Ben, I've asked similar question a while ago and below is the excerpt of what I've got in reply. SonicWALL is very easy to setup and administer; it's not flexible as some other products, however, and support sucks unless you buy a contract. I would NOT recommend it unless you can't afford anything else. Just my $0.02.
Dimitri P.S. The best firewall that I've seen so far (for our environment) was CyberGuard's FireStar. I suggest you take a look at their website http://www.cyberguard.com/SOLUTIONS/Solutions_Product1.html. <<-----Original Message----- From: Peters, Michael [[EMAIL PROTECTED]] Sent: Friday, June 29, 2001 8:58 AM To: [EMAIL PROTECTED] Subject: Re: Firewall Recommendations AAACK!!! ICK! NO! Stay away from SonicWALL!!!!!!!! We have had the SonicWALL DMZ for two years... and it crashes weekly. The 'reboot' which the manual says should take 10-20 seconds takes 5 minutes. If it ever comes back up. We've had corrupted firmware before, too. Their tech support does not exist (web page - fill it out, wait for them to call; phone - IF you can find the number, "leave a message and you'll be added to the support queue at the end of the business day"). Though I guess you can buy premium support at the time of purchase. It claims to be able to handle something like 1400 active connections. Yet... It sends me an error & drops connections once it passes 100. We've only got 13 computers running through the damned thing though! It probably doesn't help that when it's "overloaded" it sends me a message every 30 seconds or so. I'm not kidding, I've gotten hundreds of e-mail 'alerts' from it. Oh, and then there's the issue of configurability. We CANNOT find a way to let machines on the 'LAN' access the server on the 'WAN' even though we opened ports 1-64000 TCP/UDP in both directions and checked all the right boxes. 'IP Spoofs' (forgot to add an 'okay' address to the list) are constant... Again, I get alerted every 30 seconds while it continues. I realize it's supposed to be there for security, but I need to have SOME control over what it does. Especially when it doesn't do what it claims it can! Oh, and within the last month it's started something new. Attempting to access the management interface will crash it instantly. It's a good thing we're only using if for content filtering on public internet stations. As it is, we're desperately looking for a replacement before this thing goes to the dump. And before I have an 'oops' involving shotguns, napalm, etc. -------------------------------------------------------- Michael D. Peters Information Technology Lake Oswego Public Library 706 4th Street Lake Oswego, Oregon 97034 Phone: (503) 675-2537 Fax: (503) 675-2536 http://www.ci.oswego.or.us/library/library.htm -----Original Message----- From: Haeger, John [mailto:[EMAIL PROTECTED]] Sent: Friday, June 29, 2001 8:27 AM To: [EMAIL PROTECTED] Subject: Re: Firewall Recommendations Could I broaden the request a bit ? The pain level has risen to management visibility and we are about to buy our first FW. Apparently Sonic Wall is a contender at the management level based on price. Could anyone comment on the limitations in Sonic Wall. We have two IIS, 1 Exchange, two Novells, expectations of Citrix and remotely accessed SQL 2000, 11 other sites, and a current visitor-hacker. John Haeger Georgia Legal Services Program 404 206 5405 -----Original Message----- From: Dimitri Limanovski [mailto:[EMAIL PROTECTED]] Sent: Friday, June 29, 2001 11:23 AM To: [EMAIL PROTECTED] Subject: OT: Firewall Recommendations Hello all, I am looking for replacement for our "not-so-gracefully-aged" SonicWALL DMZ and would like to hear any suggestions for a new candidate. Here's the list of options I'd like to see in new box: - Stateful packet inspection - NA(P)T - DHCP/DNS Service - IPSec VPN capabilities (both client-to-box and box-to-box) - Auto-update - Content Filtering - and most importantly, ability to create custom rules based on certain triggers: i.e. if someone's running an attack against us I want the firewall to automatically trigger an appropriate action (rule) that I've setup earlier (block offending address for 72 hours for example), instead of emailing me a warning. Any ideas are welcomed. Thanks! Dimitri >> _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
