SonicWALL TZ 210 or Cisco ASA 5510?

KapsZ28

2[H]4U
Joined
May 29, 2009
Messages
2,114
Which is a better firewall without looking at all the additional services you can purchase on a Sonicwall.
 

KapsZ28

2[H]4U
Joined
May 29, 2009
Messages
2,114
Firewall. Not looking at administration standpoint. Just better overall firewall between the ISP and internal network.
 

dcrow903

n00b
Joined
Apr 13, 2011
Messages
1
Try having a look at the Watchguard 5 series. What kind of throughput and/or amount of connections are you looking at?
 

KapsZ28

2[H]4U
Joined
May 29, 2009
Messages
2,114
Small to medium businesses. ISP could be anywhere from 30mbps to 100mbps and from 10-100 PCs.
 

Nicklebon

Gawd
Joined
May 22, 2006
Messages
729
I would suggest you download the latest Gartner report to answer this question. I would post the magic quadrant but that would likely violate terms. Palo Alto has a free copy that you can download here:

http://connect.paloaltonetworks.com/gartner-mq-2013/?ts=MQ_2013_hpfeaturebanner

Based on your inputs I'd say Cisco but then again I wouldn't use Sonicwall as a door stop. I would suggest you read the report as it is only 30 pages and includes pros and cons of other vendors as well as Cisco and Dell.
 

KapsZ28

2[H]4U
Joined
May 29, 2009
Messages
2,114
How about using pfsense for a SMB? Is it common for companies to use pfsense?
 

wizdum

[H]ard|Gawd
Joined
Sep 22, 2010
Messages
1,943
How about using pfsense for a SMB? Is it common for companies to use pfsense?

I have heard of it, but companies typically prefer something with full service support. That way, if something breaks you can get a replacement overnighted to you.
 

Mackintire

2[H]4U
Joined
Jun 28, 2004
Messages
2,916
Sonicwall TZ210 and a Cisco 5510 are two totally different devices......

I'd sat the Cisco 5510 or consider a
Small Juniper SRX unit instead,
 
Last edited:

calvinj

[H]ard|Gawd
Joined
Mar 2, 2009
Messages
1,738
Sonicwall TZ210 and a Cisco 5510 are two totally different devices......

I'd sat the Cisco 5510 or consider a
Small Juniper SRX unit instead,

He's right.. tz210 would be more along the lines of a 5505
NSA2400/3500 would be closer to the 5510 than anything

I think you should probably be looking more towards the 55XX-X line anyways
 

KapsZ28

2[H]4U
Joined
May 29, 2009
Messages
2,114
Oops. Actually I meant to compare the TZ 210 to the ASA 5505. Didn't realize the typo.
 

Wrench00

2[H]4U
Joined
Sep 30, 2003
Messages
3,423
tz210 is discontinued. They have the tz215 now. Even the 205 is better then 210. as a UTM they are a great device. They do layer 2 and layer 3 routing as well as give you lots of firewall UTM features. This has saved me a lot of work.

210 had bugs.
 

KapsZ28

2[H]4U
Joined
May 29, 2009
Messages
2,114
OK, maybe I asked the question wrong. I am more interested in comparing Sonicwall against Cisco as a firewall for SMB. Doesn't have to be a specific model although I am looking at the Sonicwall TZ and NSA series compared to Cisco ASA series. One article I was looking at on the web, http://www.firewalls.com/sonicwall_vs_cisco seemed to be very biased and almost not believable.

Looking at Gartner, it is not very clear. Sonicwall and Cisco are neither visionaries. Cisco has been around much longer and is considered a challenger, but is not a leader.

I am also curious how pfSense compares, not including support since it is free.

So if you were setting up firewalls at small to medium business and your choices were SonicWALL, Cisco, or pfSense. Which would you go with and why?
 

Mackintire

2[H]4U
Joined
Jun 28, 2004
Messages
2,916
OK, maybe I asked the question wrong. I am more interested in comparing Sonicwall against Cisco as a firewall for SMB. Doesn't have to be a specific model although I am looking at the Sonicwall TZ and NSA series compared to Cisco ASA series. One article I was looking at on the web, http://www.firewalls.com/sonicwall_vs_cisco seemed to be very biased and almost not believable.

Looking at Gartner, it is not very clear. Sonicwall and Cisco are neither visionaries. Cisco has been around much longer and is considered a challenger, but is not a leader.

I am also curious how pfSense compares, not including support since it is free.

So if you were setting up firewalls at small to medium business and your choices were SonicWALL, Cisco, or pfSense. Which would you go with and why?

Keep in mind you can buy a PFsense support contract and if you are using this for a business and you are not familar and comfortable supporting PFsense you should strongly consider buying a support contract.
 

Nicklebon

Gawd
Joined
May 22, 2006
Messages
729
So if you were setting up firewalls at small to medium business and your choices were SonicWALL, Cisco, or pfSense. Which would you go with and why?

The question you are asking is overly broad and frankly it may very well be you trying to compare apples to oranges. Define your use case if you want a reasonable answer.
 

Vito_Corleone

[H]ard|Gawd
Joined
Dec 17, 2006
Messages
1,730
5510s are going EoL, so you'd want a 5512-X (or 5515-X) if you went with an ASA.

IMO, Sonicwall, Watchguard, etc, are garbage. Look at Palo Alto, Fortinet and Cisco.
 

Nicklebon

Gawd
Joined
May 22, 2006
Messages
729
As Vito says ... The only products that anyone should seriously consider fall into Q1 or Q2 of that Gartner report I linked earlier. Personally I'd laugh anyone who suggested Sonicwall out of my office. Apples and Oranges
 

Langly

Supreme [H]ardness
Joined
Dec 23, 2002
Messages
4,413
5510s are going EoL, so you'd want a 5512-X (or 5515-X) if you went with an ASA.

