Looking for a device or technique that can facilitate failover between 2 Sonicwall's (different models).

Posted on 2014-03-12
Last Modified: 2014-11-05
Hello, we have a Sonicwall NSA3500 and 1 high speed connection to our main office and are thinking about adding an NSA4600 and bumping the speed on our primary connection. And adding another connection and using the 3500 as a failover. So being that we can't use Sonicwall's purchased failover plan because it requires 2 identical firewall's we are wondering what techniques we might have available to us. How about the internal Sonicwall failover or a 3rd party hardware failover device (have seen a few of these - any recommendations would be welcome). A hot failover technique would be preffered.
Thanks in advance for any help or ideas.
Question by:540beemer
  • 2
  • 2
  • 2

Assisted Solution

N-W earned 167 total points
ID: 39925473
From a cost perspective, you're better off purchasing another NSA3500. The internal Sonicwall failover/loadbalancing is for redundant WAN connections, not redundant firewalls.

If you were to buy a hardware failover device, that device itself would be a single point of failure which would defeat the purpose.

If you've already got an NSA3500 with high availability license, an additional NSA3500 really makes sense in this situation.
LVL 20

Accepted Solution

carlmd earned 333 total points
ID: 39925942
The NSA3500 is obsolete and replaced by the NSA3600.

I suggest you consider upgrading the NSA3500 to a NSA4600 via Secure Upgrade Plus. The approximate cost for this is $6,600 with 2 year CGSS.

A second NSA4600 HA unit is about $3,150.

Not cheap, but the way to go.

Author Comment

ID: 39930504
OK, N-W, well.. I'm not that worried about cost just the best way, and in my experience the internet circuit  goes down much more frequently than the sonicwall and we have 2 independent circuits. So I want to be able to use the slower circuit and the 3500 to do offsite backups etc, and the 4600 to be the primary business circuit. If the primary circuit goes down however, I want to be able to switch over to the 3500 and at least provide service - even if a little slower. I have seen some devices Ecessa is one, that you can do exactly this on (inbound and outbound failover) but the folks I dealt with their weren't very friendly.. so my quest continues..
I do know that sonicwall provides a simple form of failover in all os-enh's but if I can find one that doesn't have to be manually changed out it would be my preferrence..
btw.. we did have a prolonged outage and we simply took the 4600 out of line and replaced it with a 3600 (which it replaced to begin with) with the exact same config. and it worked fine.
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.


Author Comment

ID: 39930518
Thanks Carlmd - I already have a 4600 and to be honest it seems like sonicwall now dell has developed a way to sell more firewalls.. so I have a 3500 for 4 years and replace it with a 4600 and the 3500 just sits there. If you have like firewall's with like features, why wouldn't they let you run it even if you had to scale it back to basic services. something like the ecessa would cost about the same as a 4600.. ahh but next time I buy a new sonicwall I won't have to buy 2 (and for 10 locations). But if anyone has a better idea, I would love it..

Expert Comment

ID: 39933493
If you want automatic failover/loadbalancing for both of your internet connections, then just a single Sonicwall can achieve this. You just need to setup both WAN connections on the Sonicwall, put them in a load balancing group and ensure your main internet connection is set as the primary. With this setup, if a WAN link goes down it will automatically switch over to the other WAN link.

If you would like to achieve the above, plus high availability for the actual firewall itself, then you'll need to setup two identical Sonicwalls in an HA config and put a switch in between your WAN CPE and the Sonicwalls' WAN ports.
LVL 20

Assisted Solution

carlmd earned 333 total points
ID: 39936474
Unfortunately Sonicwall makes the rules and has the ability to force the issue that only two identical Sonicwalls will do HA. Since you already have a 4600, then you could purchase a second HA unit for the $3,150. I doubt that anything else you might put together using other equipement would be cheaper, and probably not work as well.

Obvioulsy your other choice is to do exactly what you did, that is simply replace the 4600 with the 3500 should it fail. The manual HA option!

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Squid Connection Pools 3 67
Looking for a MFP for a small office network 26 153
amazon fire stick 3 61
Connect two buildings 6 31
In this article we have discussed the manual scenarios to recover data from Windows 10 through some backup and recovery tools which are offered by it.
If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now