SonicWall TZ Reviews

Our primary use cases are a site-to-site VPN connection, content filtering and in addition SSL VPN connectivity for remote desktops.

It provides our organization with very low throughput.

The site-to-site VPN connections, content filtering, and in our current remote working situation, SSL VPN remote desktop connectivity are the most valuable features. 

The areas we would like to see improvement include more features available similar to the equivalent FortiGate appliance, e.g. SSL encryption and inspection. Two-factor authentication capability would be another additional feature that could be included in the next release. 

I have been using SonicWall for 2 years. We have utilized SonicWall appliances for the last 7 years.

The overall stability has been good, there were no issues or concerns from the viewpoint.

We size our appliance based on the number of users, in this solution the TZ appliance was suitable for 30-40 users.

We experienced a very good level of support from the vendor and they have assisted us in real time via remote session when needed.

The initial setup is very straightforward. It took approximately 3-4 hours.

In comparison to competitors the license price is higher and as a suggestion, for 10-15 users potentially provide a free basic license.

We did evaluate the Fortinet FortiGate equivalent option.

We use it for a variety of businesses and schools.

Its ease of installation has improved my organization. That's what I do most. I install the firewalls.

I don't have anything that I would say needs improving at the moment. The small business line has less PPS throughput and that's what you're going to lose on when you use WatchGuard. So they need to improve the throughput of the firewall in the small business line.

Easy to explain : 

                                 WatchGuard T70 vs SonicWall TZ600 
Firewall Throughput :       4Gbps          vs      1.9Gbps
Price :                             610€            vs       973€

I've only ever had one problem. I have a bank that has two NSAs in high availability. The only time I had a problem was with the high availability from the update. That's the only time. And that was last month. I did an update. I disabled the high availability and we reset it, the firewall, and installed the config again. And updated it one by one.

I have no negative impression of the scalability.

I haven't tried technical support yet, so I haven't needed support yet on anything.

Moved to new Employer.

The initial setup is straightforward. I deploy at least one solution a month, to different sites. You only need one person for deployment.

I did the implementation myself.

The pricing is where you might lose to WatchGuard now. I'm looking into moving some parts over to WatchGuard because they are on the small business side. But if you compare the TZ300 and 400 series against WatchGuard series, they are the same, but there is a price difference between them.

I wasn't a part of any decision making in terms of options. 

We use a variety of models, from the TZ300, up to the NSA 2600. For businesses, I recommend TZ400.

I would rate the solution 8 out of 10. I would rate WatchGuard itself 10, because I really like that product, and the ease of use. And when I say ease of use, I mean I know that product in and out. And it's very easy to set up external sites with the system management tool that comes free with WatchGuard.

We use it for ATP, the main firewall, and VPN connections to some of our sites.

The VPN is quite useful for us, as well as the ATP. Overall, I would say it's a good solution for small enterprises.

We are currently using a 54.1 version, which, when compared to other solutions like FortiGate or Check Point, needs to improve in many aspects. Even the new SonicWall 7.85 is not safe compared to FortiGate. There is a huge difference.

It has been around four and a half years now. The firmware that we are using is version 6.5.

It's extremely stable, actually one of the best. I would rate it a seven out of ten. 

I would rate it a six out of ten for scalability but for medium to small enterprises. All are remote users. I would rate the solution a six out of ten because there is still room for improvement, and it's not advisable even if the organization has grown.

A lot of users use it. All our email sheets are using it, and users connect via VPN.

The setup was fairly easy once you understood how the device worked. However, I wouldn't recommend it to anyone else anymore.

The licensing options are quite good in terms of what you get. For a small to medium enterprise, it's a good option.

If you are looking at it from a financial level, it's a good option. But I think there are other options out there. If I had found this product already in my organization when I joined, I would not have gone with this product. I would have gone with an entry-level FortiGate or Check Point. It would have been much better or easier, but SonicWall TZ is not bad, either. However, my device has almost reached the end of its life after almost one and a half years, and it's easy to switch to a different product at the end of our licensing period, which is towards the end of this year. So that would have been good for me.

Overall, I would rate the solution a seven out of ten. 

Our use case is that our email and CRM are in the cloud but the rest of the solution is here on our old server on premise. That includes file sharing and internal programs, too. We have some kind of replication of the cloud on premise to use in case of problems.

