than anything else. It's very flexible and it meets our customer's needs.

The Fortinet Firewall is not the easiest firewall to maintain, nor is to set up and configure. Checkpoint and Sonos are much easier.

SonicWall, from my point of view is the same category as Fortinet. Checkpoint and Sonos are easier to use, but they don't have as many features as SonicWall.

You can do zero-trust networking with SonicWall, but it's not easy. Also, their desktop anti-virus sucks.

I have been using SonicWall since it was Netscreen — which was years ago.

When you buy it based on the load that you expect to use, there are no scalability issues, unless you swap them out.

SonicWall has exceptional tech support. I would rate checkpoint support best, SonicWall next, and Fortinet would be third. I would give SonicWall's tech support a rating of 7.5 to eight.

The structure of dealing with them is good. Once you get through to a support person, the support is very good. But getting through, getting to the point where you have someone on the line can be difficult. 

Overall, they're good at their job and they speak English.

The level of tech support varies: sometimes you get lucky and they're exceptional, and sometimes it's somebody that isn't that good.

If you don't set it up correctly, you are putting your customer's network at risk. They still haven't fixed a lot of the little issues that Dell introduced into the product line, but they're trying.

There are settings that if you don't set them correctly, you could potentially jeopardize your customer's network. 

SonicWall is probably easier to set up than Fortinet.

The pricing of SonicWall is still in line with Fortinet and Checkpoint. Personally, if I were presented with a decision between SonicWall, Checkpoint, or Fortinet, it would be a no-brainer.

If you're interested in SonicWall, consider checkpoint or Fortinet first.

On a scale from one to ten, I would give this solution a rating of seven.

They don't have independent testing. They haven't been independently rated — or another way to put it: Gardner rates them poorly. Because of this, we can't sell SonicWall to customers as easily as we can sell Fortinet or Checkpoint.

We use this solution for the VPN and to give permissions for on-premises access.

We're using the latest update.

The solution is deployed on-premises. There are two people using this solution in my organization.

SD-WAN is a good feature.

We also use the Sophos Firewall for web configuration, which we don't have in SonicWall. Only Sophos has those options. If SonicWall included that feature, that would be a benefit for us.

We have configured radius configuration. I would like to see an in-built authentication feature that would authenticate results and directly communicate to the cloud. Right now, we have a third party server for that. We are manually configuring it.

If anything goes wrong, sometimes we are unable to bring up that MPS configuration immediately. Our main VPN connection is always authenticated with the MFA option itself. When that happens, we have to revert those changes back as LDAP authentication. That isn't a good recommendation for our organization for VPN purposes. Anybody can connect directly, so they won't get two-factor authentication. It would be great for us if that was an in-built feature included in the Azure authentication.

I have used this solution for more than six years.

It's straightforward. There wasn't any kind of complexity. Deployment took one hour.

I would rate the setup as 4.5 out of 5.

We do the maintenance ourselves. Whenever there's any kind of patch release or upgrade release, we do the maintenance from our side. We have a dedicated team for maintenance.

Deployment was done in-house, but we did take some help from SonicWall.

I would rate this solution eight out of ten.

I would recommend that product. If those small features were included, it would be a good, all-in-one product.

Our primary use case for SonicWall NSa is as a public firewall, as an interface between our private network and the public network.

The product is working okay. The product is working feature-wise.

I would rate SonicWall NSa as an average product, not a very highly recommended one. It is an average product.

The stability is not there. The features are there, but they are not stable. They need to improve on this product because I feel that they have launched this product without much R&D.

We are using SonicWall NSa for quite a long time, around 10 to 12 years, but that includes the the older model, which was the 5500. Now we have been using the 5600 model for the last two, three years.

Performance wise, they are good - not very good, but they're okay, just good.

They are not stable. It is a very unstable product.

For maintenance, we require one engineer from the support partner, one from the tech side, and one from our side, so three engineers and one manager.

At any point in time we have more than 600 users.

We do not have plans to increase the number of users.

Tech support is okay, but the product needs much improvement.

We were not using a different solution before. We have always been using SonicWall, just the older model, which was 5500. We upgraded to 5600.

The installation part of the initial setup was a painful experience. I felt at the time that it was not a finished product. They have to do more R&D on this product to improve it.

It took a very long time to set it up, to be honest. It took very long because they had some bugs and fixes. After so many fixes, it took them very long to install this product.

Obviously, no OEM deals directly with them. We have their channel partners who did the installation.

To be very honest, we are not satisfied with the 5600 product.

On a personal level, I would not recommend SonicWall NSa.

On a scale of one to ten, you can rate SonicWall NSa a six.

