SonicWall NSA Review

Provides a secure mechanism for remote access. However, they are not ready for managed security services.

What is our primary use case?

Firewall/VPN appliance for SMB clients. Firewall provides advanced threat protection to internal hosts. It also provides a secure mechanism for remote access.

How has it helped my organization?

For the average SMB, this firewall does the job quite well. Granular user controls, firewall and NAT rules that you would expect. Licensed features provide application control, content filtering, antivirus, and anti-malware all in a single appliance.

What is most valuable?

Application control: It allows us to block applications, i.e., websites by application type category. It is far more capable than content filtering alone.

What needs improvement?

SonicWall has weaknesses. During its tenure with Dell, it was severely damaged (its reputation, innovation, etc.).  It is now recovering, but it may take time to get competitive again. They are clueless in some regards, which is unfortunate as they have the potential.

CPU: The CPUs are not able to compete with a similar price point to the Fortinet, WatchGuard, or Palo Alto product. Compare with the need to get 1Gbps throughput with full security (common nowadays), you are looking at NSA 5700. 

Wireless: What a disaster this has been historically. The new SonicWall will tell you it has been resolved and improved. It has improved - it actually works now, but performance is substandard. It is a terrible strategy to have a firewall act as an AP controller, in any case. Perhaps for an SMB, the integrated WiFi in their TZ series has a niche.

Anti-spam: Do not even consider it. It leaks like a shower head. What a mess that offering is. It requires a specific Java version on the server side (do not update it, otherwise it will break). In any case, a firewall doing anti-spam might be a low cost solution, but it is not your best strategy.

Logging/reporting: You need their analyzer to properly generate reports. This is an expensive, licensed feature, with a complex application or appliance back-end. 

MSP: They are not ready for managed security services.  Their Cloud GMS product is weak, barely out of beta (buggy).

VPN: Site-to-site is solid! Client-based VPN is another hot mess. Global VPN client issues and mobile connect issues. Do not even consider NetExtender - probably one of the most horrific, nightmare grade Java-based VPN clients. We have but all given up trying to make it work reliably.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

Yes. The VPN client connectivity has been a major complaint.

What do I think about the scalability of the solution?

Yes. The CPUs are very weak.

How are customer service and technical support?

During the Dell years, support was terrible. It has since improved.

Which solution did I use previously and why did I switch?

No. We have always only deployed SonicWall.

How was the initial setup?

Setup is easy. Anyone with basic firewall experience can do it.

What about the implementation team?

In-house only. Level 2 techs can handle most tasks.

What's my experience with pricing, setup cost, and licensing?

All advanced features are licensed capabilities, such as Advanced Gateway Security Suite or Comprehensive Gateway Security Suite.

Which other solutions did I evaluate?

We have evaluated Sophos, Fortinet, Palo Alto, and WatchGuard.

What other advice do I have?

Easy to manage and work with. Support has improved dramatically since their separation from Dell (North American-based tech support). Version 6.5 finally brings a fresh, redesigned interface, and some features that other firewalls have had for sometime (i.e., DNS Proxy).

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment