SonicWall NSa Reviews

We are using SonicWall NSA 2600 for firewall purposes. We have its latest version.

It is able to fulfill my requirements. It protects our network environment. It has control over IPS, signatures, and it can also manage bandwidth and mapping. It is also stable and has good support.

It doesn't require much improvement. The only improvement area is that cloud reporting, assessment reporting, and other reporting features should be available with the subscription. They should provide reporting features with the subscription base, which is currently not there. We bought the reporting tool, but there are some complications. They have made some changes to the application, and now the reporting management is completely on the cloud. 

I have been using this solution for four years.

It has been stable. There are no issues with its stability.

It is not scalable. We can upgrade to a new box depending on the subscription. We have a three-year subscription, so we will continue with it for three years. After that, we would look for an alternative tool based on our requirements. Currently, we have approximately 250 plus users.

We have a license for support. We can raise a ticket if we need any assistance from their support. They are good, and I am satisfied with their support. They always take care of customer satisfaction. There might be a delay or something, but at the end of the day, they resolve the issues.

I have used other solutions. Palo Alto and Sophos are good solutions. FortiGate is also good, and it allows you to see and manage everything from one control. Some of the features available in other solutions might not be available in SonicWall NSA, but it is fulfilling my requirements.

We don't really need any support with the installation. There are a lot of knowledge documents. We also have a license for support, and if required, we can get support.

We have only two people who have been managing it for the last three years or so. We didn't face any challenges.

Its price is okay.

I would recommend this solution to others. I am satisfied with this solution.

I would rate SonicWall NSA an eight out of ten. 

We use this firewall to protect our perimeter. We create NAT policies and have a DMZ set up.

It is also used to filter the internet for all of our users.

The most valuable feature is the sandbox.

The content filter needs to be improved. I would also like to see better application filtering.

When we are troubleshooting problems, we find that the logs we see are not sufficient. It makes it difficult to find out what the main issue is. It means that we have to search further or perform another test to see what happened.

Technical support is in need of improvement.

We have been using SonicWall for approximately 15 years, and more specifically, SonicWall NSA for the past 10.

The stability is fine and we don't have any issues. We have never needed to report a problem.

We have about 20 people in the company who are protected by this product, and I think that the scalability is fine. However, I would say that it is best for small to medium-sized organizations.

When we have gone to the vendor for support, I don't think that the quality was very good. I would rate the vendor support a six out of ten.

I used to work with Check Point, and they are very good when it comes to application filtering.

The initial setup is easy and the deployment can be completed in between two and four hours. This includes installation and adjustments that need to be made.

We have an in-house SonicWall specialist.

When implemented properly, the total cost of operation is very low.

My advice for anybody who is looking into implementing SonicWall NSA is that they have to be very clear about what it is that they're looking for. It is a good solution for small and medium-sized businesses, and when you are very clear about what you need, you can implement a lot of other security services with a total cost of operation that is very low.

I would rate this solution an eight out of ten.

We primarily use the solution for just securing our users and creating a LAN through VPN tunnels. We use it to provide remote access to a cloud service.

It has allowed us to work remotely when the order to shelter in place went into effect in March of this year due to COVID-19.

The most valuable aspect of the solution is its ability to work like any other firewall.

The product is pretty easy to configure. It's easy to maintain and it works well with Windows.

There are features that offer 3G, 4G, failover, wireless, and things like that are very good. I'm not a firewall expert, however, in my opinion, the solution pretty much covers the needs of small and medium businesses.

Currently, I just have the basic modules turned on. I'd love to see how it works in terms of preventing more malware from getting through.

We still get phishing emails that manage to come through from time to time.

The solution could use a bit more security.

We had issues with the VPN tunnel between two sites. It wouldn't stay up. That was a problem for us. They need to fix it if they find it happens across the board to other customers.

This company has been using the solution for good three years.

The solution is stable. I've had one running for a little over 300 days without any problem. There aren't bugs or glitches. It doesn't crash or freeze. It's reliable.

