Firewall/VPN appliance for SMB clients. Firewall provides advanced threat protection to internal hosts. It also provides a secure mechanism for remote access.
Senior IT Consultant at a tech consulting company with 51-200 employees
Weak firewall. Licensing mechanism is a trap. Woefully inadequate VPN clients and methods. Look elsewhere
Pros and Cons
- "It allows us to block applications, i.e., websites by application type category. It is far more capable than content filtering alone."
- "Support has improved dramatically since their separation from Dell."
- "Setup is easy. Anyone with basic firewall experience can do it."
- "The anti-spam requires a specific Java version on the server side (do not update it, otherwise it will break)."
- "They are not ready for managed security services. Their Cloud GMS product is weak, barely out of beta (buggy)."
- "Do not even consider NetExtender - probably one of the most horrific, nightmare grade Java-based VPN clients. We have but all given up trying to make it work reliably."
What is our primary use case?
How has it helped my organization?
For the average SMB, this firewall does the job. Granular user controls, firewall and NAT rules that you would expect. Licensed features provide application control, content filtering, antivirus, and anti-malware all in a single appliance. Be aware that their ATP is poorly implemented (stops downloads, forcing users to wait and click again). Also be aware that the IPS/IDS, and Gateway Antivirus will do very little for modern threats such as ransomware. We have had emotet trojans easily pass the firewall, connect to international foreign (and obviously) some kind of C&C without stopping it. So little to no protection against modern threats, no HTTPS proxy as an option, poorly implemented ATP - it makes the case for a SonicWall very difficult to justify. This vendor is frustratingly slow at adapting, evolving or improving their product. They are unable to keep up with competition.
What is most valuable?
Application control: It allows us to block applications, i.e., websites by application type category. It is far more capable than content filtering alone.
What needs improvement?
SonicWall has weaknesses. During its tenure with Dell, it was severely damaged (its reputation, innovation, etc.). It is now recovering, but it may take time to get competitive again. They are clueless in some regards, which is unfortunate as they have the potential.
CPU: The CPUs are not able to compete with a similar price point to the Fortinet, WatchGuard, or Palo Alto product. Compare with the need to get 1Gbps throughput with full security (common nowadays), you are looking at NSA 5700.
Wireless: What a disaster this has been historically. The new SonicWall will tell you it has been resolved and improved. It has improved - it actually works now, but performance is substandard. It is a terrible strategy to have a firewall act as an AP controller, in any case. Perhaps for an SMB, the integrated WiFi in their TZ series has a niche.
Anti-spam: Do not even consider it. It leaks like a shower head. What a mess that offering is. It requires a specific Java version on the server side (do not update it, otherwise it will break). In any case, a firewall doing anti-spam might be a low cost solution, but it is not your best strategy.
Logging/reporting: You need their analyzer to properly generate reports. This is an expensive, licensed feature, with a complex application or appliance back-end.
MSP: They are not ready for managed security services. Their Cloud GMS product is weak, barely out of beta (buggy).
VPN: Site-to-site is another problem area - Client-based VPN is another hot mess. Global VPN client issues and mobile connect issues. Do not even consider NetExtender - probably one of the most horrific, nightmare grade Java-based VPN clients. We have but all given up trying to make it work reliably. If VPN is important for you - look elsewhere. You have to pay for licenses (most competitive vendors include this by default). You will have 4 different methods, 3 different clients, 2 licenses and all of this to have a horrible VPN connectivity. No proper or modern 2FA for additional security. AVOID!
AGSS / ATP: This is poorly implemented. A user will click to download a new type of file, and nothing happens. They have to wait an indeterminate amount of time, and try again to see if it works. It is so annoying, most clients avoid this capability, just nullifying the whole purpose of it.
App Control: Be aware that either due to firmware updates, or bugs - app control will behave poorly (cause packet loss, or outright blocking) with normal and legitimate activities. Resetting and re-configuring it is the work-around (super annoying).
Buyer's Guide
SonicWall NSa
October 2024
Learn what your peers think about SonicWall NSa. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
For how long have I used the solution?
More than ten years.
What do I think about the stability of the solution?
Yes. The VPN client connectivity and licensing has been a major complaint, especially during COVID-19
What do I think about the scalability of the solution?
Yes. The CPUs are very weak.
How are customer service and support?
During the Dell years, support was terrible. It has since improved.
Which solution did I use previously and why did I switch?
No. We have always only deployed SonicWall.
How was the initial setup?
Setup is easy. Anyone with basic firewall experience can do it.
What about the implementation team?
