SonicWall NSA Review

We switched to a UTM to have a comprehensive security solution and one interface to manage it


What is most valuable?

Because this is a UTM, we appreciate having a single pane of glass for a firewall, content filtering, and IPS/IDS services. It is much easier to manage and costs less.

How has it helped my organization?

In a K-12 environment, internet security is paramount and threats change quickly.

The main improvement for the organization is uptime and the ability to quickly affect security changes.

The second plus is the ability to improve throughput during peak traffic hours.

What needs improvement?

SonicWall uses a cloud-based database for content filtering. If the NSA cannot contact that online DB, filtering is handled one of two ways. Traffic is either halted completely or it is passed-through totally unfiltered.

In a K-12 school environment, neither is acceptable. It would be better if the DB can reside on the NSA and is used in the event the online DB is unavailable. Other than that, it works fine.

For how long have I used the solution?

This product has been online for over four years.

What do I think about the stability of the solution?

On two occasions, we had a 10GB SFP failure. But because we have an HA configuration there was no disruption. 10 GB SFPs seem to be fragile. Other than that, the system is quite stable.

What do I think about the scalability of the solution?

None.

How is customer service and technical support?

Technical support has been very good, the few times we've needed it.

Which solutions did we use previously?

A Cisco ASA 5500 was used prior to the NSA 6600. We switched to a UTM to have a comprehensive security solution and one interface to manage it.

How was the initial setup?

Initial setup was complex. But that was expected when migrating from three separate security systems into one unified system. There was a basic template for converting some Cisco's ASA command line instructions to those used by SonicOS. Most of the configuration had to be developed or cleaned up in the SonicOS GUI.

ASA has a much better CLI, especially if you’re used to Cisco IOS. SonicOS CLI is mostly used by tech support.

Initially, it was a bit of a learning curve, but the SonicOS GUI is efficient and easy to use, enough for our needs, anyway. Once network and firewall rules (80% of the complexity) were configured, content filtering, IDS/IPS and other security services were enabled with check boxes.

What about the implementation team?

I recommend a 30-day test run in monitor mode. If you decide on this product, spend the extra dollars and get a second unit to setup an HA system. No down time during SonicOS upgrades or major configuration changes.

If you expect to operate at 10GB, keep one or two extra 10GB SFPs as spares, even though they are not cheap.

What's my experience with pricing, setup cost, and licensing?

The NSA series has several suites available depending on your security needs. Pricing and licensing is straightforward based on the suite you choose.

Which other solutions did I evaluate?

We considered upgrading the ASA to include the IPS module and adding a second unit for HA.

We also considered PaloAlto but at the time considered it too pricey for our needs. As for as an online evaluation, we did not do that. Time and rack space constraints prevented it.

However, a trusted VAR (more than 12 years) helped to ease our decision to go with the SonicWall.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email