SonicWall NSa Reviews

Firewall/VPN appliance for SMB clients. Firewall provides advanced threat protection to internal hosts. It also provides a secure mechanism for remote access.

For the average SMB, this firewall does the job. Granular user controls, firewall and NAT rules that you would expect. Licensed features provide application control, content filtering, antivirus, and anti-malware all in a single appliance.  Be aware that their ATP is poorly implemented (stops downloads, forcing users to wait and click again).  Also be aware that the IPS/IDS, and Gateway Antivirus will do very little for modern threats such as ransomware.  We have had emotet trojans easily pass the firewall, connect to international foreign (and obviously) some kind of C&C without stopping it.  So little to no protection against modern threats, no HTTPS proxy as an option, poorly implemented ATP - it makes the case for a SonicWall very difficult to justify.  This vendor is frustratingly slow at adapting, evolving or improving their product.  They are unable to keep up with competition.

Application control: It allows us to block applications, i.e., websites by application type category. It is far more capable than content filtering alone. 

SonicWall has weaknesses. During its tenure with Dell, it was severely damaged (its reputation, innovation, etc.).  It is now recovering, but it may take time to get competitive again. They are clueless in some regards, which is unfortunate as they have the potential.

CPU: The CPUs are not able to compete with a similar price point to the Fortinet, WatchGuard, or Palo Alto product. Compare with the need to get 1Gbps throughput with full security (common nowadays), you are looking at NSA 5700. 

Wireless: What a disaster this has been historically. The new SonicWall will tell you it has been resolved and improved. It has improved - it actually works now, but performance is substandard. It is a terrible strategy to have a firewall act as an AP controller, in any case. Perhaps for an SMB, the integrated WiFi in their TZ series has a niche.

Anti-spam: Do not even consider it. It leaks like a shower head. What a mess that offering is. It requires a specific Java version on the server side (do not update it, otherwise it will break). In any case, a firewall doing anti-spam might be a low cost solution, but it is not your best strategy.

Logging/reporting: You need their analyzer to properly generate reports. This is an expensive, licensed feature, with a complex application or appliance back-end. 

MSP: They are not ready for managed security services.  Their Cloud GMS product is weak, barely out of beta (buggy).

VPN: Site-to-site is another problem area - Client-based VPN is another hot mess. Global VPN client issues and mobile connect issues. Do not even consider NetExtender - probably one of the most horrific, nightmare grade Java-based VPN clients. We have but all given up trying to make it work reliably.   If VPN is important for you - look elsewhere.  You have to pay for licenses (most competitive vendors include this by default).  You will have 4 different methods, 3 different clients, 2 licenses and all of this to have a horrible VPN connectivity.  No proper or modern 2FA for additional security.  AVOID!

AGSS / ATP: This is poorly implemented.  A user will click to download a new type of file, and nothing happens.  They have to wait an indeterminate amount of time, and try again to see if it works.  It is so annoying, most clients avoid this capability, just nullifying the whole purpose of it.

App Control:  Be aware that either due to firmware updates, or bugs - app control will behave poorly (cause packet loss, or outright blocking) with normal and legitimate activities.  Resetting and re-configuring it is the work-around (super annoying).

More than ten years.

Yes. The VPN client connectivity and licensing has been a major complaint, especially during COVID-19

Yes. The CPUs are very weak.

During the Dell years, support was terrible. It has since improved.

No. We have always only deployed SonicWall.

Setup is easy. Anyone with basic firewall experience can do it.

In-house only. Level 2 techs can handle most tasks.

All advanced features are licensed capabilities, such as Advanced Gateway Security Suite or Comprehensive Gateway Security Suite.  VPN clients are licensed, and you have to choose a type of license you want (how ridiculous is that). 

We have evaluated Sophos, Fortinet, Palo Alto, Barracuda, WatchGuard and now CheckPoint

Avoid this company.  They have no idea what they are doing, except a slick marketing campaign.  They don't listen to their customers.  The only evolution of the product in the last few years was a slight redesign of the web interface and DNS proxy.   They will push their SonicWall "Capture" but this has nothing to do with the Firewall product itself, it is a windows based NextGen A/V based on Sentinal with ATP.