In-house only. Level 2 techs can handle most tasks.
What's my experience with pricing, setup cost, and licensing?
All advanced features are licensed capabilities, such as Advanced Gateway Security Suite or Comprehensive Gateway Security Suite. VPN clients are licensed, and you have to choose a type of license you want (how ridiculous is that).
Which other solutions did I evaluate?
We have evaluated Sophos, Fortinet, Palo Alto, Barracuda, WatchGuard and now CheckPoint
What other advice do I have?
Avoid this company. They have no idea what they are doing, except a slick marketing campaign. They don't listen to their customers. The only evolution of the product in the last few years was a slight redesign of the web interface and DNS proxy. They will push their SonicWall "Capture" but this has nothing to do with the Firewall product itself, it is a windows based NextGen A/V based on Sentinal with ATP.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Superintendent at a mining and metals company with 11-50 employees
Difficult to manage and a large number of sessions slows it down
Pros and Cons
- "It has good reporting, the reporting is marvelous."
- "The problem primarily with SonicWall is it's a Unix box. And it's all software, all the activities, blocking, censoring, everything has to happen in the software. If you start hitting the box with a lot of sessions it slows down and that's not what I expect from a firewall."
- "It's very hard to manage this box. You really need a lot of skills to operate the SonicWall. There is training and the like, but it's just hard to manage. Even if you have the knowledge, there are too many options. The menus are not very clear, where you should find the information."
What is our primary use case?
Primary use is Office 365, all our users have cloud-based email. The rest is business emails, business procurement, etc. And if users are on after hours and they want to see more, we allow it, but still, blocking is difficult on the SonicWall. It's not easy. We have about 300 users who go through the internet.
What is most valuable?
At the moment, none. It just doesn't do its task. Users, no matter how you configure it - and it's configured quite carefully in the sense of censoring - seem to be able to punch to the file. It just doesn't do its job.
It seems to have all the features, it's just not performing.
It has good reporting, the reporting is marvelous, but reporting is always after the fact and you want to be proactive if you're a firewall. You don't want to be saying “Ah! We had a bot running on the network,” while SonicWall itself didn't give that indication in an active way.
What needs improvement?
The problem primarily with SonicWall is it's a Unix box. And it's all software, all the activities, blocking, censoring, everything has to happen in the software. If you start hitting the box with a lot of sessions it slows down and that's not what I expect from a firewall.
I have worked with this box for six months, and it's a daily task to manage this thing. You don't have to always have time to do this.
The room for improvement is to step away from the Unix platform. It needs to be a specialized system that manages firewall activity. You don't want to rely on two systems, one being Unix and one being the firewall. Unix is a powerful system, I have no doubts about it. I've set up Unix systems my whole life and they're very powerful. However, when it comes to dedicated tasks it's not suitable. That's Unix. Unix is general. It does everything. And by doing everything, it's not always as powerful as a dedicated system like a hardware solution, like Fortigate.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
It's fairly stable. In the last six months, I've had to restart the box about five or six times because it just didn't do what it needed to do. And after the restart it started working again. So it's not as reliable, in my view.
It might be working in other environments, but in my view - we have a satellite connection of only 8 megabits - it's very hard to control bandwidth on the SonicWall to allow certain types of traffic to have priority. You can't really dedicate certain bandwidth for, let's say, an Office 365 solution. It's all very global. And global makes it hard to manage on a slow link, and 8 megabits is a slow link.
What do I think about the scalability of the solution?
I don't know about scalability because I have only worked with this box. There are probably faster boxes on the market. This box should be sufficient for 300 employees and my impression is that performance is suffering if too many people are trying to get through it.
Which solution did I use previously and why did I switch?
The main reason this was bought was it was cheap. We all know that Fortigate is far more expensive. But, then again, it's more like the Rolls-Royce of firewalls. And what you can do with it in hardware has no comparison with any of the software solutions on the market. Yes, everything performs, every firewall-type solution, whatever you want to use, does its job. But you want to have a management-free solution. If you look at Fortigate, no matter how you look at it, you know it works. With Unix boxes, you never know. It's a Unix system and, for whatever reason, it can stop working and you have to reboot the machine, which is not the most beneficial solution.
I've used Fortigates. Fortigates have no problems if you start adding a thousand users, depending on what kind of service provider you have. A big difference is that it's global censoring on the SonicWall. On the Fortigate you can censor per rule, and that's a big difference if you are in a multi-user environment where you have different types of actions.
