SonicWall NSA 220 vs Fortigate 100D - FIGHT!

I am looking to replace my dated UTM device.  I local vendor is suggesting the SonicWall NSA 220 Series and CDW is suggesting a Fortinet Fortigate 100D.  

Our office consists of about 40 users with desktops.  We are a BOYD shop so I am sure that there are some cellphones, iPads and other devices hoping on and off our wireless network throughout the day.  We also have 5 outside sales guys that use a VPN to get onto our network.  

During my research I found the following (however it was a site pushing SonicWalls):
Some reasons why SonicWALL is better:

1. Limited Proxy – based AV Scanning FortiGates using proxy-based AV scanning have file size limitations and performance-limiting intellectual property and hardware. Files larger than the buffer are passed without being scanned or are blocked. SonicWALLs have no such file size limitations.

2. Basic Application Management – SonicWALL's running SonicOS 5.6.4 and later with Application Intelligence, Control and Visualization provide a comprehensive set of application management capabilities. FortiGates are limited to very basic allow, block and log. Also, SonicWALLs have 3x as many application signatures as FortiGates.

3. Inadequate File and Protocol Scanning – FortiGates scan only a portion of each file for malware across just 11 protocols. SonicWALLs scan the entire file over 50+ protocols.

4. Poor Distributed Wireless Functionality – FortiWiFis offer few wireless features. SonicWALLs provide many more such as Lightweight Hotspot Messaging, Wireless Guest Services and others.

5. Costly Central Management – You will need to purchase and run FortiManager and FortiAnalyzer together to get the equivalent features of SonicWALL GMS.

6. No IPv6 or ICSA Enterprise Firewall Certification – While FortiGates may support IPv6, SonicWALL NSA and E-Class NSA Series appliances are IPv6 certified. In addition, SonicWALL is the first network security vendor to receive ICSA Enterprise Firewall certification. Fortinet products have no such certification.

7. Poor Anti-Spam Options – The FortiGate email filter service is limited to three dynamically-updated techniques (IP Reputation, Message body URL check and Message body content signatures). SonicWALL Comprehensive Anti-Spam Service utilizes 3x as many techniques including those.

8. One-way Anti-Spyware Protection – FortiGates monitor only inbound traffic for spyware, not outbound. SonicWALLs monitor and block spyware in both directions.

9. Restricted 3G Availability – Only low-end FortiGates (80 Series and below) have 3G wireless WAN failover. SonicWALL includes 3G across all firewall lines.

10. Lack L2TP Server Support for Handheld Devices – FortiGates lack L2TP Server, so handhelds are unable to connect to the firewall. SonicWALLs include built-in L2TP Server.

I am VERY green when it comes to this stuff so I am turning to you for suggestions.  The Fortigate costs a bit more money but I don't have a problem with that as long as it is money well spent.  So what are your thoughts on which device that I should go with?
csimmons1324IT ManagerAsked:
Who is Participating?
Joseph UndisNetwork and Systems AdministratorCommented:
While I haven't worked with many FortiGate devices, I have a few and I've found SonicWall much easier to manage in the long run and I'm actually deploying an NSA220 next week to replace an old SonicWall TZ210.

 I'm a big fan of the wireless management integration and easy GUI, but if you ever have an issue that is something you can't fix, expect hours of phone calls.

The devices and UI are the best I've used, but 20 hours of calls over 2 weeks to fix an iintermittent WiFi issue was pretty lame.
JAN PAKULAICT Infranstructure ManagerCommented:
SonicWall NSA 220 both hands - i actually have nsa 220 nsa250m and  nsa3500

yearly subscriptions are pricey with sonicwall (to get all the feature you will have to pay)

but IMHO it is money well spend

I am using Fortinet's Fortigate 100-d for multiple wan links and 60D/B with two wan ports. , with fault tolerance and load balancing.

Fortinet is market leader in its segment according gartner.

about 200 users, 100 d handling every thing fine,
at the moment we are using couple of site to site vpns with multiple wan links in ft, &  nlb,
35 remote users are using ssl vpn to connect,
Internet proxy for all internal users, with logging
content filtering,
16gb Internal storage.

you can have two similar devices in high-availability mode, log analayser can also be added for logging and analysis.

If you are a windows server admin, the GUI is easy enough, although some things needs getting used to , if you are a cli person, the command prompt is very powerful, but also quite different from Cisco.

both sonicwall and fortigate are good enough, but gartner put them on top for good reason.
read the report care fully and completely as it will clear lot of questions, specially the strengths ans cautions of each vendors.
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!


We are using Fortigate and no issues at all. As far as I know Fortigate is feature rich device compared to any NGFW/UTM device. The above competitive info you mentioned are from Sonicwall website and those are false now when we did POC. Fortigate supports flow based scanning as well (no file limit) and AD integration and Fortiview reporting is ultimate for our setup.

Comparison list from every vendor will be different. I recommend you to do POC and opt for best suite your needs.

Good Luck!
I have a few SonicWalls, couple of Cisco ASA, and a single Fortigate at different sites.  Biggest advantage to the Fortigate site:  they can bandwidth limit each client.  On our Sonicwalls, we can't limit a single device to a set amount of bandwidth (say, 512Kbps or 1Mbps).  It really helps when you have dozens or hundreds of people on your guest wireless.

Sonicwalls are pretty easy to maintain by sysadmins with little firewall experience, as long as you keep up the support for the first year or two.  It really helps to have an engineer walk you through a task, or just take over and do it for you.

If you're a small shop, Sophos is giving away Astaro UTM free for small business use (small environments).  You can install on spare desktop/server hardware, or run as a VM.

I have a hardware/appliance Astaro with only limited features running.  Web interface is fairly easy to learn, like Sonicwall.  Support is highly recommended, but probably not required.  I'm thinking about re-purposing an old desktop at home and setting up my own UTM for free.
csimmons1324IT ManagerAuthor Commented:
Thanks for all the great feedback!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.