Primary use is Office 365, all our users have cloud-based email. The rest is business emails, business procurement, etc. And if users are on after hours and they want to see more, we allow it, but still, blocking is difficult on the SonicWall. It's not easy. We have about 300 users who go through the internet.

At the moment, none. It just doesn't do its task. Users, no matter how you configure it - and it's configured quite carefully in the sense of censoring - seem to be able to punch to the file. It just doesn't do its job.

It seems to have all the features, it's just not performing.

It has good reporting, the reporting is marvelous, but reporting is always after the fact and you want to be proactive if you're a firewall. You don't want to be saying “Ah! We had a bot running on the network,” while SonicWall itself didn't give that indication in an active way.

The problem primarily with SonicWall is it's a Unix box. And it's all software, all the activities, blocking, censoring, everything has to happen in the software. If you start hitting the box with a lot of sessions it slows down and that's not what I expect from a firewall.

I have worked with this box for six months, and it's a daily task to manage this thing. You don't have to always have time to do this.

The room for improvement is to step away from the Unix platform. It needs to be a specialized system that manages firewall activity. You don't want to rely on two systems, one being Unix and one being the firewall. Unix is a powerful system, I have no doubts about it. I've set up Unix systems my whole life and they're very powerful. However, when it comes to dedicated tasks it's not suitable. That's Unix. Unix is general. It does everything. And by doing everything, it's not always as powerful as a dedicated system like a hardware solution, like Fortigate.

It's fairly stable. In the last six months, I've had to restart the box about five or six times because it just didn't do what it needed to do. And after the restart it started working again. So it's not as reliable, in my view.

It might be working in other environments, but in my view - we have a satellite connection of only 8 megabits - it's very hard to control bandwidth on the SonicWall to allow certain types of traffic to have priority. You can't really dedicate certain bandwidth for, let's say, an Office 365 solution. It's all very global. And global makes it hard to manage on a slow link, and 8 megabits is a slow link.

I don't know about scalability because I have only worked with this box. There are probably faster boxes on the market. This box should be sufficient for 300 employees and my impression is that performance is suffering if too many people are trying to get through it.

The main reason this was bought was it was cheap. We all know that Fortigate is far more expensive. But, then again, it's more like the Rolls-Royce of firewalls. And what you can do with it in hardware has no comparison with any of the software solutions on the market. Yes, everything performs, every firewall-type solution, whatever you want to use, does its job. But you want to have a management-free solution. If you look at Fortigate, no matter how you look at it, you know it works. With Unix boxes, you never know. It's a Unix system and, for whatever reason, it can stop working and you have to reboot the machine, which is not the most beneficial solution.

I've used Fortigates. Fortigates have no problems if you start adding a thousand users, depending on what kind of service provider you have. A big difference is that it's global censoring on the SonicWall. On the Fortigate you can censor per rule, and that's a big difference if you are in a multi-user environment where you have different types of actions.

At my current company, this was set up at the beginning, when the company started. They have never had a different solution. They have another location with Zyxel firewalls, which will also be replaced with Fortigates. They all perform. That's probably the best thing I can say about them. What we're going to implement now is a far broader solution with authentication and everything else. At this stage, that is not implemented on the SonicWall. My fear is that if we implemented that on the SonicWall, we would have more problems. It's really not that flexible.

My most important criteria when selecting a vendor are manageability and the features, and by features I mean complete management of the firewall.

The setup is fairly simple. That's why I'm surprised that this box is struggling. That's not what I would expect from this type of solution.

Do your homework. Go to your website, compare firewalls, not only SonicWall, not only Fortigate. Compare them for the task that it needs to run for your company. That's the bottom line. There are small firewalls which will suffice for certain companies. You might need bigger ones, you might need more features. So really, you have to do your homework.

