SonicWall NSA 220 vs Fortigate 100D - FIGHT!

Posted on 2014-09-26
Last Modified: 2014-10-03
I am looking to replace my dated UTM device.  I local vendor is suggesting the SonicWall NSA 220 Series and CDW is suggesting a Fortinet Fortigate 100D.  

Our office consists of about 40 users with desktops.  We are a BOYD shop so I am sure that there are some cellphones, iPads and other devices hoping on and off our wireless network throughout the day.  We also have 5 outside sales guys that use a VPN to get onto our network.  

During my research I found the following (however it was a site pushing SonicWalls):
Some reasons why SonicWALL is better:

1. Limited Proxy – based AV Scanning FortiGates using proxy-based AV scanning have file size limitations and performance-limiting intellectual property and hardware. Files larger than the buffer are passed without being scanned or are blocked. SonicWALLs have no such file size limitations.

2. Basic Application Management – SonicWALL's running SonicOS 5.6.4 and later with Application Intelligence, Control and Visualization provide a comprehensive set of application management capabilities. FortiGates are limited to very basic allow, block and log. Also, SonicWALLs have 3x as many application signatures as FortiGates.

3. Inadequate File and Protocol Scanning – FortiGates scan only a portion of each file for malware across just 11 protocols. SonicWALLs scan the entire file over 50+ protocols.

4. Poor Distributed Wireless Functionality – FortiWiFis offer few wireless features. SonicWALLs provide many more such as Lightweight Hotspot Messaging, Wireless Guest Services and others.

5. Costly Central Management – You will need to purchase and run FortiManager and FortiAnalyzer together to get the equivalent features of SonicWALL GMS.

6. No IPv6 or ICSA Enterprise Firewall Certification – While FortiGates may support IPv6, SonicWALL NSA and E-Class NSA Series appliances are IPv6 certified. In addition, SonicWALL is the first network security vendor to receive ICSA Enterprise Firewall certification. Fortinet products have no such certification.

7. Poor Anti-Spam Options – The FortiGate email filter service is limited to three dynamically-updated techniques (IP Reputation, Message body URL check and Message body content signatures). SonicWALL Comprehensive Anti-Spam Service utilizes 3x as many techniques including those.

8. One-way Anti-Spyware Protection – FortiGates monitor only inbound traffic for spyware, not outbound. SonicWALLs monitor and block spyware in both directions.

9. Restricted 3G Availability – Only low-end FortiGates (80 Series and below) have 3G wireless WAN failover. SonicWALL includes 3G across all firewall lines.

10. Lack L2TP Server Support for Handheld Devices – FortiGates lack L2TP Server, so handhelds are unable to connect to the firewall. SonicWALLs include built-in L2TP Server.

I am VERY green when it comes to this stuff so I am turning to you for suggestions.  The Fortigate costs a bit more money but I don't have a problem with that as long as it is money well spent.  So what are your thoughts on which device that I should go with?
Question by:csimmons1324

Accepted Solution

Joseph Undis earned 100 total points
ID: 40346655
While I haven't worked with many FortiGate devices, I have a few and I've found SonicWall much easier to manage in the long run and I'm actually deploying an NSA220 next week to replace an old SonicWall TZ210.

 I'm a big fan of the wireless management integration and easy GUI, but if you ever have an issue that is something you can't fix, expect hours of phone calls.

The devices and UI are the best I've used, but 20 hours of calls over 2 weeks to fix an iintermittent WiFi issue was pretty lame.
LVL 14

Assisted Solution

JAN PAKULA earned 100 total points
ID: 40346949
SonicWall NSA 220 both hands - i actually have nsa 220 nsa250m and  nsa3500

yearly subscriptions are pricey with sonicwall (to get all the feature you will have to pay)

but IMHO it is money well spend

Assisted Solution

great_gentle_man earned 100 total points
ID: 40347250

I am using Fortinet's Fortigate 100-d for multiple wan links and 60D/B with two wan ports. , with fault tolerance and load balancing.

Fortinet is market leader in its segment according gartner.

about 200 users, 100 d handling every thing fine,
at the moment we are using couple of site to site vpns with multiple wan links in ft, &  nlb,
35 remote users are using ssl vpn to connect,
Internet proxy for all internal users, with logging
content filtering,
16gb Internal storage.

you can have two similar devices in high-availability mode, log analayser can also be added for logging and analysis.

If you are a windows server admin, the GUI is easy enough, although some things needs getting used to , if you are a cli person, the command prompt is very powerful, but also quite different from Cisco.

both sonicwall and fortigate are good enough, but gartner put them on top for good reason.
read the report care fully and completely as it will clear lot of questions, specially the strengths ans cautions of each vendors.
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.


Assisted Solution

myramu earned 100 total points
ID: 40347804

We are using Fortigate and no issues at all. As far as I know Fortigate is feature rich device compared to any NGFW/UTM device. The above competitive info you mentioned are from Sonicwall website and those are false now when we did POC. Fortigate supports flow based scanning as well (no file limit) and AD integration and Fortiview reporting is ultimate for our setup.

Comparison list from every vendor will be different. I recommend you to do POC and opt for best suite your needs.

Good Luck!
LVL 32

Assisted Solution

aleghart earned 100 total points
ID: 40351333
I have a few SonicWalls, couple of Cisco ASA, and a single Fortigate at different sites.  Biggest advantage to the Fortigate site:  they can bandwidth limit each client.  On our Sonicwalls, we can't limit a single device to a set amount of bandwidth (say, 512Kbps or 1Mbps).  It really helps when you have dozens or hundreds of people on your guest wireless.

Sonicwalls are pretty easy to maintain by sysadmins with little firewall experience, as long as you keep up the support for the first year or two.  It really helps to have an engineer walk you through a task, or just take over and do it for you.

If you're a small shop, Sophos is giving away Astaro UTM free for small business use (small environments).  You can install on spare desktop/server hardware, or run as a VM.

I have a hardware/appliance Astaro with only limited features running.  Web interface is fairly easy to learn, like Sonicwall.  Support is highly recommended, but probably not required.  I'm thinking about re-purposing an old desktop at home and setting up my own UTM for free.

Author Closing Comment

ID: 40359779
Thanks for all the great feedback!

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

 One of the main issues with network wires is that you never have enough.  You run plenty and plan for the worst case but you still end up needing more.  What many people do not realize is with 10BaseT and 100BaseT (but not 1000BaseT) networks you …
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question