Cisco or Sonicwall

W

Wolf-R1

[H]ard|Gawd
Joined
Aug 30, 2004
Messages
2,005
We are generally a Cisco shop however recent economics have driven us to look toward other options for replacing a pair of aged Cisco firewalls that are in a Stateful Failover configuration. We have quotes on a pair of Cisco ASA5520s however we also want to entertain the possibility of other hardware sources out there. The Sonicwall appliances caught my eye however I am wondering if anyone has any experience with them, particularly concerning their support and availability of support. We are a small shop and in my absence a junior admin needs to be able to work with their support to rectify problem or new setup issues. Cisco has traditionally been outstanding in this department.

Can anyone offer up thoughts, ideas, etc?
 
Sonicwall: Impressed with the hardware performance. Luke-warm on their software interface. Limited functionality. Not happy with the support. Gotta love the price.

Cisco: Impressed with hardware performance, software interface, functionality and Smartnet support. Costs a lot.
 
I wouldn't use Sonicwalls in a deployment like that. I mean I'd never want to use them, but I'd be more willing for a tiny branch office or something.
 
Vito_Corleone said:
I wouldn't use Sonicwalls in a deployment like that. I mean I'd never want to use them, but I'd be more willing for a tiny branch office or something.
Click to expand...

I wouldn't implement a sonic wall period, i have taken over a few and deal with it though.

Cisco is so much better, solid hardware, software, and the kind of support you enjoy calling.

Sonicwalls support is such a pain, they will refuse to help you if you are not on the latest release of your firmware.
 
Fascinating. A refusal to assist is pretty damnable if you ask me. No matter what software level you're on.
 
I find Cisco is easier to manage than Sonicwall. Have you also looked at Checkpoint, Netscreen or Proventia?
 
k1pp3r said:
You can eventually get them to do it, however they will refuse at first
Click to expand...

Yeah well as I mentioned in the OP sometimes junior admins have to work on the equipment. The last thing I'd want them to have to deal with is support refusing at all to help.
 
Vito_Corleone said:
Checkpoint will likely be more.

I'd look at Juniper, they're supposed to be great and cheaper than Cisco.
Click to expand...

Screen OS and JunOS take a little bit of getting use to, but they are cheaper and work just as well as the cisco imo
 
I'll echo another no for Sonicwall.

We recently bought some FortiNet's that are pretty good- generally stable. Their support is not too bad either.

I've used Checkpoint in the past- the support is good, but you've got to know what you're doing and they are a bit pricey.
 
StarTrek4U said:
I've used Checkpoint in the past- the support is good, but you've got to know what you're doing and they are a bit pricey.
Click to expand...
This.

I don't like their "way" of doing things, but I can see the value if you have a TON of Checkpoints to manage. The central management is pretty decent.
 
If you've got the bucks for the ASA5520 and the smart net contract, absolutely go for it, you won't regret it.

pfSense is the runner up penny pincher install if cost is a major factor, your choice.
 
I feel like an ass because I didn't even read your post, but I install SonicWALL products all the time and they SUCK. Constant firmware issues, the web interface loves to die, the CLI has very limited functionality, and more and more I'm running into issues where the GUI just plain wont do what I tell it to.

My vote is always Cisco.
 
Sonicwall vs. Cisco isn't a fair comparison. The Cisco will outclass and outperform the sonicwall in every single test. Stay away from sonicwall.

a fair comparison is between the netscreen and an asa.

for the performance you will get a bit more from the Cisco, but you'll end up spending a bit more. For the money, the juniper is probably the better deal.

You support/documentation/KB will be substantially better with Cisco, but thats how it is with everything. Personally, I use the CLI for the ASA and when I worked with netscreen also use the CLI. but the GUI for the ASA(asdm) is WORLDS better. I do like the NSM as it makes deploying "batched" configuration a snap.
 
Well I guess I'm in the minority but I'm currently managing around 30+ Sonicwall firewalls and starting to distribute CDP appliances to our branch offices.

