Upgrading to SonicWall NSA from TZ series

We are looking to upgrade our TZ200 to the NSA 250M series. However, I am not qualified to do this by myself. Where can I find a vendor who could facilitate this purchase and implementation in the SF Bay Area? Looking on Google only gets me to Dell and they don't do what I want in terms of hands on assistance.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Blue Street TechLast KnightCommented:
Hi BettR,

We can...we are Silver Medallion Partners with SonicWALL! I will walk you through the whole process, options and all and explain everything. We can have it shipped next day and will have it setup on premise.
Blue Street TechLast KnightCommented:
How can I help you?
BettRAuthor Commented:
Thank you for your response. I have been trying to determine if we actually do need the NSA equipment or if the TZ 215 would work for our purposes. Dell Tech Support was particularly unhelpful when I posed this question: how can I tell if we need more throughput than what is being provided by our current equipment? We get our internet access from Comcast with a promised 50mgs down and 10 up. I do know that the throughput on the TZ 200 is 35Mbps and the TZ 215 is 60Mbps. Yet, Dell is insisting we need the more expensive NSA series.

We are a small business and want to provide excellent customer service while maintaining our costs. We have one website hosted, and we use web services to provide rating and contract printing to our customers. I am not yet seeing any issues with traffic jams, but I want to be pro-active and was hoping there was a key to looking at our current logs to determine if we are even close to needing a faster device.

Is this something you could help us with?
Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

Blue Street TechLast KnightCommented:
Sure, I'd be glad to help you!

A few questions and from there I can size this accordingly in terms of meeting your needs and allotting for future growth!

1. What is your current firewall (Make/Model)?
2. How many users do you have at your location?
3. You mentioned a Web Server, any other servers? (not looking for details here but rather generals e.g. 4 servers 1 exchange, others are file, etc.)
4. Is there a need for VPN connectivity?
       • If so, how many users approximately need to connect?
       • Of those approximately how many are connect on Macs vs PCs?
5. Are you planning on purchasing CGSS? I highly recommend it for any size company.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BettRAuthor Commented:
1. SonicWall TZ 200
2. 15 users accessing Google Apps and other internet sites
3. 4D server that transmits data to vendors (xml files or text files); software demo running Bootcamp on mac mini (access is very limited)
4. VPN Users: 3 - 5, but 3 every day. All usage is on Macs.
5. We are using the Comprehensive Security Suite from SonicWall.

If you need more info, I'll get it to you right away.

Blue Street TechLast KnightCommented:
Thank you!

What is the primary reason for upgrading? It is to gain more throughput? You said you're not experiencing traffic jams are there other related issues or features you are looking to get?

Typically we suggest replacing a Security Appliance every 3-5yrs depending on the budget.

FYI: Based on your answers, SonicWALL's product selector suggests a TZ105-NSA 3600, LOL.

Remaining Questions

Do you have access to the firewall? If so, login and tell me what figures you have for the following during peak times under System > Status:
1. CPUs: usage (%)
2. Connections Peak: (#)
3. Connection Usage: usage (%)
See attached image as an example.

If you can't gain access it's not a problem...it would just give me a better understanding of how you are holding up in your current firewall.


I'd recommend the TZ 215 or the NSA 220. I would not consider the NSA 250M. The major difference with the NSA 250M is that it allows you to run gear that your ISP would provide in the form of modules within the firewall. This is not advisable especially for your size company. By doing this, you are in effect transferring the burden & liability the ISP once had onto you. In addition, the unit is ~$850 more than a TZ 215 and has marginally improved performance over the NSA 220.

The only main differences between the two units (TZ 215 vs NSA 220) are as follows:
DPI Throughput - 60 Mbps vs 110 Mbps
SSL-VPN Connections - 10 vs 15
Max Connections - 48,000 vs 85,000

Everything else is pretty much identical or marginally different.


If you are planning on growing to the next ISP plan w/Comcast (75x15 for $149/mo) within the next 3 years then the NSA 220 would be your choice otherwise TZ 215 will be fine. The NSA 220 would cover you in every plan Comcast currently offers (incl. 100x20 for $199/mo) in terms of shear DPI throughput. The TZ would still work great for you guys but you'd be paying for additional download speeds you'd never see but you would be able to take advantage of the upload speed increases. The SSL-VPN is not really a big jump and keep in mind that the connection number is for concurrent use plus you can utilize the same number of Global VPN Clients (GVC) in either model, which are 25 connections. Regarding the Max Connections, given that you are not seeing issues currently in your TZ 210 my educated guess is that it's a moot point - I doubt you're close to your current max connections but the results from the System Status will tell us conclusively. There is about a ~$325 difference between the two base models in price; the NSA 220 being higher.

I will wait for your reply to give you my final recommendation. Let me know if you have any another questions!
Blue Street TechLast KnightCommented:
Did you have any questions with my last post?
BettRAuthor Commented:
Well, now this is strange! I thought I posted a long response with screen shots for your review! And, I now see it is no where to be found. UGH.

I confirmed our Comcast is 50/10. I will be calling to see if there is a better rate for a higher throughput as they are advertising rates that are less the one we are paying for more speed. But that is a different conversation!

At any rate, I have uploaded two screen shots from our current SonicWall configuration per your request. I know there were other things I said in the missing response, but for the life of me cannot remember what they were!

Hoping this one gets saved properly!!
Blue Street TechLast KnightCommented:
Hi Bette,

I hate that! Especially when you've put a lot into your post and poof...gone.

Thank you for the follow and your info. So based on the System Info you provided me your overall connections & CPU usage are still low in all respects - not even remotely close to hitting the max of your current unit. That said, this decision comes down to two questions:
A) Bandwidth. Are you planning on getting more bandwidth, e.g. the next plan Comcast offers would be 75x15 for $149/mo? If yes, I'd recommend the NSA 220 only for the sake of being able to utilize the full amount of bandwidth you'd be paying for. And actually with the SNA 220 you'd be able to utilize Comcast's highest plan (100x20 for $199/mo), should you ever need that. Otherwise, if you are not planning on getting more bandwidth go with the TZ 215 - it's more than robust enough for your org with the consideration of future growth.
B) SSL-VPN Connections. If you need more than 10 simultaneous SSL-VPN connections, I'd recommend the NSA 220 but that only gives you 5 more. Keep in mind these are simultaneous so you could easily have a remote workforce of 20-30 users depending on how frequently they are connecting. If you need more I can supply another solution in addition to this firewall from SonicWALL that would solely handle more SSL-VPN connections - just let me know.

Let me know if you have anymore questions and if you'd like us to purchase and/or install this for you.

BettRAuthor Commented:
Thank you so much for your input and direction. I will discuss all this with my partner and get back to you early next week. We are trying to be pro-active but reasonable in our purchases.

If you can give me some references for installs, I would appreciate it. My partner is a stickler for this stuff even though you have been helping us make informed decisions, he has his requirements!

Also, is your website diverseit.com? When ever I try to navigate to that site, my browser times out.


Blue Street TechLast KnightCommented:
You're welcome! Thanks and I look forward to working with you soon!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.