SonicWall NSA 220 vs Fortigate 100D - FIGHT!

I am looking to replace my dated UTM device.  I local vendor is suggesting the SonicWall NSA 220 Series and CDW is suggesting a Fortinet Fortigate 100D.  

Our office consists of about 40 users with desktops.  We are a BOYD shop so I am sure that there are some cellphones, iPads and other devices hoping on and off our wireless network throughout the day.  We also have 5 outside sales guys that use a VPN to get onto our network.  

During my research I found the following (however it was a site pushing SonicWalls):
Some reasons why SonicWALL is better:

1. Limited Proxy – based AV Scanning FortiGates using proxy-based AV scanning have file size limitations and performance-limiting intellectual property and hardware. Files larger than the buffer are passed without being scanned or are blocked. SonicWALLs have no such file size limitations.

2. Basic Application Management – SonicWALL's running SonicOS 5.6.4 and later with Application Intelligence, Control and Visualization provide a comprehensive set of application management capabilities. FortiGates are limited to very basic allow, block and log. Also, SonicWALLs have 3x as many application signatures as FortiGates.

3. Inadequate File and Protocol Scanning – FortiGates scan only a portion of each file for malware across just 11 protocols. SonicWALLs scan the entire file over 50+ protocols.

4. Poor Distributed Wireless Functionality – FortiWiFis offer few wireless features. SonicWALLs provide many more such as Lightweight Hotspot Messaging, Wireless Guest Services and others.

5. Costly Central Management – You will need to purchase and run FortiManager and FortiAnalyzer together to get the equivalent features of SonicWALL GMS.

6. No IPv6 or ICSA Enterprise Firewall Certification – While FortiGates may support IPv6, SonicWALL NSA and E-Class NSA Series appliances are IPv6 certified. In addition, SonicWALL is the first network security vendor to receive ICSA Enterprise Firewall certification. Fortinet products have no such certification.

7. Poor Anti-Spam Options – The FortiGate email filter service is limited to three dynamically-updated techniques (IP Reputation, Message body URL check and Message body content signatures). SonicWALL Comprehensive Anti-Spam Service utilizes 3x as many techniques including those.

8. One-way Anti-Spyware Protection – FortiGates monitor only inbound traffic for spyware, not outbound. SonicWALLs monitor and block spyware in both directions.

9. Restricted 3G Availability – Only low-end FortiGates (80 Series and below) have 3G wireless WAN failover. SonicWALL includes 3G across all firewall lines.

10. Lack L2TP Server Support for Handheld Devices – FortiGates lack L2TP Server, so handhelds are unable to connect to the firewall. SonicWALLs include built-in L2TP Server.

I am VERY green when it comes to this stuff so I am turning to you for suggestions.  The Fortigate costs a bit more money but I don't have a problem with that as long as it is money well spent.  So what are your thoughts on which device that I should go with?
csimmons1324IT ManagerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Joseph UndisNetwork and Systems AdministratorCommented:
While I haven't worked with many FortiGate devices, I have a few and I've found SonicWall much easier to manage in the long run and I'm actually deploying an NSA220 next week to replace an old SonicWall TZ210.

 I'm a big fan of the wireless management integration and easy GUI, but if you ever have an issue that is something you can't fix, expect hours of phone calls.

The devices and UI are the best I've used, but 20 hours of calls over 2 weeks to fix an iintermittent WiFi issue was pretty lame.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JAN PAKULAICT Infranstructure ManagerCommented:
SonicWall NSA 220 both hands - i actually have nsa 220 nsa250m and  nsa3500

yearly subscriptions are pricey with sonicwall (to get all the feature you will have to pay)

but IMHO it is money well spend

I am using Fortinet's Fortigate 100-d for multiple wan links and 60D/B with two wan ports. , with fault tolerance and load balancing.

Fortinet is market leader in its segment according gartner.

about 200 users, 100 d handling every thing fine,
at the moment we are using couple of site to site vpns with multiple wan links in ft, &  nlb,
35 remote users are using ssl vpn to connect,
Internet proxy for all internal users, with logging
content filtering,
16gb Internal storage.

you can have two similar devices in high-availability mode, log analayser can also be added for logging and analysis.

If you are a windows server admin, the GUI is easy enough, although some things needs getting used to , if you are a cli person, the command prompt is very powerful, but also quite different from Cisco.

both sonicwall and fortigate are good enough, but gartner put them on top for good reason.
read the report care fully and completely as it will clear lot of questions, specially the strengths ans cautions of each vendors.
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!


We are using Fortigate and no issues at all. As far as I know Fortigate is feature rich device compared to any NGFW/UTM device. The above competitive info you mentioned are from Sonicwall website and those are false now when we did POC. Fortigate supports flow based scanning as well (no file limit) and AD integration and Fortiview reporting is ultimate for our setup.

Comparison list from every vendor will be different. I recommend you to do POC and opt for best suite your needs.

Good Luck!
I have a few SonicWalls, couple of Cisco ASA, and a single Fortigate at different sites.  Biggest advantage to the Fortigate site:  they can bandwidth limit each client.  On our Sonicwalls, we can't limit a single device to a set amount of bandwidth (say, 512Kbps or 1Mbps).  It really helps when you have dozens or hundreds of people on your guest wireless.

Sonicwalls are pretty easy to maintain by sysadmins with little firewall experience, as long as you keep up the support for the first year or two.  It really helps to have an engineer walk you through a task, or just take over and do it for you.

If you're a small shop, Sophos is giving away Astaro UTM free for small business use (small environments).  You can install on spare desktop/server hardware, or run as a VM.

I have a hardware/appliance Astaro with only limited features running.  Web interface is fairly easy to learn, like Sonicwall.  Support is highly recommended, but probably not required.  I'm thinking about re-purposing an old desktop at home and setting up my own UTM for free.
csimmons1324IT ManagerAuthor Commented:
Thanks for all the great feedback!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.