IMO, Sonicwall, Watchguard, etc, are garbage. Look at Palo Alto, Fortinet and Cisco.

Gonna 2nd this statement. If you want reliability, only look at PA, Fortinet and Cisco

I love the PA setups they are pretty nice
 

KapsZ28

2[H]4U
Joined
May 29, 2009
Messages
2,114
5510s are going EoL, so you'd want a 5512-X (or 5515-X) if you went with an ASA.

IMO, Sonicwall, Watchguard, etc, are garbage. Look at Palo Alto, Fortinet and Cisco.

Cool. This is basically the answer I was looking for without getting into too much details.

If we were comparing to cars maybe we could say SonicWALL is a Ford, Cisco is a Porsche, and PA is a Ferrari?

What about Check Point? Gartner seems to rate them pretty high.
 

obrith

Limp Gawd
Joined
Jun 11, 2004
Messages
267
I have heard of it, but companies typically prefer something with full service support. That way, if something breaks you can get a replacement overnighted to you.

I have this. My supermicro servers are overnight 3yr warranties and I stock really common parts on the shelf. I have a support contract with bsdperimeter - which I rarely need, but sometimes (ab)use to save time or verify best practice.
 

KapsZ28

2[H]4U
Joined
May 29, 2009
Messages
2,114
What does pfSense offer that the others don't other than it being much less expensive?
 

Nicklebon

Gawd
Joined
May 22, 2006
Messages
729
Cool. This is basically the answer I was looking for without getting into too much details.

If we were comparing to cars maybe we could say SonicWALL is a Ford, Cisco is a Porsche, and PA is a Ferrari?

What about Check Point? Gartner seems to rate them pretty high.

The analogy doesn't work as it implies speed. What you need to concerned with isn't speed so much as it is robustness and reliability. In that regard Sonicwall is a Chrysler and Cisco is a Honda and PA a BMW.

As for CheckPoint. The bulk of my day is spent with CheckPoint and Fortinet. I like them both ALOT much more so than ASA and PA. ATM my preference is Fortinet as they seem to offer more bang for the buck and our account team goes so far out of their way to help us. 3 weeks ago I sent an email to one of our account guys at 9AM on a Saturday morning and by 9:15 I had 4 Fortinet reps on the phone to help. Support like that goes a long way and I can't believe it is it typical for everyone but that is the support we get. Please don't take this to mean our CheckPoint support is bad. We have what CP calls Diamond support and never have I not had a call get to my designated engineer in timely manner and never have emails gone more than a few hours without answer. I could get a faster response if I just dialed the standard number but we prefer to deal our single point contact whenever possible as needs dictate. Again this is not the standard support level but it is what we have.

The only complaint I have CP is their licensing is confusing and PITA to deal with. If your just talking a few standalone boxes then that is no problem. Once you move to Provider-1 keeping licenses straight can be a problem.

The way things stand today I would take CP or Fortinet over just about anything else with a slight preference to Fortinet ... for now though could change soon if there any any new announcements at CPX in April..
 

Dark Shade

[H]ard|Gawd
Joined
May 2, 2006
Messages
1,872
I for one cannot stand Checkpoint, from their licensing to their GUI to there 15 different applications that you have to install that all do different things, then hunting down problems as to why policies won't install, or the inability to do NAT-T over a Site-to-Site VPN, and on and on. Give me an ASA anyday. I wait with bated breath when we can be rid of the Checkpoints in our office and put in a Cisco.

Note though that I'm much more familiar with Cisco products than any other vendor, so I *am* biased.
 

R3d

Limp Gawd
Joined
Apr 3, 2006
Messages
271
what are you looking to do with the firewall though? users connecting in through VPN? site to site VPN? content filtering? IPS?

each firewall will have +'s and -'s depending on what you're looking to accomplish.
 

Wrench00

2[H]4U
Joined
Sep 30, 2003
Messages
3,423
I was under the impression that Sonicwall devices made terrible L3 routers?

Firmware 5.6 and lower yes. 5.8 was completely rewritten.

I am a partner so I get the good tech support as well. Great guys all based in Pheonix.
 

Mackintire

2[H]4U
Joined
Jun 28, 2004
Messages
2,916
Firmware 5.6 and lower yes. 5.8 was completely rewritten.

I am a partner so I get the good tech support as well. Great guys all based in Pheonix.

That is interesting.

I might take sonicwall off my (do not buy list)
 

KapsZ28

2[H]4U
Joined
May 29, 2009
Messages
2,114
what are you looking to do with the firewall though? users connecting in through VPN? site to site VPN? content filtering? IPS?

each firewall will have +'s and -'s depending on what you're looking to accomplish.

Your typical firewall. IPS, DPI, SPI, etc.

VPN and site to site VPN is also important. I do like the SSL VPN on the SonicWALL.
 

bds1904

Gawd
Joined
Aug 10, 2011
Messages
1,007
Any of the routerboard "cloud core router" series or "RB1100Hx2" would also fit the bill, just an FYI.

RouterOS offers many different VPN options and is a very good routing platform.

Seriously, check it out. Mikrotik also has a live demo on their website so you can get a feel for the interface and the features.
 
Last edited:

Nate7311

2[H]4U
Joined
Jan 11, 2001
Messages
3,320
If you are opening it up, then make sure you look at Zyxel USG Series as well. I'd guess a USG200/USG300 to match your requested needs.
 
Top