The license and the hardware both need to be renewed. The annual maintenance contract is there. So they have to renew the licenses.

We are using SonicWall NSA 2600 for firewall purposes. We have its latest version.

It is able to fulfill my requirements. It protects our network environment. It has control over IPS, signatures, and it can also manage bandwidth and mapping. It is also stable and has good support.

It doesn't require much improvement. The only improvement area is that cloud reporting, assessment reporting, and other reporting features should be available with the subscription. They should provide reporting features with the subscription base, which is currently not there. We bought the reporting tool, but there are some complications. They have made some changes to the application, and now the reporting management is completely on the cloud. 

I have been using this solution for four years.

It has been stable. There are no issues with its stability.

It is not scalable. We can upgrade to a new box depending on the subscription. We have a three-year subscription, so we will continue with it for three years. After that, we would look for an alternative tool based on our requirements. Currently, we have approximately 250 plus users.

We have a license for support. We can raise a ticket if we need any assistance from their support. They are good, and I am satisfied with their support. They always take care of customer satisfaction. There might be a delay or something, but at the end of the day, they resolve the issues.

I have used other solutions. Palo Alto and Sophos are good solutions. FortiGate is also good, and it allows you to see and manage everything from one control. Some of the features available in other solutions might not be available in SonicWall NSA, but it is fulfilling my requirements.

We don't really need any support with the installation. There are a lot of knowledge documents. We also have a license for support, and if required, we can get support.

We have only two people who have been managing it for the last three years or so. We didn't face any challenges.

Its price is okay.

I would recommend this solution to others. I am satisfied with this solution.

I would rate SonicWall NSA an eight out of ten. 

We use this firewall to protect our perimeter. We create NAT policies and have a DMZ set up.

It is also used to filter the internet for all of our users.

The most valuable feature is the sandbox.

The content filter needs to be improved. I would also like to see better application filtering.

When we are troubleshooting problems, we find that the logs we see are not sufficient. It makes it difficult to find out what the main issue is. It means that we have to search further or perform another test to see what happened.

Technical support is in need of improvement.

We have been using SonicWall for approximately 15 years, and more specifically, SonicWall NSA for the past 10.

The stability is fine and we don't have any issues. We have never needed to report a problem.

We have about 20 people in the company who are protected by this product, and I think that the scalability is fine. However, I would say that it is best for small to medium-sized organizations.

When we have gone to the vendor for support, I don't think that the quality was very good. I would rate the vendor support a six out of ten.

I used to work with Check Point, and they are very good when it comes to application filtering.

The initial setup is easy and the deployment can be completed in between two and four hours. This includes installation and adjustments that need to be made.

We have an in-house SonicWall specialist.

When implemented properly, the total cost of operation is very low.

My advice for anybody who is looking into implementing SonicWall NSA is that they have to be very clear about what it is that they're looking for. It is a good solution for small and medium-sized businesses, and when you are very clear about what you need, you can implement a lot of other security services with a total cost of operation that is very low.

I would rate this solution an eight out of ten.

We primarily use the solution for just securing our users and creating a LAN through VPN tunnels. We use it to provide remote access to a cloud service.

It has allowed us to work remotely when the order to shelter in place went into effect in March of this year due to COVID-19.

The most valuable aspect of the solution is its ability to work like any other firewall.

The product is pretty easy to configure. It's easy to maintain and it works well with Windows.

There are features that offer 3G, 4G, failover, wireless, and things like that are very good. I'm not a firewall expert, however, in my opinion, the solution pretty much covers the needs of small and medium businesses.

Currently, I just have the basic modules turned on. I'd love to see how it works in terms of preventing more malware from getting through.

We still get phishing emails that manage to come through from time to time.

The solution could use a bit more security.

We had issues with the VPN tunnel between two sites. It wouldn't stay up. That was a problem for us. They need to fix it if they find it happens across the board to other customers.

This company has been using the solution for good three years.

The solution is stable. I've had one running for a little over 300 days without any problem. There aren't bugs or glitches. It doesn't crash or freeze. It's reliable.

The scalability is pretty good. I can scale out and add a firewall within a new office if I need to. If an organization wants to scale, they should be able to do so with no problems. Everyone working in our office uses the solution. Anybody that has a work laptop that needs to remote work from outside the office can do so as well. It's 100% used across the board.

I had to call support when one of my VPNs was failing. The VPN tunnel between two sites wouldn't stay up and they had us use a different security protocol.

They were very helpful. I found them to be quite responsive and knowledgeable. I don't think the problem with the VPN should have been there in the first place, however, that said, they did help us. I'd rate them, overall, at a nine out of ten.

