Sonicwall Model advice , TZ600 VS NSA 2600 - Which one to buy?

I am looking to replace an older Cipafilter firewall with a Sonicwall and am trying to select the proper unit for the network. I don't want to under power, but also don't want to buy overkill either. The network is a K-8 network, gigabit switches, 50mbps internet, about 100 nodes with around 255 users made up of staff and students. The TZ600 looks to be much more powerfull than TZ units of yesteryear. Any suggestions or ideas appreciated.
TechNDAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

carlmdCommented:
The difference in price between the two units is about $200 for purchase with 1 year CGSS. Given that, I would go with the NSA2600 since it has more gigabit interfaces, a faster processor, and higher (25%) throughput.

For the small up front cost difference, always choose on the side of more.
0
btanExec ConsultantCommented:
For Sonicwall, as replacement to Cipafilter, the Content Filtering Service (CFS) is required minimally and it ensures compliance with the CIPA. The required minimal firmware version of SonicOS 5.x and later. Also the reporting necessary to comply with CIPA, you will need the SonicWALL's Global Management System (GMS) and Analyzer reporting package. These are sold separately.

Actually TZ and NSA both are UTM which on par on security capability and controls. There is a real time demo of the UI, the TZ and NSA are quite similar. Ref - https://realtime.demo.sonicwall.com/main.html 

But most will take NSA series for growth to scale up in throughput and performance for long term plan. The TZ series is more suited for an office or SME probably with less than 40-50, the NSA will be an oversized. But we do need to note also the Sonicwall security bundles (like above mentioned CFS) subscription cost much more for the NSA series than the TZ so you will want to take that into account.

For NSA, taking reference the 50mbps internet, 2600 can be oversized as 220 and 250M (these has integrated wireless) can suffice with the throughput. However, I notice that you stated 100 nodes and 255 user. So having to assess the SSO concurrent users and VPN clients, and taking a worst case situation for all user and nodes to come in at the same time loading the box, we may need (for safe handling of those connections) to pump up the model to 3600 though it can be really oversized in term of throughput aspects. Ref - http://www.firewalls.com/firewall/sonicwall-firewall/sonicwall-nsa/sonicwall-nsa-comparison

What about TZ series? Using the same analysis, the TZ series cannot fulfill the max VPN client as you see the max is up to 25. Otherwise, TZ300 is a minimal.
Ref - http://www.sonicwall.com/us/en/products/TZ-Series.html#tab=comparison

There is a good discussion in past EE that you may be of interest though it is talking about TZ upgrade to NSA Ref - http://www.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_28243239.html

Actually another candidate is Fortinet
Ref - http://www.optrics.com/downloads/fortinet/Fortinet-Product-Matrix.pdf
0
TechNDAuthor Commented:
In past years this was an easier choice for me. I always went with the NSA series, usually the 2400. However, I understand that the NSA series is due for a refresh soon. The newer TZ units have only been out for around 3 months, and they really have been made more powerful. The specs are quite impressive when doing a side by side comparison with the 2600 vs the TZ 600. For instance the newer TZ 600's have (4) 1.4ghz processors compared to the 2600's (4) 800mhz processors. On the newest spec sheet the TZ 600 has a total of 10 1xgb interfaces vs the 2600's 8. Those are a couple of categories only but if you do the side by side using the newest available information  they are very close in many categories. The cost difference that I have been seeing and have been quoted is about $1000 between the 2 units.
This is what makes the choice so difficult. Do I buy an NSA when it is at or near the end of its current life cycle, or by the newer (to the TZ Series) more powerful, amped up TZ 600?
VPN is not a consideration in our scenario.
0
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

btanExec ConsultantCommented:
Yap agreed, the capabilities are more on par just the cost differs quite a far distance as mentioned. So if VPN is not that instance, I will preferred TZ as well. And probably we can consider higher spec than TZ600 since we are still saving cost as compared to NSA 2600.
But do seek infra and apps team advice as well for long term planning as typicall for remote user, VPN is a secure means back to reach the internal resource.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
carlmdCommented:
One more piece of info for you. Dell just dropped the price of the NSA2600 by approximately $500. So, when you but it, make sure you get the "new" deal and not the old price.
0
btanExec ConsultantCommented:
thanks for sharing and since price is dropped, may ask for options on higher grade models too for comparison and better deals - I bet they will also will want to push off the newer model...
0
TechNDAuthor Commented:
Well it was a tough decision. Most seemed to be nudging my decision toward the NSA. Btan referenced a past discussion on EE which led me to a page at Dell that had a Firewall Comparison and Product Selector. The selector drops the TZ 600 at a max of 50 nodes. Being that the client has over 100 nodes, this tipped the scales in favor of the NSA series firewall. Thanks to everyone for your time, considerations, and comments on this.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.