SonicWall NSA Review

​With Site-to-Site VPN we can connect several branch office that we have and with the routing options we can setup a VPN backup route using different ISPs.


What is most valuable?

  • Site-to-Site VPN
  • Deep Packet Inspection
  • Easy routing capabilities
  • Stability
  • AD integration
  • Traffic shaping options
  • VLAN options per interface
  • APP based rules/filtering

How has it helped my organization?

With Site-to-Site VPN we can connect several branch office that we have and with the routing options we can setup a VPN backup route using different ISPs, this is great when the ISP stability is not good. The AD integration is not the best but it works, thru that option we enhance the security of the device in terms of manageability. Deep Packet Inspection helps us to block undesired traffic like p2p activity even in ssl encrypted tunnels, but this is far from being easy to setup. Traffic Shaping options give us the ability to limit interfaces like the "guest wifi interface" however you can setup this per interface, not per VLAN, you have to create a firewall rule then apply "Bandwidth management rule".

What needs improvement?

Sometimes, the GUI is extremely annoying and you need to implement external tools for better network monitoring.

The GUI needs to be worked on as sometimes it's annoying to configure because the options are separate. For configuring a simple port mapping you have to go to the address object menu, then the NAT menu, then theFirewall menu, and if you want to delete this rule, you have to go backwards.

The AD integration works but in some cases when the connectivity to the AD is lost, SonicWALL also lost the AD synchronization and we had to login using a local user to re-synchronize the appliance with the AD.

Last, but not less important, are the tools for monitoring the network. The appliance has a lot of monitoring tools, but they are not efficient. For example, you cannot see (in real time) what user is accessing what site, consuming bandwidth, etc. but you need external tool to do this. Dell need to take a look at their Kerio control software).

For how long have I used the solution?

I have been using it for eight months.

What was my experience with deployment of the solution?

None, the deployment was done in conjunction with a Dell partner. They had some difficulties, but all of them related to our specific scenario. In that time we use all the configurations per IP basis and not per zone basis like Dell recommends.

What do I think about the stability of the solution?

Some, but they were very strange. For example, one of our ISPs gave us an IP address through DHCP, and in two cases the interface won't take a new IP address, even if we reboot the appliance, we have to use another interface to solve this. For other cases, we use LenovoEMC Storage Connector.

That software floods the connections of SonicWALL reaching the 322000 simultaneous connections/sessions. Until we find this software, the SonicWALL becomes very slow almost unresponsive, also we start to losing connection to other networks that are being handled by the SonicWALL. We solved this by applying connection limits but the final solution was uninstalling that Lenovo software.

What do I think about the scalability of the solution?

None, but if you need more you have to pay licenses and if it is no enough that you have to buy a mayor model of SonicWall.

How are customer service and technical support?

Customer Service:

We use our Dell Partner who are slow, but efficient.

Technical Support:

Our Dell partner have great technicians and they know the product. However they were slow to solve some problems because the GUI didn´t allow a fluent workflow/management.

Which solution did I use previously and why did I switch?

We didn't have a solution in place previously.

How was the initial setup?

Because our scenario requirements were complex, the initial setup was somewhat complex.

What about the implementation team?

We used a Dell partner who had a great level of expertise.

What's my experience with pricing, setup cost, and licensing?

You have to look if this device will do the task that you need, and if it does with which license do it. If you haven't got a license, you almost cannot use this equipment. Here you have a license for all, from the device itself to the user VPN license, so you have to be careful with this. Also, the licenses are not perpetual so my advice is talk with a Dell partner, know the product, know the limitations and compare with other brands.

Which other solutions did I evaluate?

We didn't look at any other options.

What other advice do I have?

SonicWALL offers two operating modes, per IP basis, and per zone basis. You should design your network for work on the per zone basis. It will be easier and effective to manage the device.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email