Comparing Sonicwall to Fortigate. Any have experience with both?

Posted on 2009-04-08
Last Modified: 2013-11-22
I am trying to decide between the Fortigate 310b smb/enterprise UTM firewall and the the Sonicwall e4500-series firewall for our company.

We have about 250-300 users typically on the system (with a max of 400), and will need to firewall both our Internet connection and our internal LAN segments.  Because this firewall will also do routing for our network, reliability is extremely important.

Internet connection is 10mbps.  Internal LAN is 100mbps and 1000mbps.

The Sonicwall seems to be quite a bit less expensive than the Fortigate, so that is starting to weigh in its favor.  

However, support and reliability are very important.  I have heard about stability complaints in earlier Sonicwall models.  

Here are my questions:

1.  Any comments on Sonicwall support for their E-series appliances?
2.  Anything that the e-series does not do well?  For example, I read that firewall policies cannot be configured per-port, as they can on the Fortigates.
3.  Any reliability issues on the E-series?  How often do they need to be rebooted?
4.  Any particular successes with your E-series Sonicwalls?
5.  Any reason you prefer the Sonicwall over the Fortigate?

I'm trying to gather enough info to see if there is a good reason to use Sonicwall over Fortigate.  


Question by:PhireWall
  • 2
  • 2
LVL 16

Expert Comment

ID: 24105371
I can't comment on the Foritgate at all but we've been selling Sonicwalls for YEARS.

- reliability - we have had no significant issues with any Sonicwall from the basic SOHO boxes upwards. There will always be the odd one that breaks, of course, but it's a low percentage, and they're ALWAYS covered by next-day-swapout during initial warranty period OR for as long as you continue to pay the 8x5 or 24x7 support licence. That's worth remembering...

- policies per port? It's a very flexible system. You can put interfaces in zones, configure rules between zones, so yes, if you put each interface in a zone you can control to that level.  If you have a *specific* requirement i suggest you ask a specific question! :-)

- should NEVER need rebooting. If you find you want to upload new firmware that needs reboot, of course, but that's entirely under your control to schedule and perform the upgrade, nothing is done without your confirmation.


Author Comment

ID: 24113544
Thanks for the response.  Appreciate the feedback.

Here are some specific questions I'm trying to resolve. . .

Can I do the following. . .?

1.  Assign multiple/separate DHCP servers on different ports, such that one segment is say,, another is, ?  We have segmented our LAN into 3 distinct subnets, and wanted to know if I could also administer these subnets on the Sonicwall.

2.  Create "virtual domains" on the ports with different sets of firewall rules on each port, and with the ability to route or not route from one virtual domain to another.  For example, have one port just filter for IPS/IDS, then another port filter for IPS/IDS and antivirus, etc.

3.  We want to use the firewall in conjunction with a separate URL filter (Lightspeed Systems).  So, this would require us to have the 3 network segments terminate on the Sonicwall and route out of the Sonicwall to the Lightspeed server, and then back into the Sonicwall for the default route to the Internet. Possible?

4.  Is support handled in/out of the US?  I am concerned that it would be difficult to get good support when needed.

Thanks for any further input you can add.

LVL 16

Accepted Solution

ccomley earned 250 total points
ID: 24122207
w.r.t. Sonicwall only:-

1) Nope - the Sonicwall can act as DHCP server or not (leaving it to another server or servers). The sonic CAN isolate the segments, however, so that the computers on Lan-A can onyl see the DHCP server on LAN-A, etc...

2) Yes.

3) Yes. Sonicwall use eexactly this layout for connecting their own SSL-VPN and Email Scanning appliances.

4) Support is worldwide. They're currently changing it, introducing MORE call centres. Centress are operated on "follow the sun", so who answers your query depends when you call. If you call when it's 2am where you are but 10am in EU, say, you'll probably end up speaking to someone in the EU call centre. But all calls are logged centrally, i.e. if you call back the next day and speak to someone in California, they can access all the info on the problem.


Author Closing Comment

ID: 31568319
Thanks!  Appreciate the thorough response.

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: (…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now