At my current company, this was set up at the beginning, when the company started. They have never had a different solution. They have another location with Zyxel firewalls, which will also be replaced with Fortigates. They all perform. That's probably the best thing I can say about them. What we're going to implement now is a far broader solution with authentication and everything else. At this stage, that is not implemented on the SonicWall. My fear is that if we implemented that on the SonicWall, we would have more problems. It's really not that flexible.
My most important criteria when selecting a vendor are manageability and the features, and by features I mean complete management of the firewall.
How was the initial setup?
The setup is fairly simple. That's why I'm surprised that this box is struggling. That's not what I would expect from this type of solution.
What other advice do I have?
Do your homework. Go to your website, compare firewalls, not only SonicWall, not only Fortigate. Compare them for the task that it needs to run for your company. That's the bottom line. There are small firewalls which will suffice for certain companies. You might need bigger ones, you might need more features. So really, you have to do your homework.
I work in an African country, knowledge is something they are still gaining, and SonicWall is too difficult for most people to manage, versus a Fortigate where it's really a step-through and you know what you're doing, you can see what you're doing. You can't really see that on a SonicWall.
It's very hard to manage this box. You really need a lot of skills to operate the SonicWall. There is training and the like, but it's just hard to manage. Even if you have the knowledge, there are too many options. The menus are not very clear, where you should find the information.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Hello Leen, great explanation. Just for curiosity, how many seesions your NSA 2650 manage?, How many ISP do you have and what speed?
BR
Buyer's Guide
SonicWall NSa
October 2024
Learn what your peers think about SonicWall NSa. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
Owner at IT CARE
Has application security and threat prevention capabilities
Pros and Cons
- "The tool's most valuable feature is application security. I am satisfied with its threat-prevention capabilities and have no issues with its incident response rate. We have no issues with its integration."
- "The tool needs to improve its reporting features."
What is our primary use case?
We use SonicWall NSa for security, site-to-site connectivity, and a VPN.
What is most valuable?
The tool's most valuable feature is application security. I am satisfied with its threat-prevention capabilities and have no issues with its incident response rate. We have no issues with its integration.
What needs improvement?
The tool needs to improve its reporting features.
For how long have I used the solution?
I have been using the product for 10-15 years.
What do I think about the stability of the solution?
I rate SonicWall NSa's stability as nine out of ten.
What do I think about the scalability of the solution?
I rate the product's scalability a nine out of ten.
How are customer service and support?
SonicWall NSa's support takes longer to respond.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We worked with Microsoft before SonicWall NSa. We chose SonicWall NSa because of its pricing and local support.
How was the initial setup?
SonicWall NSa's deployment is easy and takes only a few hours to complete. We have two engineers for the solution's maintenance.
What's my experience with pricing, setup cost, and licensing?
SonicWall NSa's pricing is subscription-based and I rate it a six out of ten.
What other advice do I have?
I rate the overall solution a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
Last updated: Jul 30, 2024
Flag as inappropriateChief Technology Officer (Diretor DE Tecnologia) at a tech services company with 11-50 employees
Useful for VPN and web protection but improvement is needed in web interface administration
Pros and Cons
- "The most valuable feature I've found is VPN and web protection, particularly with navigation assessment. We use the application control feature to create rules controlling specific application navigation."
- "The web interface administration of SonicWall NSa could be improved. Compared to Sophos and FortiGate, making rules is easier with those systems."
What is our primary use case?
The solution helps with VPN.
What is most valuable?
The most valuable feature I've found is VPN and web protection, particularly with navigation assessment. We use the application control feature to create rules controlling specific application navigation.
What needs improvement?
The web interface administration of SonicWall NSa could be improved. Compared to Sophos and FortiGate, making rules is easier with those systems.
What's my experience with pricing, setup cost, and licensing?
The solution is expensive. Its pricing is based on the number of users.
What other advice do I have?
I rate the overall product an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
Last updated: Apr 12, 2024
Flag as inappropriateIT architect, Integrator at Ujv
Simple setup, easy to maintain, but expensive
Pros and Cons
- "Overall SonicWall NSa is a good solution for our use case."
- "We have used other solutions such as pfSense and Linux native firewalls. I prefer SonicWall NSa but if you are going to use something for an enterprise you need another solution."
What is our primary use case?
We are using SonicWall NSa as a network firewall and for segmentation on internal networks. We are using this firewall on the application level ID. We are using it for specific segmentation between production LANs and between technologies.
What is most valuable?
Overall SonicWall NSa is a good solution for our use case.
What needs improvement?
The solution's price could be reduced. It is expensive.
For how long have I used the solution?