The scalability is pretty good. I can scale out and add a firewall within a new office if I need to. If an organization wants to scale, they should be able to do so with no problems. Everyone working in our office uses the solution. Anybody that has a work laptop that needs to remote work from outside the office can do so as well. It's 100% used across the board.

I had to call support when one of my VPNs was failing. The VPN tunnel between two sites wouldn't stay up and they had us use a different security protocol.

They were very helpful. I found them to be quite responsive and knowledgeable. I don't think the problem with the VPN should have been there in the first place, however, that said, they did help us. I'd rate them, overall, at a nine out of ten.

The initial setup isn't too complex. My understanding is that it's straightforward. I didn't set it up myself, however, it's got configuration wizards to walk a user through. This no doubt is quite helpful and makes it pretty simple in terms of implementation.

The pricing is pretty reasonable. We don't find it to be overly expensive.

The version we are using is NSA 20 or 60.

If a company is looking for a good product that's easy to configure, I would suggest they consider SonicWall.

I'd rate the solution nine out of ten. If we didn't have that trouble with the VPN tunnel, I would give it a perfect score.

Firewall/VPN appliance for SMB clients. Firewall provides advanced threat protection to internal hosts. It also provides a secure mechanism for remote access.

For the average SMB, this firewall does the job. Granular user controls, firewall and NAT rules that you would expect. Licensed features provide application control, content filtering, antivirus, and anti-malware all in a single appliance.  Be aware that their ATP is poorly implemented (stops downloads, forcing users to wait and click again).  Also be aware that the IPS/IDS, and Gateway Antivirus will do very little for modern threats such as ransomware.  We have had emotet trojans easily pass the firewall, connect to international foreign (and obviously) some kind of C&C without stopping it.  So little to no protection against modern threats, no HTTPS proxy as an option, poorly implemented ATP - it makes the case for a SonicWall very difficult to justify.  This vendor is frustratingly slow at adapting, evolving or improving their product.  They are unable to keep up with competition.

Application control: It allows us to block applications, i.e., websites by application type category. It is far more capable than content filtering alone. 

SonicWall has weaknesses. During its tenure with Dell, it was severely damaged (its reputation, innovation, etc.).  It is now recovering, but it may take time to get competitive again. They are clueless in some regards, which is unfortunate as they have the potential.

CPU: The CPUs are not able to compete with a similar price point to the Fortinet, WatchGuard, or Palo Alto product. Compare with the need to get 1Gbps throughput with full security (common nowadays), you are looking at NSA 5700. 

Wireless: What a disaster this has been historically. The new SonicWall will tell you it has been resolved and improved. It has improved - it actually works now, but performance is substandard. It is a terrible strategy to have a firewall act as an AP controller, in any case. Perhaps for an SMB, the integrated WiFi in their TZ series has a niche.

Anti-spam: Do not even consider it. It leaks like a shower head. What a mess that offering is. It requires a specific Java version on the server side (do not update it, otherwise it will break). In any case, a firewall doing anti-spam might be a low cost solution, but it is not your best strategy.

Logging/reporting: You need their analyzer to properly generate reports. This is an expensive, licensed feature, with a complex application or appliance back-end. 

MSP: They are not ready for managed security services.  Their Cloud GMS product is weak, barely out of beta (buggy).

VPN: Site-to-site is another problem area - Client-based VPN is another hot mess. Global VPN client issues and mobile connect issues. Do not even consider NetExtender - probably one of the most horrific, nightmare grade Java-based VPN clients. We have but all given up trying to make it work reliably.   If VPN is important for you - look elsewhere.  You have to pay for licenses (most competitive vendors include this by default).  You will have 4 different methods, 3 different clients, 2 licenses and all of this to have a horrible VPN connectivity.  No proper or modern 2FA for additional security.  AVOID!

AGSS / ATP: This is poorly implemented.  A user will click to download a new type of file, and nothing happens.  They have to wait an indeterminate amount of time, and try again to see if it works.  It is so annoying, most clients avoid this capability, just nullifying the whole purpose of it.