The feature with SonicWall that I have found most valuable is that all the models have the same interface. We don't need to learn different interfaces in the smaller or bigger models. The other thing is the actualization and upgrade politic are really strong, really good, very high quality. Lastly, the performance and the price are excellent.

I am really happy with the product. The new interface is really modern and really clear. The 7th generation is a really big improvement.

It has a very good design.

In terms of what could be improved. That is a very good question. Maybe the price could be lower. That is the only thing. Otherwise, it is really a very good product with really good performance. The only thing is maybe to lower the price a little bit - but it's not a complaint. I don't have complaints with SonicWall.

SonicWall is really a very complete product.

I have been using SonicWall TZ for five or six years.

SoinciWall TZ is really very stable.

Their scalability is wonderful. SonicWall has a migration table and it's easy to migrate the configuration of a small model to medium or all types. It's really easy. No problem. I have done this a few times and each time was perfect.

We have almost 100 users.

One person is enough for doing maintenance on SonicWall.

We do have plans to increase usage to more or less 10 or 20% more users next year.

The support is excellent

Previous to being introduced to SonicWall, I used Softforce.

The initial deployment is easy. Even in the case when a client has a particularly exotic configuration - the support is quick, fast, and very professional.

How long the deployment takes depends. Normally, the delays are the fault of the misinformation we receive from a client. Or misunderstanding the information the client provided us before we did the setup of the firewall. Normally it's not a problem with SonicWall.

We pay yearly or bi-yearly. Normally we offer the license for two or three years. But it's common to buy the license year by year.

My only recommendation is that you need to be a certificate holder to set it up and configure it. It's really important because it looks easy, but it is complex. You need to have the knowledge and experience. But this is normal for technical products. It is not a product for the regular user. It's for technical people. You need to have skills.

As a customer and a reseller, we feel they are doing a really good job.

On a scale of one to ten, I would give SonictWall TZ obviously a 10.

In some cases SonicWall is used to outfit a company, replacing existing infrastructure and getting site-to-site VPN set up for easier management. It provides ease of use for VPN setups. We are customers of SonicWall and I'm a senior system analyst. 

The solution offers the right amount of control without being incredibly convoluted and frustrating, or without being too dumbed down where you don't have options to do certain things. It's very to the point with the controls and simplifies things for us. It's great value for money. 

The solution has a lot of robust options and it's easy to use. NSM is a good feature, a single pane of glass security center where you can monitor SonicWall for different clients and troubleshoot without it requiring individual access. The product has good integration with their SMA solution, which we deployed for one of our financial firms, and we've also provided a remote access solution for people with PCs at home who want secure access. It offers good content filtering.

I would probably say their GSM or their Sonic Analyzer could be improved. I have always found it difficult to manage and not very intuitive. I'd like to have better visibility of what each endpoint is doing. That's something Meraki has that is very easy to use.

I've been using this solution for over seven years. 

The solution is stable. We're an MSP, so if our clients have any dated hardware, we'll make a plan to switch to SonicWall, otherwise there can be issues with the internet or configuration where we can't get in and troubleshoot. We need to know we can get into the firewalls and make sure that they're online, as opposed to having to schedule someone to come in and deal with the basic physical connections or troubleshoot.

The scalability is very good because if you know how to work the base model, the old solution or the TZ 105, all the way up to the NSAs, they just scale up in terms of features and functionality and you don't change a whole lot. They have good terminology that sticks throughout, so if you work with one, you can work with them all. It means upgrading and scaling is very easy. We manage about 1300 users or so across about 100 different clients. For the most part, maybe 80% of them are on SonicWall, and we try to push that just because it makes our lives a lot easier.

We don't use the technical support very often, but the last call I had with them, everything was resolved within the hour. I spent more time on hold than I did with the person. It was 15 minutes on hold, for 10 minutes to resolve the issue. Otherwise, it's great. 

The initial setup was very straightforward. Deployment time depends on the client but if we're starting from scratch, you can have it updated and deployed within an afternoon without issue. We have our own techs with experience who can get things set up to the best of our ability. Implementation takes one person who knows what they're doing, but we have a team that can help out and troubleshoot if we run into issues. 

I'm not sure of licensing costs, but the price point isn't bad. In addition, you need to buy the hardware. There is also a standard support license, and they offer an advanced security gateway with other intrusion detection, prevention, content filtering, etc. There are some additional options we usually go with, but things like content filtering are hit and miss, and depend on what the client wants.

