SonicWall vs cisco vpn firewall

Posted on 2009-02-17
Last Modified: 2012-08-13
i have 25 remote locations with 2-5 users in them. i have quotes for a cisco asa 5510 at the HQ and cisco 881 routers at remote sites. i also have a quote for Sonicwall NSA 3500 at HQ and TZ190 at remote sites. I need a VPN setup between here and sites for timeclock, and another app via browser. Can anyone offer any suggestions/insight on Sonicwall, i know nothing of them and just wanted opinions on reliablity, setup, support, etc. they are cheaper but have heard they are "better" then cisco but that is from salesy folk.....just wondering if anyone can back that up.  Any help would be greatly appreciated.
Question by:korymolo
    LVL 4

    Assisted Solution

    I would take Cisco over Sonicwall in a hear beat.  I despise the licensing for Sonicwall which you don't have with Cisco's.  I just prefer Cisco's
    Kelly W.
    LVL 8

    Assisted Solution

    You also have greater control over a Cisco router as far as tailoring it to your needs.
    For example you can do some weird and wonderful things with ACLs on a Cisco that you cannot do on a Sonicwall.
    LVL 9

    Assisted Solution

    if you have any say in the purchase go with Cisco...
    the Cisco ASA 5510 offers quite a few features such as IPS, Web VPN, REMOTE ACCES VPN, SITE TO SITE VPN, etc, as does Sonic, but how many job descriptions for your future do yiou see ... " experience with Sonic Firewall.." no you see ".. experience in Cisco..."
    ke p yourself in the game :)
    LVL 16

    Accepted Solution

    The big question here is, do you know and understand Cisco IOS?

    If not, it's a HUGE learning  curve, whic you just don't have with the Sonic.

    (Sonicwall still requires a learning process, i'm not going to try to kid you it's all simple and obvious, they're very powerful boxes and that means lots of options and learning how they interoperate)

    Also, if your remote sites are 2-5 users, check out TZ150, probably more than enough, save a few quid over the 170s. Also, subject to more info on what you have at Head Office, I would suggest the 3550 is also similarly over-specc'd and you could get away with a smaller unit happily.


    If your remote access aps are web based as I infer your description to mean, you have a third option. Instead of traditional VPN, you could use SSL-VPN. This means you would need NO special software on the remote sites and no fancy firewall, just a basic cable/DSL router with built in ordinary firewall.   Moreover, you don't need to "host" the VPN sessions on the head office firewall so you can down-spec that.

    e.g. again without knowing more about your head office requirement but assuming that only this app drives it,. you could run the head office with a Sonicwall TZ190TS, the remote sites with just Zyxel Prestige 661s or similar, and then add a Sonicwall SSL-VPN appliance to the head office network.

    The SSL-VPN model is to provide a *secure* (by certificate, etc) pipe between the browser and the VPN appliance. Once the tunnel is established, the remote user's credentials verified, etc., then the remote user is permitted browser access to the local apps. Moreover, even if your apps require MORE than browser level access, there are still toolsets to enable wider access to the host services.

    You really need to get a demo to prove that the system is good enough for your intended services. Talk to your local Sonicwall Partner for a demo of Sonicwall SSL-VPN. Or look at using, say, a Zywall USG300 which is a full firewall with SSL-VPN capability built in.

    LVL 9

    Assisted Solution

    Good answer Ccomley  --> it's a very opened ended question - it's actually research and I recommend the person submittingthe question gather facts and demos, before we can assist h/her.

    Author Closing Comment

    thanks for all the input...think i will setup demos of each and go from there...just wanted opionions and got that!! Thanks all!

    Expert Comment

    I have used NSA 3500's and 5510s. The SonicWall is far cheaper than the Cisco. Also its IPS/IDS/GAV/GAS is far quicker than the 5510 will ever be.

    Simplicity of setup is also in favour of the SonicWall over the Cisco and so is making changes. The only advantage i see in the Cisco is that its implementation of VPN Client (software) is better than SonicWall.

    Other than that we have replaced several Cisco PIX firewalls with NSA 2400/3500's and have been very happy with their performance, support, managability and reliablity. On top of this the licensing and support is approx half the cost of Cisco.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
    We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now