App Control:  Be aware that either due to firmware updates, or bugs - app control will behave poorly (cause packet loss, or outright blocking) with normal and legitimate activities.  Resetting and re-configuring it is the work-around (super annoying).

More than ten years.

Yes. The VPN client connectivity and licensing has been a major complaint, especially during COVID-19

Yes. The CPUs are very weak.

During the Dell years, support was terrible. It has since improved.

No. We have always only deployed SonicWall.

Setup is easy. Anyone with basic firewall experience can do it.

In-house only. Level 2 techs can handle most tasks.

All advanced features are licensed capabilities, such as Advanced Gateway Security Suite or Comprehensive Gateway Security Suite.  VPN clients are licensed, and you have to choose a type of license you want (how ridiculous is that). 

We have evaluated Sophos, Fortinet, Palo Alto, Barracuda, WatchGuard and now CheckPoint

Avoid this company.  They have no idea what they are doing, except a slick marketing campaign.  They don't listen to their customers.  The only evolution of the product in the last few years was a slight redesign of the web interface and DNS proxy.   They will push their SonicWall "Capture" but this has nothing to do with the Firewall product itself, it is a windows based NextGen A/V based on Sentinal with ATP.

Primary use is Office 365, all our users have cloud-based email. The rest is business emails, business procurement, etc. And if users are on after hours and they want to see more, we allow it, but still, blocking is difficult on the SonicWall. It's not easy. We have about 300 users who go through the internet.

At the moment, none. It just doesn't do its task. Users, no matter how you configure it - and it's configured quite carefully in the sense of censoring - seem to be able to punch to the file. It just doesn't do its job.

It seems to have all the features, it's just not performing.

It has good reporting, the reporting is marvelous, but reporting is always after the fact and you want to be proactive if you're a firewall. You don't want to be saying “Ah! We had a bot running on the network,” while SonicWall itself didn't give that indication in an active way.

The problem primarily with SonicWall is it's a Unix box. And it's all software, all the activities, blocking, censoring, everything has to happen in the software. If you start hitting the box with a lot of sessions it slows down and that's not what I expect from a firewall.

I have worked with this box for six months, and it's a daily task to manage this thing. You don't have to always have time to do this.

The room for improvement is to step away from the Unix platform. It needs to be a specialized system that manages firewall activity. You don't want to rely on two systems, one being Unix and one being the firewall. Unix is a powerful system, I have no doubts about it. I've set up Unix systems my whole life and they're very powerful. However, when it comes to dedicated tasks it's not suitable. That's Unix. Unix is general. It does everything. And by doing everything, it's not always as powerful as a dedicated system like a hardware solution, like Fortigate.

It's fairly stable. In the last six months, I've had to restart the box about five or six times because it just didn't do what it needed to do. And after the restart it started working again. So it's not as reliable, in my view.

It might be working in other environments, but in my view - we have a satellite connection of only 8 megabits - it's very hard to control bandwidth on the SonicWall to allow certain types of traffic to have priority. You can't really dedicate certain bandwidth for, let's say, an Office 365 solution. It's all very global. And global makes it hard to manage on a slow link, and 8 megabits is a slow link.

I don't know about scalability because I have only worked with this box. There are probably faster boxes on the market. This box should be sufficient for 300 employees and my impression is that performance is suffering if too many people are trying to get through it.

The main reason this was bought was it was cheap. We all know that Fortigate is far more expensive. But, then again, it's more like the Rolls-Royce of firewalls. And what you can do with it in hardware has no comparison with any of the software solutions on the market. Yes, everything performs, every firewall-type solution, whatever you want to use, does its job. But you want to have a management-free solution. If you look at Fortigate, no matter how you look at it, you know it works. With Unix boxes, you never know. It's a Unix system and, for whatever reason, it can stop working and you have to reboot the machine, which is not the most beneficial solution.