In nearly 10 years of using Sonicwalls I have little to complain about them. Out of about 40 SW firewalls I've managed I've only had 2 that shot craps and that was after several years. One of them was kept in a closet which was always very hot. They've always been very reliable. Running 24/7 without issue. Never had any web interface issues.

Their support was lacking in the past, but it has improved over the past year and I find I am now talking to people in which English is the native language. I don't know if they stopped outsourcing support to India or not.

I never had a tech refuse support because the firmware was out of date. If they are unable to fix a problem early on they will recommend a firmware update. There is an annual renewal and if the support has expired they will not assist until support is renewed.

Within the past 6 months or so I started deploying Sonicwall CDP units. I admit the software on the CDP at first was problematic. But they have released a couple software updates to the units which have improved things.

I have no problems with the firewalls and find them to be very reliable. The basic OS is very easy to manage while the enhanced OS is considerably more complicated but feature wizards in the interface which make setting up some things much easier.
 
Mister Natural said:
I have no problems with the firewalls and find them to be very reliable. The basic OS is very easy to manage while the enhanced OS is considerably more complicated but feature wizards in the interface which make setting up some things much easier.
Click to expand...

Even though the functionality is very simple, I loved the old OS from the SOHO2/3 days. I liked the changes with the new TZ170 and Pro 2040/3060 series until I upgraded one to their Enhanced SonicOS. I can't stand it. I don't mind complicated when it increases functionality, but complicated for the sake of complicated is bad. It's an utter mess. And I understand Cisco IOS/ASA perfectly.
 
Valnar said:
Even though the functionality is very simple, I loved the old OS from the SOHO2/3 days. I liked the changes with the new TZ170 and Pro 2040/3060 series until I upgraded one to their Enhanced SonicOS. I can't stand it. I don't mind complicated when it increases functionality, but complicated for the sake of complicated is bad. It's an utter mess. And I understand Cisco IOS/ASA perfectly.
Click to expand...

You'll get little argument from me on the enhanced OS and I don't know of anyone that has commented favorably on it. But us being a Sonicwall shop I deal with it. It also appears all the new units like the TZ100 & 200 come with enhanced OS.

I mainly wanted to relate my personal experience with Sonicwall since there appeared to be a few comments which I would disagree with regarding stability/reliability.
 
I didn't read any of the replys to this thread but when I worked for a security company for bank systems, the first question I would ask a bank before I started troubleshooting was if they had a sonicwall or not. If they did I could attribute the cause of the problem to that machine.

On a side note, as I was writing this a person was troubleshooting a problem with a sonicwall. (I work for a voip provider now)
 
Destonomos said:
I didn't read any of the replys to this thread but when I worked for a security company for bank systems, the first question I would ask a bank before I started troubleshooting was if they had a sonicwall or not. If they did I could attribute the cause of the problem to that machine.

On a side note, as I was writing this a person was troubleshooting a problem with a sonicwall. (I work for a voip provider now)
Click to expand...

That makes absolutely no sense to me. Like I said I've worked with Sonicwall for 10 years and no complaints. If nothing else the security features were working well and whomever had no idea on how to address the problem.
 
Always find it interesting to read the SonicWall posts. I've deployed them since the old SohoTele days- about 10 years. I don't even know how many I've put out there.... 50? 60? More? Main offices, branch offices, home offices, tunnels between offices, hub and spoke, you name it. In all that time, the combined list of problems has been

1-a TZ150 that was just plain junk. Never got it to work right- they replaced it, no hassles. The 150's are little toys anyway, but it was in an owner's house- wanted tunnels to the offices.

2- TZ170w that fried. 3 yrs old, they moved, and when they put everything back in the new place a user plugged the power cord from another brick in that was different voltage. Poof.

3- Just had firmware corrupted in a 2-1/2 yr old TZ180- would lose WAN link. Rebooted with backed up firmware- all was well in about 3 minutes.

