Comparing Sonicwall to Fortigate. Any have experience with both?

I am trying to decide between the Fortigate 310b smb/enterprise UTM firewall and the the Sonicwall e4500-series firewall for our company.

We have about 250-300 users typically on the system (with a max of 400), and will need to firewall both our Internet connection and our internal LAN segments.  Because this firewall will also do routing for our network, reliability is extremely important.

Internet connection is 10mbps.  Internal LAN is 100mbps and 1000mbps.

The Sonicwall seems to be quite a bit less expensive than the Fortigate, so that is starting to weigh in its favor.  

However, support and reliability are very important.  I have heard about stability complaints in earlier Sonicwall models.  

Here are my questions:

1.  Any comments on Sonicwall support for their E-series appliances?
2.  Anything that the e-series does not do well?  For example, I read that firewall policies cannot be configured per-port, as they can on the Fortigates.
3.  Any reliability issues on the E-series?  How often do they need to be rebooted?
4.  Any particular successes with your E-series Sonicwalls?
5.  Any reason you prefer the Sonicwall over the Fortigate?

I'm trying to gather enough info to see if there is a good reason to use Sonicwall over Fortigate.  


Who is Participating?

Improve company productivity with a Business Account.Sign Up

ccomleyConnect With a Mentor Commented:
w.r.t. Sonicwall only:-

1) Nope - the Sonicwall can act as DHCP server or not (leaving it to another server or servers). The sonic CAN isolate the segments, however, so that the computers on Lan-A can onyl see the DHCP server on LAN-A, etc...

2) Yes.

3) Yes. Sonicwall use eexactly this layout for connecting their own SSL-VPN and Email Scanning appliances.

4) Support is worldwide. They're currently changing it, introducing MORE call centres. Centress are operated on "follow the sun", so who answers your query depends when you call. If you call when it's 2am where you are but 10am in EU, say, you'll probably end up speaking to someone in the EU call centre. But all calls are logged centrally, i.e. if you call back the next day and speak to someone in California, they can access all the info on the problem.

I can't comment on the Foritgate at all but we've been selling Sonicwalls for YEARS.

- reliability - we have had no significant issues with any Sonicwall from the basic SOHO boxes upwards. There will always be the odd one that breaks, of course, but it's a low percentage, and they're ALWAYS covered by next-day-swapout during initial warranty period OR for as long as you continue to pay the 8x5 or 24x7 support licence. That's worth remembering...

- policies per port? It's a very flexible system. You can put interfaces in zones, configure rules between zones, so yes, if you put each interface in a zone you can control to that level.  If you have a *specific* requirement i suggest you ask a specific question! :-)

- should NEVER need rebooting. If you find you want to upload new firmware that needs reboot, of course, but that's entirely under your control to schedule and perform the upgrade, nothing is done without your confirmation.

PhireWallAuthor Commented:
Thanks for the response.  Appreciate the feedback.

Here are some specific questions I'm trying to resolve. . .

Can I do the following. . .?

1.  Assign multiple/separate DHCP servers on different ports, such that one segment is say,, another is, ?  We have segmented our LAN into 3 distinct subnets, and wanted to know if I could also administer these subnets on the Sonicwall.

2.  Create "virtual domains" on the ports with different sets of firewall rules on each port, and with the ability to route or not route from one virtual domain to another.  For example, have one port just filter for IPS/IDS, then another port filter for IPS/IDS and antivirus, etc.

3.  We want to use the firewall in conjunction with a separate URL filter (Lightspeed Systems).  So, this would require us to have the 3 network segments terminate on the Sonicwall and route out of the Sonicwall to the Lightspeed server, and then back into the Sonicwall for the default route to the Internet. Possible?

4.  Is support handled in/out of the US?  I am concerned that it would be difficult to get good support when needed.

Thanks for any further input you can add.

PhireWallAuthor Commented:
Thanks!  Appreciate the thorough response.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.