I work in an African country, knowledge is something they are still gaining, and SonicWall is too difficult for most people to manage, versus a Fortigate where it's really a step-through and you know what you're doing, you can see what you're doing. You can't really see that on a SonicWall.

It's very hard to manage this box. You really need a lot of skills to operate the SonicWall. There is training and the like, but it's just hard to manage. Even if you have the knowledge, there are too many options. The menus are not very clear, where you should find the information.

We use SonicWall NSa for security, site-to-site connectivity, and a VPN. 

The tool's most valuable feature is application security. I am satisfied with its threat-prevention capabilities and have no issues with its incident response rate.  We have no issues with its integration. 

The tool needs to improve its reporting features. 

I have been using the product for 10-15 years. 

I rate SonicWall NSa's stability as nine out of ten. 

I rate the product's scalability a nine out of ten. 

SonicWall NSa's support takes longer to respond. 

Neutral

We worked with Microsoft before SonicWall NSa. We chose SonicWall NSa because of its pricing and local support. 

SonicWall NSa's deployment is easy and takes only a few hours to complete. We have two engineers for the solution's maintenance. 

SonicWall NSa's pricing is subscription-based and I rate it a six out of ten. 

I rate the overall solution a nine out of ten. 

The solution helps with VPN. 

The most valuable feature I've found is VPN and web protection, particularly with navigation assessment. We use the application control feature to create rules controlling specific application navigation. 

The web interface administration of SonicWall NSa could be improved. Compared to Sophos and FortiGate, making rules is easier with those systems.

The solution is expensive. Its pricing is based on the number of users. 

I rate the overall product an eight out of ten. 

We are using SonicWall NSa as a network firewall and for segmentation on internal networks. We are using this firewall on the application level ID. We are using it for specific segmentation between production LANs and between technologies.

Overall SonicWall NSa is a good solution for our use case.

The solution's price could be reduced. It is expensive.

I have been using SonicWall NSa for approximately four years.

SonicWall NSa is highly stable.

The scalability of SonicWall NSa is good. We have approximately 2,000 users using it.

I did not use the support from SonicWall NSa.

We have used other solutions such as pfSense and Linux native firewalls. I prefer SonicWall NSa but if you are going to use something for an enterprise you need another solution.

We have been using the solution for many years which has made the initial setup easy for us.

SonicWall NSa is worth the money we paid.

The price of SonicWall NSa is expensive.

The solution does not require a lot of maintenance. We have a specific team now for all technology, all for all infrastructure technologies.

I rate SonicWall NSa a seven out of ten.

We primarily use the solution just for IPsec tunnels. It's two routers between locations with IPsec tunnels, nothing more. We don't use their firewall capabilities.

The functionality is the same whether it is on hardware or a virtual appliance. The interface is the same. It's nice that it's standardized.

The solution is a good product with a good value for money.

The security capabilities and policies are good. They can do a lot of tasks with ease. 

The product is very useful for organizations with many locations. If you've got a lot of locations, the product can save you money as you don't need a physical box at each location.  

The scalability is very good as it really can cover multiple locations.

SonicWall offers NG capabilities in virtual appliances.

It's not as easy to use, as, for example, Palo Alto.

Some of the configurations could be better.

The solution is stable. We haven't had any issues so far.

The scalability is quite good. You can scale well across locations very well for not too much cost. If a company needs to expand, it can do so relatively easily.

Also, cost-wise, it's very affordable to scale up. It's not expensive to add hardware and licenses as needed. They make upgrading very cheap.

We have 200 people on the solution. That said, they are using with IPsec tunnel. They don't use all of the capabilities of the hardware. They are using it just to encrypt tunneling between the sites.

We may not continue to sue the solution as we have found a solution that is better and that can help us get faster than IPsec can. We're looking instead at MACsec.

I've never opened up a technical support case with the product. It's worked quite well, and we haven't run into trouble that would require us to reach out. I can't really speak to how helpful or responsive they are due to the fact that I have no experience with them.

We've also worked with Palo Alto, Barracuda, and Sophos.

