Educause Security Discussion mailing list archives
Re: Sonicwall NSA 4500
From: James Cooley <jcooley () FIT EDU>
Date: Tue, 28 Jul 2009 11:14:35 -0400
We have deployed several different models of the NSA series devices on campus along with Cisco ASA and Checkpoint devices depending on the required use. Our NSA 4500s are primarily used for departmental firewalls and we really like them. The gateway antivirus feature in particular has been of great use for blocking malware from websites and emails that our other solutions are not catching. We've just deployed the NSA series devices in the past few months as replacements for our older Pro series Sonicwall devices. Among the Pro and NSA devices, we have not had any reliability issues with the devices crashing or locking up, and our oldest Pro-series device had been running for a little over two years. The NSA 4500 devices only have one power connection. With regards to making firewall rule modifications, they are pretty easy with the Sonicwall using their web-based interface. Firewall rules between PIX/ASA and the Sonicwall are a bit different. If you had been using the command line interface on the PIX devices, you'll probably like the Web GUI on the Sonicwall. Between ASDM and the Sonicwall interface though, I feel like I can make changes a lot quicker in the ASDM interface. Browsing through the IPS and A/V rules through the Sonicwall web interface is a bit of a pain though. Like the newer Cisco devices, Sonicwalls can take part in OSPF routing if you use that at your university. However, you are out of luck if you need to do EIGRP. One feature that really works good in our environment is the Layer-2 bridge mode. With this mode, you can drop the device right on the network without the need to change routing or addressing schemes. In fact, if your PIX devices are working ok for you, you can open up the firewall on the Sonicwall devices and just use it to inspect traffic for AV/IPS/ and Anti-Spyware. One thing you will likely miss though is the Cisco tech support. Service contracts and such are much easier to manage with the Sonicwall devices, but their phone and email support is not up to par with the quality of the Cisco engineers you might have dealt with in the past. In general, I'd call the tech support 'average', or what you would get with most vendors. -- James Cooley Information Security Officer Florida Institute of Technology From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kellogg, Brian D. Sent: Tuesday, July 28, 2009 10:33 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Sonicwall NSA 4500 We are getting close to a decision point on our firewall upgrade. I wanted to ask the group for anyone's experiences with Sonicwall's newer NSA firewall. We have run PIX firewalls for years without serious issues, but I am very interested in the added security features the NSA firewalls from Sonicwall offer at a much lower price point than Cisco. My preference is to have separate boxes for separate tasks, but since that cannot be a reality here due to budget Sonicwall seems to fit the bill when it comes to gateway AV, VPN, and IPS services. Still on the fence though... Thank you, Brian Kellogg Network Services Manager St. Bonaventure University 716-375-4092
Current thread:
- Sonicwall NSA 4500 Kellogg, Brian D. (Jul 28)
- <Possible follow-ups>
- Re: Sonicwall NSA 4500 James Cooley (Jul 28)