I've tried Meraki, but their price points are ridiculous and feature functionality is somewhat lacking. After Dell sold SonicWall, things improved a lot, and they've come a long way. There were some things about Meraki that I liked such as endpoint visibility. You can see the list of connected devices and apply a policy. You can get very low network so that bandwidth is not eaten up if someone is watching Netflix all day but they can still receive emails. Those kinds of things are what's missing in SonicWall. I've never been able to do something like that easily on the firewall side. Unfortunately, the cost of Meraki is really prohibitive. We tried a few other solutions and they just didn't pan out. If you want a good firewall, you have to pay thousands of dollars for what SonicWall does in a way that's easier to manage.

I would recommend trying the product, it's not too difficult, whether it's the setup or the cost. If you're looking for a really low-cost solution, you'll probably end up using something like pfSense which doesn't really compare to SonicWall. There are probably better solutions out there, but there are things that SonicWall does better, it just depends on your budget.

I rate the solution eight out of 10. 

The web security and IPsec VPN are both valuable aspects of the solution.

The NAT policies and port forwarding are great. 

We were initially actually using very basic features for my organization's requirements. It is a very simple model. There isn't much complexity to it.

It's been very easy to implement and deploy.

The solution is stable. 

Technical support is perfect.

We've found the pricing to be pretty good overall.

It would be nice if it was more user-friendly. The user interface is a bit difficult to navigate.

The technology in this particular version is very old. 

They have to improve their assistant client application.

In this particular SonicWall has a challenge with the SSL client. It provided NetExtender, a client application that is very challenging and is difficult to manage.

I've been working with the solution for about six years or so. 

I would say that it is 100% stable. Sometimes there's an issue, and we have to log a ticket, however, they will have it resolved. Rarely are there bugs or glitches. It doesn't crash or freeze.

Sometimes support is delayed, and sometimes we get items resolved within hours. Overall, it is okay. Overall it is okay. They are very helpful and responsive most of the time and we are quite satisfied with their level of attention.

We previously used a solution called AnexGATE. However, we had issues with port following and needed to switch.

The initial setup is very straightforward. It's not overly complex. A company shouldn't have too much trouble implementing it. This is especially true if you have a bit of a technical person implementing it.

For the most part, the solution is very economical.

Although we have been using it for the last six or seven years, it is now expired and we want to upgrade it with either Fortinet or Sophos, and so, we are looking into those.

We are a customer and an end-user.

We are using the TZ300 model at this time. We haven't used the latest version of the solution just yet.

I'd rate the solution at an eight out of ten.

Once we moved the units up to the Gen 6 platform, they could support SSL-DPI. We are huge fans of the DPI. That piece is incredibly easy to implement. I'd say probably the most powerful thing about the solution is that coupled with the captured functionality. 

We've turned the SSL inspection on, and it is a nightmare. It doesn't mean it doesn't work, but it will turn your world upside down for weeks until you tune it and get it right. That's an across the board problem. It's not just TZ. That's TZ's, NSA's, etc. Wherever you're using their implementation of SSL, where you've got to implement a certificate on every machine. Once you even get past that it's still going to be particular and finicky. Banking sites are driven crazy by it every time we turn it on.

It is trying to lock down outbound traffic so tightly that you get to sites that are already very security conscious. It's just a battle to get the traffic through. Intentional traffic, the traffic you want to get through, seems to be a problem. It will stop almost everything. Too much in fact. I understand the concept. It's just a little threatening. We just had a client sign off on a 6650. Then we send them a scope of work for implementing it. We specifically put a note in there in enormous bold type: "Note does not include SSL-DPI implementation". That is additional. The client responded that  "That's the one piece I wanted you guys to do. I'm scared of it."

He said, "We're scared of it," and I told him, "We're scared of it too." I said, "I don't know how long it's going to take. And it's going to turn your universe upside down for a week to 10 days to maybe two weeks." He said that he heard that this would be the case. 

My fear is that the client thinks that we'll say it will take four hours and then, when it turns into 40, try to make us give them the submission for free. 

Even tiny environments, for example, 10 user environments, once you turn it on, you will spend days tuning it. The last one we did took us 22 hours to get it perfect. We learned our lesson. We slotted in four to eight hours to do it and it took us 16 to 20.

