Welcome, Guest. Please login or register.

Author Topic: Sonicwall Alternatives  (Read 9500 times)

0 Members and 1 Guest are viewing this topic.

Online MacGyver

  • Administrator
  • Location: Dallas, Texas
  • Posts: 4676
Sonicwall Alternatives
« on: March 20, 2014, 02:13:54 PM »
All of our client locations are on our WAN, and are all attached via Sonicwall secure VPN tunnels.  Therefore if I were to ping a 192.168.1.x address, the packet would route down the tunnel to Sierra-Tango.  If I were to ping a 192.168.2.x address the packet would route to Delta-Mike, etc.  Additionally if I was out of the office, but needed to access a location, I could take my laptop from anywhere and pull up the GVPN Client and attach to any location from outside the office.

It's worked well for 15 years, but ever since Sonicwall was bought by Dell it's gone to Hell.  In the past if you were a real customer with multiple locations, you would open the ticket with Peggy over in India, get a ticket number, then say, "I've got another call, I'll call you back."  Then hang up, call your Channel Account Manager at Sonicwall, give them the ticket number and they'd get you escalated to a real tech at Level III support in Arizona. 

As a result we're looking to make a transition.  It will probably require changing every location across the WAN which is why we have avoided it, but it's time to look for something better.

If you have suggestions for a new security appliance line I'd like to hear them.

We need the ability to have the devices attach by permanent VPN tunnels, and a HUGE issue for most clients is the ability to block web domains by name, as well as be able to block every web location by default and then only open the ones that are allowed.  Gateway Antivirus, Content Filtering, & Intrusion Prevention subscriptions are also desired.

Thanks.
-I'm only here because my flux capacitor is broken.

Offline tonyburkhart

  • Moderator
  • Location: Reynoldsburg Ohio USA
  • Posts: 1026
    • www.teamburkhart.com
Re: Sonicwall Alternatives
« Reply #1 on: March 20, 2014, 04:18:50 PM »
We are a SonicWALL shop too and haven't experienced this, but I totally understand your position. Do you use a VPN concentrator and their built in Content/URL filtering?

I think you'd like this: check out Cyberoam http://www.cyberoam.com
Thanks,
Tony Burkhart
Team Burkhart
www.teamburkhart.com

Online MacGyver

  • Administrator
  • Location: Dallas, Texas
  • Posts: 4676
Re: Sonicwall Alternatives
« Reply #2 on: March 20, 2014, 04:53:58 PM »
Do you use a VPN concentrator and their built in Content/URL filtering?

I think you'd like this: check out Cyberoam http://www.cyberoam.com


Interesting.  I haven't seen their hardware before.  They look more like a managed switch than a gateway firewall.

Yes we're using their Comprehensive Gateway Security Suite at every client location as well as all of ours.  In addition to that, we use the CFS to allow whitelists and blacklists of domains.  Although on one of the last EOL upgrades the rep didn't know his product and upgraded several of our locations from a device that had an option to blanket ban all domains to devices which had no such option at the time.

I think we're about to put the new webserver behind a Cisco PIX.  We'll see how that plays.
-I'm only here because my flux capacitor is broken.

Online MacGyver

  • Administrator
  • Location: Dallas, Texas
  • Posts: 4676
Re: Sonicwall Alternatives
« Reply #3 on: March 20, 2014, 06:29:55 PM »
Hey Tony are you running their Gateway Antivirus?

If so I might ask you to see if you can get to a website for me.
-I'm only here because my flux capacitor is broken.

Offline NFCphoneman

  • Moderator
  • Location: Jacksonville & Gainesville, FL
  • Posts: 696
    • Jacksonville Telephone Systems
Re: Sonicwall Alternatives
« Reply #4 on: March 20, 2014, 08:33:52 PM »
Well, this is not what I want to hear... :016:  I just ordered 5 new Sonicwall's this week for a multi-site project.

Personally, I like PFSense, which is an open-source product.  Probably not what you're looking for though.

Online MacGyver

  • Administrator
  • Location: Dallas, Texas
  • Posts: 4676
Re: Sonicwall Alternatives
« Reply #5 on: March 20, 2014, 10:26:44 PM »
It's not that they're bad Larry, but I will tell you that having used them extensively over the past 15 years, if we can't resolve the problem then we stand little if any chance of getting the issue resolved via their tech support.  Even in the days when Level III support was in Arizona, we had tickets set open for 3+ months and then we'd finally resolve it in house.  The issue is that when we hit a block, it normally requires escalation to R&D which is just next to impossible to get done.  Now that it's Dell it's probably non-existent.

On the plus side, most people will never hit the kind of snags we would hit.