I've used Fortigates. Fortigates have no problems if you start adding a thousand users, depending on what kind of service provider you have. A big difference is that it's global censoring on the SonicWall. On the Fortigate you can censor per rule, and that's a big difference if you are in a multi-user environment where you have different types of actions.

At my current company, this was set up at the beginning, when the company started. They have never had a different solution. They have another location with Zyxel firewalls, which will also be replaced with Fortigates. They all perform. That's probably the best thing I can say about them. What we're going to implement now is a far broader solution with authentication and everything else. At this stage, that is not implemented on the SonicWall. My fear is that if we implemented that on the SonicWall, we would have more problems. It's really not that flexible.

My most important criteria when selecting a vendor are manageability and the features, and by features I mean complete management of the firewall.

The setup is fairly simple. That's why I'm surprised that this box is struggling. That's not what I would expect from this type of solution.

Do your homework. Go to your website, compare firewalls, not only SonicWall, not only Fortigate. Compare them for the task that it needs to run for your company. That's the bottom line. There are small firewalls which will suffice for certain companies. You might need bigger ones, you might need more features. So really, you have to do your homework.

I work in an African country, knowledge is something they are still gaining, and SonicWall is too difficult for most people to manage, versus a Fortigate where it's really a step-through and you know what you're doing, you can see what you're doing. You can't really see that on a SonicWall.

It's very hard to manage this box. You really need a lot of skills to operate the SonicWall. There is training and the like, but it's just hard to manage. Even if you have the knowledge, there are too many options. The menus are not very clear, where you should find the information.

The solution helps with VPN. 

The most valuable feature I've found is VPN and web protection, particularly with navigation assessment. We use the application control feature to create rules controlling specific application navigation. 

The web interface administration of SonicWall NSa could be improved. Compared to Sophos and FortiGate, making rules is easier with those systems.

The solution is expensive. Its pricing is based on the number of users. 

I rate the overall product an eight out of ten. 

We are using SonicWall NSa as a network firewall and for segmentation on internal networks. We are using this firewall on the application level ID. We are using it for specific segmentation between production LANs and between technologies.

Overall SonicWall NSa is a good solution for our use case.

The solution's price could be reduced. It is expensive.

I have been using SonicWall NSa for approximately four years.

SonicWall NSa is highly stable.

The scalability of SonicWall NSa is good. We have approximately 2,000 users using it.

I did not use the support from SonicWall NSa.

We have used other solutions such as pfSense and Linux native firewalls. I prefer SonicWall NSa but if you are going to use something for an enterprise you need another solution.

We have been using the solution for many years which has made the initial setup easy for us.

SonicWall NSa is worth the money we paid.

The price of SonicWall NSa is expensive.

The solution does not require a lot of maintenance. We have a specific team now for all technology, all for all infrastructure technologies.

I rate SonicWall NSa a seven out of ten.

SonicWall is for general security purposes.

SonicWall has all the usual functions, like LAN configurations, security features, word filters, etc., but it also has the CFS agent, which isn't available in any other firewall. Reporting port support is also there.

I also like the ability to manage all the firewalls from a single location. We can support all those things from this application. It's a cloud-based solution.

The thing main thing is that there's no user admin and in other firewalls, we can enable the scalable features, but SonicWall doesn't have that feature. 

I've used SonicWall for about seven years.

SonicWall NSa is reliable.

It's cloud-based, so the scalability is good, and it's suitable for any size of customer.

SonicWall support is good. I rate it 10 out of 10.

Positive

SonicWall NSa is easy to understand. The initial setup for any firewall is straightforward. Having a single console is also good. The deployment time can vary depending on the client's requirements, like VPNs, routing, policies, load balancing, etc. At most, it will take one hour. I rate it 10 out of 10 for ease of setup. After deployment, SonicWall doesn't require specific maintenance. 

We are resellers, so the clients who purchase the firewall deploy it themselves. We provide support, too.

I rate SonicWall NSa nine out of 10.