From a support perspective, if we're talking tech support I think Silver Partners, Gold Partners, Platinum, whatever level, should have a different number to call. End users can call tech support over at SonicWall if they've paid for support as part of their AGSS or whatever services they bought. The end-user can call, or we can call, however, I don't want to be calling the same line that an end user's calling. I don't want the same response time. I need a different level of expertise.

We've been a SonicWall dealer for 21 years approximately. We've been handling the solution since 1999. I personally didn't start using the solution until 2004.

Once you get past all the configuration issues, If you are on a rock-solid GA (Generally Available firmware), I don't know if I want to say it's bulletproof, however, the stability is really, really good. I don't sit and worry, thinking, "Oh, God. We know another one's going to fail today." We never think that way about that type of stuff. It's the odd time where we might get hardware failures or random reboots. We've had a couple of SMA units go sideways. Even SonicWall couldn't solve the problem. However, that said, it's rare.

There's a couple of different ways to answer the question of scalability. They've built the TZ line wide enough so that we've got enough of a selection to be able to fit most bandwidth and user count situations. It's never going to fit everybody and it's not meant to. It shouldn't. It is a little challenging to try to get one of the boxes to do full wire speed. I'm not so sure inside that box, at the price point, you're going to solve that problem.

That's why we sold the 6650. One client has got a one gig fiber line and they're in a school. On an NSA 3600, he can't get over 400 on it. I told him he never would. Some days I'd be surprised to get 400, depending on the user count. The TZ lineup is pretty good, however, I'm not so sure I'd use the word scalable. 

If what we mean by scalable is, "oh, well, I buy a 300 and I buy it for 10 users, but I can scale up to 30 users with that box," the answer to that is no you can't. If you ask "could I scale up to 25 users and move to 200 or 300 or 400 meg?" You can't. We've got somebody in that situation right now and we're quoting a box replacement because it just can't scale that way.

You can't necessarily scale on the appliance. You've got to get the right size. That's the easiest way to scale. If it's the right-sized appliance for the environment with some headroom then I think most situations users are going to be fine. There's going to be some issues where somebody cheaps out. For example, we worked with a law firm. They bought a TZ 300 because they didn't want to spend the money for the 500. Now they're going to have to spend the money for the 500 anyway because they need to scale up. 

I don't think they really separate support from line to line. Maybe if you get all the way up into supermassive issues they do. Between NSA and TZ, it's the same level of service that you get on the other end of the phone. To be quite honest, level one support is not sparkling. Level two is usually really good. Level three is usually a combination. You get to level three, and you're almost talking to development or a combination of a crew that's dealing with development and senior technical expertise. Those guys rarely fail us.

That's a typical support story. The level one guys will read the scripts and don't necessarily fix anything. We've already run through level one through three on our end with my staff. If they can't fix it, talking to a level one script reader is definitely not going to get it fixed. You should be able to bypass those guys if you're a reseller and a long-standing Silver Partner, like we are.

We've also used Cisco previously. A while back, we used to have Cisco as our primary choice, with SonicWall being our second. That changed when I came to the company in 2004, where SonicWall became our solution of choice. We've got 400 or 500 firewalls out there and we don't plan on changing over to anything else.

We're a Silver Partner.

I'm not an engineer. I was a field engineer for nine years a long, long time ago. However, I'm not typically the one that gets my fingers into stuff, and it would be my engineering and senior engineering staff that do that. That said, I can say that I don't think any of our guys have touched the virtual platform yet.

We use TZ and traditional NSA tech every day. That's our bread and butter.

The current version we're using right now is the 600 series, although we do still have some 350 series. 90% of what we use are Gen 6. They're either TZ 300, 400, 500, 600 or NSA 2600, 3600, 4600. 

We've got a smattering of 2650s that we've rolled out, which have been really, really good. Those are powerful units.

I'd rate the solution eight out of ten. It doesn't warrant more than that. There's plenty of products I'd give a five to out there, however, for the quality of the product offering, I think an eight is a fair mark.

We use SonicWall TZ for standard firewall use cases, like blocking intrusion attacks.

The solution's VPN is very good for stability and detecting threats. The solution's web content filter seems to be very good.

The solution's pricing could be made cheaper.

I have been using SonicWall TZ for five years.

I rate the solution a seven out of ten for stability.

Approximately 250 to 300 users are using SonicWall TZ in our organization.

I would recommend SonicWall TZ to other users.

Overall, I rate the solution an eight out of ten.