I'm just sick of dealing with Peggy over in India who handles the calls when she isn't answering the phone for Discover Card.
-I'm only here because my flux capacitor is broken.

Online MacGyver

  • Administrator
  • Location: Dallas, Texas
  • Posts: 4676
Re: Sonicwall Alternatives
« Reply #6 on: March 20, 2014, 10:43:46 PM »
Ok Tony I don't know if you've played with the Cyberoam, but they have a simulated firewall on their site where you can log in to configure it, and I've gotta say it kinda rocks. 
-I'm only here because my flux capacitor is broken.

Offline Marc Haycook

  • Administrator
  • Location: Jefferson City, MO
  • Posts: 2675
Re: Sonicwall Alternatives
« Reply #7 on: March 21, 2014, 02:10:45 PM »
Cisco ASA. They are great, but unfortunately they EOL'ed the ASA 5505 - which was the smallest unit and around $400 for a base license. They still make the line, but the least expensive unit is around $1000. It's worth it in my opinion.
Marc Haycook
CCNA
Sport-Touring

Offline NFCphoneman

  • Moderator
  • Location: Jacksonville & Gainesville, FL
  • Posts: 696
    • Jacksonville Telephone Systems
Re: Sonicwall Alternatives
« Reply #8 on: March 21, 2014, 05:12:46 PM »
Unfortunately, a $1000 router is usually out of the budget for what we're doing. 

Stupid question...Do you still have to configure them via a CLI, or can you use a GUI for everything?

Offline tonyburkhart

  • Moderator
  • Location: Reynoldsburg Ohio USA
  • Posts: 1026
    • www.teamburkhart.com
Re: Sonicwall Alternatives
« Reply #9 on: March 21, 2014, 05:35:10 PM »
Hey Tony are you running their Gateway Antivirus?

If so I might ask you to see if you can get to a website for me.
Feel free to PM me or email me with details and I'll help how I can. My business partner is the SonicWALL guru in the shop, so I'll pass it all through him. I know he's had no problems (knock on wood) with support issues, but he's also pretty blunt with them :)

Yeah, from what I've heard the Cyberoam stuff is the bees knees
Thanks,
Tony Burkhart
Team Burkhart
www.teamburkhart.com

Online MacGyver

  • Administrator
  • Location: Dallas, Texas
  • Posts: 4676
Re: Sonicwall Alternatives
« Reply #10 on: March 21, 2014, 07:35:19 PM »
Stupid question...Do you still have to configure them via a CLI, or can you use a GUI for everything?

Larry were you referring to the Sonicwall or the Cisco?  The Sonicwall is all GUI, including a few menus they don't tell you exist.

I think we spec'd a Cisco at the datacenter to go in front of the new webservers, but I'll be looking much closer at that cyberoam for all the gateways across the WAN as we start looking at EOL on all these Sonicwalls.  Maybe it's just me, but it seems like EOL on these happens every time I turn around. 

Marc what is a standard/reasonable life on an a security appliance?
-I'm only here because my flux capacitor is broken.

Online MacGyver

  • Administrator
  • Location: Dallas, Texas
  • Posts: 4676
Re: Sonicwall Alternatives
« Reply #11 on: March 21, 2014, 07:37:03 PM »

but he's also pretty blunt with them :)


Like threaten to execute a cow and serve steaks every hour until they resolve the ticket?
-I'm only here because my flux capacitor is broken.

Offline NFCphoneman

  • Moderator
  • Location: Jacksonville & Gainesville, FL
  • Posts: 696
    • Jacksonville Telephone Systems
Re: Sonicwall Alternatives
« Reply #12 on: March 21, 2014, 08:00:09 PM »
Stupid question...Do you still have to configure them via a CLI, or can you use a GUI for everything?

Larry were you referring to the Sonicwall or the Cisco?  The Sonicwall is all GUI, including a few menus they don't tell you exist.


Cisco.  I know the Sonicwalls are GUI, but not I'm not familiar with the hidden menus.  :003:

We're running PFSense on a 1U Supermicro Server for our hosted equipment at the Colo.  It just works flawlessly.


Offline tonyburkhart

  • Moderator
  • Location: Reynoldsburg Ohio USA
  • Posts: 1026
    • www.teamburkhart.com
Re: Sonicwall Alternatives
« Reply #13 on: March 22, 2014, 06:13:56 AM »

but he's also pretty blunt with them :)


Like threaten to execute a cow and serve steaks every hour until they resolve the ticket?
not far off. let's say he doesn't have more than one follow up call, before the problem is resolved :)
Thanks,
Tony Burkhart
Team Burkhart
www.teamburkhart.com

Offline Kumba

  • Moderator
  • Location: Tampa, FL
  • Posts: 746
    • ViciDial Group
Re: Sonicwall Alternatives
« Reply #14 on: March 22, 2014, 09:26:18 AM »
 Maybe it's just me, but it seems like EOL on these happens every time I turn around.