I have been using SonicWall NSa for approximately four years.
What do I think about the stability of the solution?
SonicWall NSa is highly stable.
What do I think about the scalability of the solution?
The scalability of SonicWall NSa is good. We have approximately 2,000 users using it.
How are customer service and support?
I did not use the support from SonicWall NSa.
Which solution did I use previously and why did I switch?
We have used other solutions such as pfSense and Linux native firewalls. I prefer SonicWall NSa but if you are going to use something for an enterprise you need another solution.
How was the initial setup?
We have been using the solution for many years which has made the initial setup easy for us.
What was our ROI?
SonicWall NSa is worth the money we paid.
What's my experience with pricing, setup cost, and licensing?
The price of SonicWall NSa is expensive.
What other advice do I have?
The solution does not require a lot of maintenance. We have a specific team now for all technology, all for all infrastructure technologies.
I rate SonicWall NSa a seven out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Quality engineer of the 1st category at Modern Expo
Easy to scale, offers good value for money, and has good policies
Pros and Cons
- "The functionality is the same whether it is on hardware or a virtual appliance. The interface is the same. It's nice that it's standardized."
- "Some of the configurations could be better."
What is our primary use case?
We primarily use the solution just for IPsec tunnels. It's two routers between locations with IPsec tunnels, nothing more. We don't use their firewall capabilities.
What is most valuable?
The functionality is the same whether it is on hardware or a virtual appliance. The interface is the same. It's nice that it's standardized.
The solution is a good product with a good value for money.
The security capabilities and policies are good. They can do a lot of tasks with ease.
The product is very useful for organizations with many locations. If you've got a lot of locations, the product can save you money as you don't need a physical box at each location.
The scalability is very good as it really can cover multiple locations.
SonicWall offers NG capabilities in virtual appliances.
What needs improvement?
It's not as easy to use, as, for example, Palo Alto.
Some of the configurations could be better.
What do I think about the stability of the solution?
The solution is stable. We haven't had any issues so far.
What do I think about the scalability of the solution?
The scalability is quite good. You can scale well across locations very well for not too much cost. If a company needs to expand, it can do so relatively easily.
Also, cost-wise, it's very affordable to scale up. It's not expensive to add hardware and licenses as needed. They make upgrading very cheap.
We have 200 people on the solution. That said, they are using with IPsec tunnel. They don't use all of the capabilities of the hardware. They are using it just to encrypt tunneling between the sites.
We may not continue to sue the solution as we have found a solution that is better and that can help us get faster than IPsec can. We're looking instead at MACsec.
How are customer service and technical support?
I've never opened up a technical support case with the product. It's worked quite well, and we haven't run into trouble that would require us to reach out. I can't really speak to how helpful or responsive they are due to the fact that I have no experience with them.
Which solution did I use previously and why did I switch?
We've also worked with Palo Alto, Barracuda, and Sophos.
Palo Alto is more expensive to use and to scale. Sophos is very easy to set up. Barracuda also has NG capabilities, like SonicWall, and has the same limitations in terms of security policies. It also can take a bit longer to set up.
How was the initial setup?
I have ten years of IT experience, and therefore, for me, the entire implementation process was not overly difficult. They have good manuals that you can read through at the start. It's not a difficult process, especially if you are already comfortable with the technology.
Of course, it's not quite as straightforward as something like Sophos, which you can just plug in and have the vendor configure for you. However, that said, it's not too difficult.
What's my experience with pricing, setup cost, and licensing?
SonicWall still is only a dollar or Euro per gigabit. This means, of the IPsec, it's the cheapest solution.
Due to the fact that we've got some projects now, we might abandon IPsec, as we had two Blade fibers with separate paths to a secondary location and we will start using MACsec. It's a layer 2 security. Therefore, we don't need IPsec anymore.
Originally, actually, we bought it without any licenses, just boxes with IPsec capabilities.
The pricing, in comparison to some solutions, such as Palo Alto, is much better.
What other advice do I have?
We're just a customer and an end-user.
I'd recommend the solution to other organizations. I tell everybody, if your business is a lot of locations and not so many personal policies, to check the SonicWall portfolio. You can configure it with two boxes and if you need to you can scale it without any trouble into the tens or hundreds.
In general, I would rate the solution at a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Systems Administrator at a manufacturing company with 51-200 employees
A very intuitive solution with very user friendly graphic interface
Pros and Cons
- "User friendly and intuitive."
- "Needs a more detailed reporting feature."
What is our primary use case?
We are end users of this solution and I'm a senior systems administrator.
What is most valuable?