Palo Alto is more expensive to use and to scale. Sophos is very easy to set up. Barracuda also has NG capabilities, like SonicWall, and has the same limitations in terms of security policies. It also can take a bit longer to set up.

I have ten years of IT experience, and therefore, for me, the entire implementation process was not overly difficult. They have good manuals that you can read through at the start. It's not a difficult process, especially if you are already comfortable with the technology.

Of course, it's not quite as straightforward as something like Sophos, which you can just plug in and have the vendor configure for you. However, that said, it's not too difficult.

SonicWall still is only a dollar or Euro per gigabit. This means, of the IPsec, it's the cheapest solution. 

Due to the fact that we've got some projects now, we might abandon IPsec, as we had two Blade fibers with separate paths to a secondary location and we will start using MACsec. It's a layer 2 security. Therefore, we don't need IPsec anymore.

Originally, actually, we bought it without any licenses, just boxes with IPsec capabilities.

The pricing, in comparison to some solutions, such as Palo Alto, is much better.

We're just a customer and an end-user.

I'd recommend the solution to other organizations. I tell everybody, if your business is a lot of locations and not so many personal policies, to check the SonicWall portfolio. You can configure it with two boxes and if you need to you can scale it without any trouble into the tens or hundreds.

In general, I would rate the solution at a seven out of ten.

We are end users of this solution and I'm a senior systems administrator.

At the end of the day, all the solutions in this category are more or less alike. They all do the same thing in different ways. I've found the best features of NSA are the graphic interface which is very user friendly and I also find the solution to be very intuitive. The product has more features than I can use. 

The reporting solution from SonicWall is not the greatest. We have more than two firewalls and I expected we'd get more information from the reporting than we actually do. That area could definitely be improved. I've seen a couple of features on the firewall that I don't have use for because we're not a huge company, we're a 200-user company. The reporting feature is there, it would be nice if it was more detailed. 

The firewall itself has the reporting tool. Obviously, it's not as complete as the solution that they want to sell because they provide it for free. It means that you need to get the software separately in order to get a better understanding of what's going on in your firewall. A good additional feature would be improvement on the firewall reporting feature without needing extra software or extra expense.

I've been using this solution for five years. 

The firmware is very stable and I've never had issues with the stability of the operating system and I was several versions behind until recently. There were some minor bugs but that's because the firmware was not updated. 

The technical support is great. I've never had an issue where I've needed to wait more than a few minutes for them to fix it.

At this office, the firewall was already configured when I started working here, so I only needed to make some adjustments. We have another office that we acquired recently, and I implemented the firewall there. The configuration was pretty straightforward. The graphical interface is very intuitive and that helps. 

Our licensing fees are paid annually. It's on par with whatever is on the market. They are all the same, so it's not high or low. It's on the same level as any other hardware in the same category.

If I knew what I know today and I was starting from scratch with a SonicWall firewall, I'd get a consultant in for some advice. There are a couple of tricks that for me it would have been nice to know from the beginning because there are some rules in the defaults that I would've been happy to have known before. I would recommend getting a consultant to explain how the thing works, even if it's for a couple of hours.

I would rate this solution an eight out of 10. 

My primary use case is web filtering, VPN, and sometimes UTM. I can check a VPN for point-to-point connectivity with this solution.

The features I found most valuable are email security and web filtering.

The features I would like to see improve are the dashboard and the UI.

In the next release, I'd like to see APIs included.

I have been working with SonicWall for approximately two to three years.

I would rate the stability of this solution a nine, on a scale from one to 10, with one being the worst and 10 being the best.

I would rate the scalability of this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.

I would say the initial setup was easy. I'd rate it an eight, on a scale from one to 10, with one being the worst and 10 being the best.

When deploying, you first use a gateway, ISP terminated in the firewall, and then terminate to the user end. Usually, deployment takes two to three years.

The deployment was done by one or two engineers.

I have experience with Fortinet and I would say this solution is much better suited for SMB customers, while SonicWall is better for large enterprises.

I would recommend this solution to enterprise customers.

Overall, I would rate this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.