Virtually every one of them is still in service, other than the old tele units being retired. We'll see if the new models are as durable as the previous ones- the new 200's and 210's seem a little lilghtweight, but they sitll perform well.

Yes- the OS enhanced took some getting used to, understanding zones, groups, etc. But everyone USED to complian that they couldn't customize enough. So here is the answer, where now you can customize everything, and nobody likes that either. CLI? Ugh. I have too many other things to learn / maintain in my life to have to remember CLI commands. If you live with them every day, sure. Yes- too bad they couldn't offer both for those that prefer it.

Rock solid tunnels, reasonable prices, longevity. All good. Yes I have heard support sucks, but since I have only had to call them once, I can't comment. Don't understand why people that say they have so many problems, well... why they have so many problems. Odd.
 
I dunno, I've just always had problems with sonicwalls. From one of my friends telling me about his sonicwall at his job dieing when they had a surge and no other devices that got fried to this guy that kept two of my fellow techs here till 6:30 with issues reguarding his sonicwall not fowarding sip messages.
 
Sonicwall's are notorious for not handling sip properly, nor are there solutions to a lot of the sip problems. This is the #1 reason I stay away from them for all installs. You never know which company is going to call me back and want an ip phone system installed. OpenWRT/pfSense/Untangle for small installs, Cisco for everything else. Period.
 
awesomo said:
Sonicwall's are notorious for not handling sip properly, nor are there solutions to a lot of the sip problems. This is the #1 reason I stay away from them for all installs. You never know which company is going to call me back and want an ip phone system installed. OpenWRT/pfSense/Untangle for small installs, Cisco for everything else. Period.
Click to expand...

true, I wouldn't mind throwing adtran in either...
 
Ok adding my experiences here.

Not known with Sonicwalls but heard few good things about them over the years...

Currently I use a mixed Juniper/Cisco enviroment where Juniper has proven to be the more reliable,support and cost effective solution .

Although their latest line of SRX's is giving some headache migrating from our EOL netscreens.

Cisco was always a bit cumborsome to maintain in their pix days but if you knew what you were doing not bad atall

Checkpoint well it has its ups and downs but in general stable and reliable at a price. Oh and best know what you are talking about when contacting support or they will let you know you are not a qualifite engineer :)

But as you are thinking Cisco from the start I would stay in the Cisco or Juniper as alternative lines.

Pfsense and them just do not have the musscle when it comes down to it up to 100 concurrent connections a second ok after that it crumbles.....
Sorry I love Pfsense but it is truelly not an enterprise solution, personally I think it is hindred by its legacy.
 
abyss1 said:
Pfsense and them just do not have the muscle when it comes down to it up to 100 concurrent connections a second ok after that it crumbles.....
Sorry I love Pfsense but it is truelly not an enterprise solution, personally I think it is hindred by its legacy.
Click to expand...

Please elaborate.
 
Valnar said:
Please elaborate.
Click to expand...

Simply put the M0n0wall background and open-source.

Even though it has enabled it development and made it more towards a business solution I would not use it in a enterprise business size as it just doesn't measure up.

Like I said I don't mind it and use it at home or small business gladly just nothing major.
 
abyss1 said:
Simply put the M0n0wall background and open-source.

Even though it has enabled it development and made it more towards a business solution I would not use it in a enterprise business size as it just doesn't measure up.

Like I said I don't mind it and use it at home or small business gladly just nothing major.
Click to expand...

I understand it's legacy, although most of that code is gone by now. It's also on much more modern versions of FreeBSD. I'm just trying to understand why you think monowall, pfSense or FreeBSD have anything to do with it being not up to snuff?

I'll agree that its feature list pales in comparison to a Cisco ASA, but I wouldn't say it couldn't keep up in packet forwarding. The hardware you can buy for PfSense can (potentially) blow away a Cisco ASA.
 
You must log in or register to reply here.
Back
Top