SonicWall NSA Review

Weak firewall. Licensing mechanism is a trap. Woefully inadequate VPN clients and methods. Look elsewhere


What is our primary use case?

Firewall/VPN appliance for SMB clients. Firewall provides advanced threat protection to internal hosts. It also provides a secure mechanism for remote access.

How has it helped my organization?

For the average SMB, this firewall does the job. Granular user controls, firewall and NAT rules that you would expect. Licensed features provide application control, content filtering, antivirus, and anti-malware all in a single appliance.  Be aware that their ATP is poorly implemented (stops downloads, forcing users to wait and click again).  Also be aware that the IPS/IDS, and Gateway Antivirus will do very little for modern threats such as ransomware.  We have had emotet trojans easily pass the firewall, connect to international foreign (and obviously) some kind of C&C without stopping it.  So little to no protection against modern threats, no HTTPS proxy as an option, poorly implemented ATP - it makes the case for a SonicWall very difficult to justify.  This vendor is frustratingly slow at adapting, evolving or improving their product.  They are unable to keep up with competition.

What is most valuable?

Application control: It allows us to block applications, i.e., websites by application type category. It is far more capable than content filtering alone. 

What needs improvement?

SonicWall has weaknesses. During its tenure with Dell, it was severely damaged (its reputation, innovation, etc.).  It is now recovering, but it may take time to get competitive again. They are clueless in some regards, which is unfortunate as they have the potential.

CPU: The CPUs are not able to compete with a similar price point to the Fortinet, WatchGuard, or Palo Alto product. Compare with the need to get 1Gbps throughput with full security (common nowadays), you are looking at NSA 5700. 

Wireless: What a disaster this has been historically. The new SonicWall will tell you it has been resolved and improved. It has improved - it actually works now, but performance is substandard. It is a terrible strategy to have a firewall act as an AP controller, in any case. Perhaps for an SMB, the integrated WiFi in their TZ series has a niche.

Anti-spam: Do not even consider it. It leaks like a shower head. What a mess that offering is. It requires a specific Java version on the server side (do not update it, otherwise it will break). In any case, a firewall doing anti-spam might be a low cost solution, but it is not your best strategy.

Logging/reporting: You need their analyzer to properly generate reports. This is an expensive, licensed feature, with a complex application or appliance back-end. 

MSP: They are not ready for managed security services.  Their Cloud GMS product is weak, barely out of beta (buggy).

VPN: Site-to-site is another problem area - Client-based VPN is another hot mess. Global VPN client issues and mobile connect issues. Do not even consider NetExtender - probably one of the most horrific, nightmare grade Java-based VPN clients. We have but all given up trying to make it work reliably.   If VPN is important for you - look elsewhere.  You have to pay for licenses (most competitive vendors include this by default).  You will have 4 different methods, 3 different clients, 2 licenses and all of this to have a horrible VPN connectivity.  No proper or modern 2FA for additional security.  AVOID!

AGSS / ATP: This is poorly implemented.  A user will click to download a new type of file, and nothing happens.  They have to wait an indeterminate amount of time, and try again to see if it works.  It is so annoying, most clients avoid this capability, just nullifying the whole purpose of it.

App Control:  Be aware that either due to firmware updates, or bugs - app control will behave poorly (cause packet loss, or outright blocking) with normal and legitimate activities.  Resetting and re-configuring it is the work-around (super annoying).


For how long have I used the solution?

More than ten years.

What do I think about the stability of the solution?

Yes. The VPN client connectivity and licensing has been a major complaint, especially during COVID-19

What do I think about the scalability of the solution?

Yes. The CPUs are very weak.

How are customer service and technical support?

During the Dell years, support was terrible. It has since improved.

Which solution did I use previously and why did I switch?

No. We have always only deployed SonicWall.

How was the initial setup?

Setup is easy. Anyone with basic firewall experience can do it.

What about the implementation team?

In-house only. Level 2 techs can handle most tasks.

What's my experience with pricing, setup cost, and licensing?

All advanced features are licensed capabilities, such as Advanced Gateway Security Suite or Comprehensive Gateway Security Suite.  VPN clients are licensed, and you have to choose a type of license you want (how ridiculous is that). 

Which other solutions did I evaluate?

We have evaluated Sophos, Fortinet, Palo Alto, Barracuda, WatchGuard and now CheckPoint

What other advice do I have?

Avoid this company.  They have no idea what they are doing, except a slick marketing campaign.  They don't listen to their customers.  The only evolution of the product in the last few years was a slight redesign of the web interface and DNS proxy.   They will push their SonicWall "Capture" but this has nothing to do with the Firewall product itself, it is a windows based NextGen A/V based on Sentinal with ATP.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More SonicWall NSA reviews from users
...who work at a Manufacturing Company
...who compared it with Fortinet FortiGate
Add a Comment
Guest
2 Comments

author avatarBill Murphy
User

My team's experiences with SonicWall have been 100% the opposite of this user.

author avatarAlona Bean
Community Manager

Bill, would your team like to share their experience with SonicWall on our platform? I would appreciate it if you could make the introductions :)