Just some capitalism at work. Why sell only software licenses with minimal response and updates when you can also force the sell of over-priced hardware with minmal upgrades too. It's a good business model although I don't care for planned obsolescence.

We've used Untangle at a few client locations with good luck. Uses standard commodity PC components which never EOL themselves and is built on top of known opensource software components like IPSEC and OpenVPN. It does all the content filtering and VPN interconnectivity you were talking about too. Also has subscription services for things like virus scanning and IDS/IPS, etc. Can operate as either a bridge/pass-through or a router/firewall. The good news is that it's underlying OS is Linux so if you ever want to get really serious with the network you can do that too. It's almost invaluable to be able to log into a Linux OS and see exactly what the heck is going on. tcpdump into a PCAP into Wireshark makes so many issues easy to track down. Not to mention you can do some real heavy lifting remotely with things like nmap, arping, etc.

PFSense is another good one like Larry pointed out. It's built on BSD but should give you the same power as Untangle does.

Also like Larry, SuperMicro is a good hardware choice for OpenSource. This would be a good router for your average SMB customer: http://www.supermicro.com/products/system/Mini-ITX/1017/SYS-1017A-MP.cfm

I used to work for a company where I would build Untangle boxes that doubled as a NAS using SuperMicro servers. They worked pretty good and it was a nice upsell/add-on to the client that they could get a firewall and NAS all in one.


My number 1 complaint about any firewall is that I can never see exactly what is going in/out the wire. It's always a guessing game and hoping the logs are useful. SonicWall also irreparably damages SIP in my experience. It just hacks it to pieces trying to "help it work" according to SonicWall support. So many sip issues went away by removing the expensive sonicwall and replacing it with a $50 router from office depot.
ViciDial Consulting for Call Centers - I'm one of those Evil Asterisk/VoIP Guys. MBSWWYIPPBX

Online MacGyver

  • Administrator
  • Location: Dallas, Texas
  • Posts: 4676
Re: Sonicwall Alternatives
« Reply #15 on: March 22, 2014, 10:46:46 AM »
James you're correct in that Sonicwall will cause some problems for you that can be hard to track down.  You just know that when you take the box out of the equation, the problem is resolved.  It was nice when they started putting a packet capture option in the Sonicwall itself.  That doesn't always help, but it is useful.

Well right now hundreds of thousands of Joomla based websites aren't accessible to most likely hundreds of thousands of DELL Sonicwall users if they use DELL Sonicwall's Gateway Antivirus as the sites are being flagged with a false positive for a Trojan.  There is a long thread about it over on their forum but in true DELL spirit the response is "Oh my goodness gracious dis is goink to be takink some time.  Maybe next week I be contactink you back.  Tankink you bery much."

As was said on their board, Isn't the purpose of having a virus team to be fluid so you can response within minutes to new threats and issue new definitions?
-I'm only here because my flux capacitor is broken.

Offline Marc Haycook

  • Administrator
  • Location: Jefferson City, MO
  • Posts: 2675
Re: Sonicwall Alternatives
« Reply #16 on: March 23, 2014, 08:10:34 PM »
Sonic wall and SIP are a bad combination.

As far as EOL... it's usually around ten years.
Marc Haycook
CCNA
Sport-Touring

Offline Marc Haycook

  • Administrator
  • Location: Jefferson City, MO
  • Posts: 2675
Re: Sonicwall Alternatives
« Reply #17 on: March 23, 2014, 08:12:49 PM »
Unfortunately, a $1000 router is usually out of the budget for what we're doing. 

Stupid question...Do you still have to configure them via a CLI, or can you use a GUI for everything?

All Cisco routers can now be programmed via GUI.
Marc Haycook
CCNA
Sport-Touring

Online MacGyver

  • Administrator
  • Location: Dallas, Texas
  • Posts: 4676
Re: Sonicwall Alternatives
« Reply #18 on: March 24, 2014, 10:30:11 AM »
More threads are now appearing in the Sonicwall forum about false GAV positives that are affecting people's businesses, yet nothing is happening.  Peggy over in India says they're not acknowledging tickets due to high call volume.  Gee, ya think?

-I'm only here because my flux capacitor is broken.

Offline tonyburkhart

  • Moderator
  • Location: Reynoldsburg Ohio USA
  • Posts: 1026
    • www.teamburkhart.com
Re: Sonicwall Alternatives
« Reply #19 on: March 24, 2014, 10:39:49 AM »
wow, I'll have to pass this on to Paul and see if he's come across that
Thanks,
Tony Burkhart
Team Burkhart
www.teamburkhart.com