SonicWall NSA 220 vs Fortigate 100D - FIGHT!

Posted on 2014-09-26
Last Modified: 2014-10-03
I am looking to replace my dated UTM device.  I local vendor is suggesting the SonicWall NSA 220 Series and CDW is suggesting a Fortinet Fortigate 100D.  

Our office consists of about 40 users with desktops.  We are a BOYD shop so I am sure that there are some cellphones, iPads and other devices hoping on and off our wireless network throughout the day.  We also have 5 outside sales guys that use a VPN to get onto our network.  

During my research I found the following (however it was a site pushing SonicWalls):
Some reasons why SonicWALL is better:

1. Limited Proxy – based AV Scanning FortiGates using proxy-based AV scanning have file size limitations and performance-limiting intellectual property and hardware. Files larger than the buffer are passed without being scanned or are blocked. SonicWALLs have no such file size limitations.

2. Basic Application Management – SonicWALL's running SonicOS 5.6.4 and later with Application Intelligence, Control and Visualization provide a comprehensive set of application management capabilities. FortiGates are limited to very basic allow, block and log. Also, SonicWALLs have 3x as many application signatures as FortiGates.

3. Inadequate File and Protocol Scanning – FortiGates scan only a portion of each file for malware across just 11 protocols. SonicWALLs scan the entire file over 50+ protocols.

4. Poor Distributed Wireless Functionality – FortiWiFis offer few wireless features. SonicWALLs provide many more such as Lightweight Hotspot Messaging, Wireless Guest Services and others.

5. Costly Central Management – You will need to purchase and run FortiManager and FortiAnalyzer together to get the equivalent features of SonicWALL GMS.

6. No IPv6 or ICSA Enterprise Firewall Certification – While FortiGates may support IPv6, SonicWALL NSA and E-Class NSA Series appliances are IPv6 certified. In addition, SonicWALL is the first network security vendor to receive ICSA Enterprise Firewall certification. Fortinet products have no such certification.

7. Poor Anti-Spam Options – The FortiGate email filter service is limited to three dynamically-updated techniques (IP Reputation, Message body URL check and Message body content signatures). SonicWALL Comprehensive Anti-Spam Service utilizes 3x as many techniques including those.

8. One-way Anti-Spyware Protection – FortiGates monitor only inbound traffic for spyware, not outbound. SonicWALLs monitor and block spyware in both directions.

9. Restricted 3G Availability – Only low-end FortiGates (80 Series and below) have 3G wireless WAN failover. SonicWALL includes 3G across all firewall lines.

10. Lack L2TP Server Support for Handheld Devices – FortiGates lack L2TP Server, so handhelds are unable to connect to the firewall. SonicWALLs include built-in L2TP Server.

I am VERY green when it comes to this stuff so I am turning to you for suggestions.  The Fortigate costs a bit more money but I don't have a problem with that as long as it is money well spent.  So what are your thoughts on which device that I should go with?
Question by:csimmons1324

Accepted Solution

Joseph Undis earned 100 total points
ID: 40346655
While I haven't worked with many FortiGate devices, I have a few and I've found SonicWall much easier to manage in the long run and I'm actually deploying an NSA220 next week to replace an old SonicWall TZ210.

 I'm a big fan of the wireless management integration and easy GUI, but if you ever have an issue that is something you can't fix, expect hours of phone calls.

The devices and UI are the best I've used, but 20 hours of calls over 2 weeks to fix an iintermittent WiFi issue was pretty lame.
LVL 14

Assisted Solution

JAN PAKULA earned 100 total points
ID: 40346949
SonicWall NSA 220 both hands - i actually have nsa 220 nsa250m and  nsa3500

yearly subscriptions are pricey with sonicwall (to get all the feature you will have to pay)

but IMHO it is money well spend

Assisted Solution

great_gentle_man earned 100 total points
ID: 40347250

I am using Fortinet's Fortigate 100-d for multiple wan links and 60D/B with two wan ports. , with fault tolerance and load balancing.

Fortinet is market leader in its segment according gartner.

about 200 users, 100 d handling every thing fine,
at the moment we are using couple of site to site vpns with multiple wan links in ft, &  nlb,
35 remote users are using ssl vpn to connect,
Internet proxy for all internal users, with logging
content filtering,
16gb Internal storage.

you can have two similar devices in high-availability mode, log analayser can also be added for logging and analysis.

If you are a windows server admin, the GUI is easy enough, although some things needs getting used to , if you are a cli person, the command prompt is very powerful, but also quite different from Cisco.

both sonicwall and fortigate are good enough, but gartner put them on top for good reason.
read the report care fully and completely as it will clear lot of questions, specially the strengths ans cautions of each vendors.
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.


Assisted Solution

myramu earned 100 total points
ID: 40347804

We are using Fortigate and no issues at all. As far as I know Fortigate is feature rich device compared to any NGFW/UTM device. The above competitive info you mentioned are from Sonicwall website and those are false now when we did POC. Fortigate supports flow based scanning as well (no file limit) and AD integration and Fortiview reporting is ultimate for our setup.

Comparison list from every vendor will be different. I recommend you to do POC and opt for best suite your needs.

Good Luck!
LVL 32

Assisted Solution

aleghart earned 100 total points
ID: 40351333
I have a few SonicWalls, couple of Cisco ASA, and a single Fortigate at different sites.  Biggest advantage to the Fortigate site:  they can bandwidth limit each client.  On our Sonicwalls, we can't limit a single device to a set amount of bandwidth (say, 512Kbps or 1Mbps).  It really helps when you have dozens or hundreds of people on your guest wireless.

Sonicwalls are pretty easy to maintain by sysadmins with little firewall experience, as long as you keep up the support for the first year or two.  It really helps to have an engineer walk you through a task, or just take over and do it for you.

If you're a small shop, Sophos is giving away Astaro UTM free for small business use (small environments).  You can install on spare desktop/server hardware, or run as a VM.

I have a hardware/appliance Astaro with only limited features running.  Web interface is fairly easy to learn, like Sonicwall.  Support is highly recommended, but probably not required.  I'm thinking about re-purposing an old desktop at home and setting up my own UTM for free.

Author Closing Comment

ID: 40359779
Thanks for all the great feedback!

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now