Security product review: Dell SonicWall NSA UTM

David Strom explains why the feature-rich Dell SonicWall NSA Series of enterprise unified threat management devices may take some getting used to.

Editor's note: This article has been updated for accuracy regarding platform support and pricing.

The Dell SonicWall Network Security Appliance (NSA) Series could be considered one of the creators of the UTM industry. Even though the market has evolved considerably since those early days, Dell still offers a very robust UTM product set, many of which are appropriate for enterprises.

Product specs

In this security product review, we look at Dell's eight SonicWall models -- NSA 6600, NSA 5600, NSA 4600, NSA 3600, NSA 2600, NSA 2400, NSA 250M and NSA 220 -- to fulfill the needs of various sized businesses. Some models have 10 Gigabit Ethernet connectors while others just have a single gigabit port. The rated firewall inspection throughput ranges from 600 Mbps to 12 Gbps, which may not be sufficient for larger network configurations.

The range of supported site-to-site VPN tunnels varies from 25 on the smallest unit to 6,000 on the largest box. While some models are relatively new, know that SonicWall has been in the UTM business from the earliest days, practically creating the category before it was acquired by Dell.

Market position

Dell was a UTM market leader in the early days, when it only sold small and midsized business units. However, as it grew to offer larger and more capable boxes, Dell has had a harder time adjusting its features and functions to the enterprise market. For example, it offers a confusing series of menu choices on enterprise-class devices that will take some work to sort out. There are also separate menus for protecting against SYN floods and distributed denial-of-service attacks that require adjusting a series of timeout and threshold parameters.

Special features

One nice feature of the NSA series is that there is no maximum file attachment size for the antimalware scanner since it looks at the entire packet as it streams by the box. Some of its competitors place email file attachments in memory before they are scanned.

The SonicWall products come with each port set up independently, but enterprises can add what are called "PortShield groups" to turn a box into a single network switch. Organizations can also set up the box to automatically forward NetBIOS protocols across subnets (to make it easier to build a flat network to handle Windows file and printer sharing, for example).

A screenshot of Dell SonicWall's port communication interface. SonicWall's interfaces display shows you at a glance which ports are communicating, making it easier to debug infrastructure issues.

Another great feature Dell offers is online demos of all of its products, so you can experience the product's user interface first-hand without going to the trouble of putting a test box in your environment. Additionally, setting up its high-availability feature is simple, with just a few checkboxes to select. Finally, SonicWall supports deep packet inspection over SSL connections, something not every UTM offers.

Red flag warning: Product issues

SearchSecurity's UTM how-to-buy guide

An intro to buying a unified threat management appliance

Product review: Check Point UTM

Product review: Juniper Networks' SRX Series

The two smallest SonicWall NSA units come with integrated wireless controllers; the larger units do not. Until recently, Dell supported only Windows SSL VPN connections, but has added Mac, IOS and Android clients, making it more in line with what competitors offer. Another potential issue is that unlike several of its competitors, some SonicWall ports are tied to particular network zones and can't be changed via its software configuration. This limits the cabling flexibility if you don’t have a switch in front of the UTM box.

Pricing

The smallest unit, SonicWall NSA 220, is suitable for branch and small offices and starts at $1,095 for the basic software configuration but can quickly rise beyond $1700 when you add in the first year's subscriptions. The largest unit, NSA 6600, starts at $19,995 and subscriptions can add another $10,000 to the first year cost. Dell provides a very nice online pricing calculator that shows businesses the costs of various software add-ons.

Dell also offers two categories of support available for an annual subscriptions: The Gold-level support is available on the larger units that provides 24x7 telephone access, and Silver-level support for the smaller units provides only daytime access. Both add about a third of the initial purchase price without any other options.

TTGT Takeaways
Technology Dell SonicWall Network Security Appliance (NSA) Series of unified threat management (UTM) appliances
Tactics A full suite of security functions wrapped up into one single product, preventing the need to purchase or integrate separate devices.
Good features Combined network switch integration; robust antimalware scanning; deep-packet inspection over SSL; helpful online demos.
Troublesome features Integrated wireless controllers not included in all models; port configuration limitations.

About the author:
David Strom is a freelance writer and former editor in chief of several information technology publications. He has written for many TechTarget properties since 2000. His blog can be found at strominator.com and is @dstrom on Twitter.

Author's note: The contributor does not have a paid relationship with any of the vendors mentioned in this article.

This was first published in June 2014

Dig deeper on UTM Appliances and Strategies

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close