We use sonicwalls. 5 to be exact. I like them, and I had little networking knowledge when I started using them. I think we have dropped a VPN tunnel like once in the last year I have been in charge of them. All that takes is to disable/enable one of the objects.
I have TZ’s and NSA’s and love them. We setup site-to-site VPN’s as backup circuits in case our WAN connections to satellite offices go down. A monitor turns up the VPN connection automatically. Cisco phones are working great over the VPN. I’ve never had a bad experience with Sonicwall devices and support.
We use them for our main office and data center location. The only persistent issues we have is with the content filtering and trying to poke holes in it with app control rules. We run almost all the extra services offered on it and the throughput is still fine for us. Support isn’t great, but I think it’s improving.
I admin a lot of Sonicwall. The product is very solid. We have 40+ TZ215 units on a VPN to our corporate office which is also a Sonicwall router, I forget which model.
Support is sort of crap, unless you have a critical issue you usually have to stay on hold for hours to get to a tech.
I have had a lot of luck with Sonicwall. Really take some time to learn how it works, what the wizards do, etc.
Support wait times suck, but once you get through to someone they can usually solve your issue.
You should definitely look at Mikrotik’s Routerboard offerings. They’re pretty great, and very inexpensive.
Sonicwalls have given me such a headache over the years being too damn secure haha. We have since switched to Cisco Meraki for our customers and the features and support surpass anything we ever expected. I highly recommend having them send you a demo.
Personally I’d recommend Sophos for this project.
Look at a Sophos UTM for your head quarters and using their REDs (Remote Ethernet Devices) for your remote offices.
The RED are basically Site to Site VPN’s in a box.
I’d look at getting a bunch of ASAs. For this a 50 user bundle 5505 is about the same price and can last much longer.
I’ve used the NSAs and the TZs and I have been happy with both. I guess my luck with support has been a little better as I have no had a bad experience with them yet. We used the SSL VPN solution and it has been mostly stable. I’d say we’ve had more issues with Netextender (SSL VPN client) than the VPN itself.
Big fan of Sonicwalls here too, great devices that are easy to configure and get setup in a sane manner.
So far our experience with support has been pretty good (although we haven’t had any major issues).
For the price they have been really good and the ability to do license sharing with an even cheaper HA unit (basically the same HW just license restricted so it can only be used in a HA setup), has been a really big selling point for us.
As others have said, their support is not the best. But their products are pretty good. Been using them for more than a few years now. Largest implementation was 68 remotes sites connected back to the home office over site to site vpn. Worked awesome and saw zero issues.
Products are good. Support sucks donkey d***
theyre… ok. my biggest complaint is the licensing. i get they want you to license features, but the granularity just isnt there. IE, i can’t monitor my bandwidth without paying for 6 other features i don’t need.
the ptp vpn is rock solid, the clients (netextender/gvpn) not so much.
We have several sonicwalls out there and the only issue we have with them are when we are running an onsite 3CX setup. For some reason, the sonicwall cannot help but mess with our 3CX VoIP traffic. We’ve got a few sites on sonicwall and using OnSIP for their VoIP… no problems whatsoever.
For every other site that has a sonicwall, it’s been fantastic. As a whole, we’re moving more towards Mikrotik devices for
- price
- control (there’s no “magic” or behind the scenes stuff, you know exactly what’s going on because you configured it how you want)
but overall, Sonicwalls have been extremely solid in our experience. We haven’t had to call support once.
Just throwing out my sonciwall experience. Since this is a how bad do they suck, I am throwing out my one issue I have had with them. Most of my small customers will not pay for an ASA or the support that goes with it so I typically give them one of these and have them pay for the subscription services (spam, AV, content filtering, user website tracking) and I usually have no problem getting people to renew these services for $1000/year. They are reluctant up front to purchase it but generally are happy after a year.
I ran into one issue about a year ago after bonding 2 sonicwalls together in an HA pair, then upgrading the 2 to the latest code, we lost the ability to go to 1 website. And it was an important one. After rolling back the code, everything worked fine.
Other than that one headache I find them to be pretty valuable and offer a competitive price for what it can handle.
We have 14 SonicWALLs deployed and all have been great. We use site-to-site VPN, client VPN and SSL VPN with no issues.
Don’t know from where that suck statement came from but it’s not my opinion, and I installed a big variety of them, and in fact the last one was a NSA2600, VPN wise I think they are really good, fast and stable, and to be honest I have never seen a firewall with so many built in options and possibilities. I kinda have to agree with the support not being the best but it really depends on how lucky you are with the person on the other side, I got really good technical people and really bad ones, 50/50…
Overall in my opinion is a great product.
Site-to-Site VPNs are rock-solid. Client-site VPN is a bit more shaky, as others here have mentioned. NetExtender isn’t terribly fault-tolerant or scalable. You’ll want to use their SRA appliance. They offer it as a virtual appliance as well with a 30-day demo, after that it’s $500 for a perpetual license before any bells/whistles.
EDIT: What state are you in? If you’re in the same market as me I can have our channel guy send you docs on the SRA.
I ran 2 NSA5500s for a few years, they seemed to be okay.
The web interface is slow however, and has a lot of issues with IE (we had to talk to InfoSec to get Firefox installed just to manage them) and some of the packet dump options had issues before a firmware update.
I’ve never bought firewalls before but I can’t say I’d go with them again, I’d likely get a Checkpoint as a first choice and Juniper/Cisco as secondary. Sonicwall was relegated to the “value” section in my mind after dealing with a TZ200 for a branch-office install. It had tons of issues relating to the power supply, the replacement unit had a bad port but otherwise worked fine so. We decided to finish the project rather than gamble on another piece of hardware, I’m sure the 8P8C connector I put in the bad port to keep anyone from plugging into it is still there.
Ironically the TZ190 I had deployed earlier was really solid and had really good Tx/Rx distance on the wireless and exceptional connect/disconnect timing which was good for visitors. Other than that it was just a normal piece of equipment without many frills.