At the end of the day, all the solutions in this category are more or less alike. They all do the same thing in different ways. I've found the best features of NSA are the graphic interface which is very user friendly and I also find the solution to be very intuitive. The product has more features than I can use.
What needs improvement?
The reporting solution from SonicWall is not the greatest. We have more than two firewalls and I expected we'd get more information from the reporting than we actually do. That area could definitely be improved. I've seen a couple of features on the firewall that I don't have use for because we're not a huge company, we're a 200-user company. The reporting feature is there, it would be nice if it was more detailed.
The firewall itself has the reporting tool. Obviously, it's not as complete as the solution that they want to sell because they provide it for free. It means that you need to get the software separately in order to get a better understanding of what's going on in your firewall. A good additional feature would be improvement on the firewall reporting feature without needing extra software or extra expense.
For how long have I used the solution?
I've been using this solution for five years.
What do I think about the stability of the solution?
The firmware is very stable and I've never had issues with the stability of the operating system and I was several versions behind until recently. There were some minor bugs but that's because the firmware was not updated.
How are customer service and technical support?
The technical support is great. I've never had an issue where I've needed to wait more than a few minutes for them to fix it.
How was the initial setup?
At this office, the firewall was already configured when I started working here, so I only needed to make some adjustments. We have another office that we acquired recently, and I implemented the firewall there. The configuration was pretty straightforward. The graphical interface is very intuitive and that helps.
What's my experience with pricing, setup cost, and licensing?
Our licensing fees are paid annually. It's on par with whatever is on the market. They are all the same, so it's not high or low. It's on the same level as any other hardware in the same category.
What other advice do I have?
If I knew what I know today and I was starting from scratch with a SonicWall firewall, I'd get a consultant in for some advice. There are a couple of tricks that for me it would have been nice to know from the beginning because there are some rules in the defaults that I would've been happy to have known before. I would recommend getting a consultant to explain how the thing works, even if it's for a couple of hours.
I would rate this solution an eight out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cloud Technical Specialist at nimit tech
Great for SMB customers
Pros and Cons
- "The features I found most valuable are email security and web filtering."
- "The features I would like to see improve are the dashboard and the UI."
What is our primary use case?
My primary use case is web filtering, VPN, and sometimes UTM. I can check a VPN for point-to-point connectivity with this solution.
What is most valuable?
The features I found most valuable are email security and web filtering.
What needs improvement?
The features I would like to see improve are the dashboard and the UI.
In the next release, I'd like to see APIs included.
For how long have I used the solution?
I have been working with SonicWall for approximately two to three years.
What do I think about the stability of the solution?
I would rate the stability of this solution a nine, on a scale from one to 10, with one being the worst and 10 being the best.
What do I think about the scalability of the solution?
I would rate the scalability of this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.
How was the initial setup?
I would say the initial setup was easy. I'd rate it an eight, on a scale from one to 10, with one being the worst and 10 being the best.
When deploying, you first use a gateway, ISP terminated in the firewall, and then terminate to the user end. Usually, deployment takes two to three years.
The deployment was done by one or two engineers.
What other advice do I have?
I have experience with Fortinet and I would say this solution is much better suited for SMB customers, while SonicWall is better for large enterprises.
I would recommend this solution to enterprise customers.
Overall, I would rate this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Buyer's Guide
Download our free SonicWall NSa Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
FirewallsPopular Comparisons
Fortinet FortiGate
Netgate pfSense
OPNsense
Cisco Secure Firewall
Sophos XG
Palo Alto Networks NG Firewalls
Check Point NGFW
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Fortinet FortiGate-VM
Sophos XGS
KerioControl
Sangfor NGAF
Palo Alto Networks VM-Series
Buyer's Guide
Download our free SonicWall NSa Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Are you satisfied with Sonicwall NSA4600 in your installation?
- What is your opinion about these SonicWall Next-Generation firewalls: TZ and NSa series?
- Best Firewall for 300 user organisation: Sonicwall NSA 3650 vs. Sophos XG 310
- Which firewall to choose for a medium-sized company with 150 users: Sophos XGS 2100 or SonicWall 2700?
- What do you recommend for a corporate firewall implementation?
- Comparison of Barracuda F800, SonicWall 5600 and Fortinet
- Sophos XG 210 vs Fortigate FG 100E
- Which is the best network firewall for a small retailer?
- When evaluating Firewalls, what aspect do you think is the most important to look for?
- Cyberoam or Fortinet?
Bill, would your team like to share their experience with SonicWall on our platform? I would appreciate it if you could make the introductions :)