The initial setup isn't too complex. My understanding is that it's straightforward. I didn't set it up myself, however, it's got configuration wizards to walk a user through. This no doubt is quite helpful and makes it pretty simple in terms of implementation.

The pricing is pretty reasonable. We don't find it to be overly expensive.

The version we are using is NSA 20 or 60.

If a company is looking for a good product that's easy to configure, I would suggest they consider SonicWall.

I'd rate the solution nine out of ten. If we didn't have that trouble with the VPN tunnel, I would give it a perfect score.

Firewall/VPN appliance for SMB clients. Firewall provides advanced threat protection to internal hosts. It also provides a secure mechanism for remote access.

For the average SMB, this firewall does the job. Granular user controls, firewall and NAT rules that you would expect. Licensed features provide application control, content filtering, antivirus, and anti-malware all in a single appliance.  Be aware that their ATP is poorly implemented (stops downloads, forcing users to wait and click again).  Also be aware that the IPS/IDS, and Gateway Antivirus will do very little for modern threats such as ransomware.  We have had emotet trojans easily pass the firewall, connect to international foreign (and obviously) some kind of C&C without stopping it.  So little to no protection against modern threats, no HTTPS proxy as an option, poorly implemented ATP - it makes the case for a SonicWall very difficult to justify.  This vendor is frustratingly slow at adapting, evolving or improving their product.  They are unable to keep up with competition.

Application control: It allows us to block applications, i.e., websites by application type category. It is far more capable than content filtering alone. 

SonicWall has weaknesses. During its tenure with Dell, it was severely damaged (its reputation, innovation, etc.).  It is now recovering, but it may take time to get competitive again. They are clueless in some regards, which is unfortunate as they have the potential.

CPU: The CPUs are not able to compete with a similar price point to the Fortinet, WatchGuard, or Palo Alto product. Compare with the need to get 1Gbps throughput with full security (common nowadays), you are looking at NSA 5700. 

Wireless: What a disaster this has been historically. The new SonicWall will tell you it has been resolved and improved. It has improved - it actually works now, but performance is substandard. It is a terrible strategy to have a firewall act as an AP controller, in any case. Perhaps for an SMB, the integrated WiFi in their TZ series has a niche.

Anti-spam: Do not even consider it. It leaks like a shower head. What a mess that offering is. It requires a specific Java version on the server side (do not update it, otherwise it will break). In any case, a firewall doing anti-spam might be a low cost solution, but it is not your best strategy.

Logging/reporting: You need their analyzer to properly generate reports. This is an expensive, licensed feature, with a complex application or appliance back-end. 

MSP: They are not ready for managed security services.  Their Cloud GMS product is weak, barely out of beta (buggy).

VPN: Site-to-site is another problem area - Client-based VPN is another hot mess. Global VPN client issues and mobile connect issues. Do not even consider NetExtender - probably one of the most horrific, nightmare grade Java-based VPN clients. We have but all given up trying to make it work reliably.   If VPN is important for you - look elsewhere.  You have to pay for licenses (most competitive vendors include this by default).  You will have 4 different methods, 3 different clients, 2 licenses and all of this to have a horrible VPN connectivity.  No proper or modern 2FA for additional security.  AVOID!

AGSS / ATP: This is poorly implemented.  A user will click to download a new type of file, and nothing happens.  They have to wait an indeterminate amount of time, and try again to see if it works.  It is so annoying, most clients avoid this capability, just nullifying the whole purpose of it.

App Control:  Be aware that either due to firmware updates, or bugs - app control will behave poorly (cause packet loss, or outright blocking) with normal and legitimate activities.  Resetting and re-configuring it is the work-around (super annoying).

More than ten years.

Yes. The VPN client connectivity and licensing has been a major complaint, especially during COVID-19

Yes. The CPUs are very weak.

During the Dell years, support was terrible. It has since improved.

No. We have always only deployed SonicWall.

Setup is easy. Anyone with basic firewall experience can do it.

In-house only. Level 2 techs can handle most tasks.

All advanced features are licensed capabilities, such as Advanced Gateway Security Suite or Comprehensive Gateway Security Suite.  VPN clients are licensed, and you have to choose a type of license you want (how ridiculous is that). 

We have evaluated Sophos, Fortinet, Palo Alto, Barracuda, WatchGuard and now CheckPoint

Avoid this company.  They have no idea what they are doing, except a slick marketing campaign.  They don't listen to their customers.  The only evolution of the product in the last few years was a slight redesign of the web interface and DNS proxy.   They will push their SonicWall "Capture" but this has nothing to do with the Firewall product itself, it is a windows based NextGen A/V based on Sentinal with ATP.