Editor's note: This article has been updated for accuracy regarding platform support and pricing.
The Dell SonicWall Network Security Appliance (NSA) Series could be considered one of the creators of the UTM industry. Even though the market has evolved considerably since those early days, Dell still offers a very robust UTM product set, many of which are appropriate for enterprises.
In this security product review, we look at Dell's eight SonicWall models -- NSA 6600, NSA 5600, NSA 4600, NSA 3600, NSA 2600, NSA 2400, NSA 250M and NSA 220 -- to fulfill the needs of various sized businesses. Some models have 10 Gigabit Ethernet connectors while others just have a single gigabit port. The rated firewall inspection throughput ranges from 600 Mbps to 12 Gbps, which may not be sufficient for larger network configurations.
The range of supported site-to-site VPN tunnels varies from 25 on the smallest unit to 6,000 on the largest box. While some models are relatively new, know that SonicWall has been in the UTM business from the earliest days, practically creating the category before it was acquired by Dell.
Dell was a UTM market leader in the early days, when it only sold small and midsized business units. However, as it grew to offer larger and more capable boxes, Dell has had a harder time adjusting its features and functions to the enterprise market. For example, it offers a confusing series of menu choices on enterprise-class devices that will take some work to sort out. There are also separate menus for protecting against SYN floods and distributed denial-of-service attacks that require adjusting a series of timeout and threshold parameters.
One nice feature of the NSA series is that there is no maximum file attachment size for the antimalware scanner since it looks at the entire packet as it streams by the box. Some of its competitors place email file attachments in memory before they are scanned.
The SonicWall products come with each port set up independently, but enterprises can add what are called "PortShield groups" to turn a box into a single network switch. Organizations can also set up the box to automatically forward NetBIOS protocols across subnets (to make it easier to build a flat network to handle Windows file and printer sharing, for example).
Another great feature Dell offers is online demos of all of its products, so you can experience the product's user interface first-hand without going to the trouble of putting a test box in your environment. Additionally, setting up its high-availability feature is simple, with just a few checkboxes to select. Finally, SonicWall supports deep packet inspection over SSL connections, something not every UTM offers.
But also note...
SearchSecurity's UTM how-to-buy guide
An intro to buying a unified threat management appliance
Product review: Check Point UTM
Product review: Juniper Networks' SRX Series
The two smallest SonicWall NSA units come with integrated wireless controllers; the larger units do not. Until recently, Dell supported only Windows SSL VPN connections, but has added Mac, IOS and Android clients, making it more in line with what competitors offer. Another potential issue is that unlike several of its competitors, some SonicWall ports are tied to particular network zones and can't be changed via its software configuration. This limits the cabling flexibility if you don’t have a switch in front of the UTM box.
The smallest unit, SonicWall NSA 220, is suitable for branch and small offices and starts at $1,095 for the basic software configuration but can quickly rise beyond $1700 when you add in the first year's subscriptions. The largest unit, NSA 6600, starts at $19,995 and subscriptions can add another $10,000 to the first year cost. Dell provides a very nice online pricing calculator that shows businesses the costs of various software add-ons.
Dell also offers two categories of support available for an annual subscriptions: The Gold-level support is available on the larger units that provides 24x7 telephone access, and Silver-level support for the smaller units provides only daytime access. Both add about a third of the initial purchase price without any other options.
About the author:
David Strom is a freelance writer and former editor in chief of several information technology publications. He has written for many TechTarget properties since 2000. His blog can be found at strominator.com and is @dstrom on Twitter.
Author's note: The contributor does not have a paid relationship with any of the vendors mentioned in this article.