Sonicwalls VPN is incredibly easy to setup, but the client can be relatively expensive.
That said the TZ170 is a "gen4" Sonicwall product with IDP functionality which the Zywall doesn't have. Given you have a Web and Mail server you'd be crazy not to go the TZ170 way.
Hi I am looking to get a new VPN firewall for my small business and was wandering what people's opinions were about the Zywall 35 vs Sonicwall SP TZ170, specifically ease of use/setup, problems, etc.
In the short term I will need to set up a DMZ with Web and Mail server . In the medium I will need failover wan hence the 2 products.
I was planning to have an another firewall for the internal LAN but was hoping to get with 1 firewall if possible.
Akhtar
I don't know about Zywall 35 but I have a TZ170. And I can tell you that Sonicwall's support is terrible, just completely useless.
Tier 1 support is in India. They don't speak very good English, they don't listen well and just frankly don't know the product well. I finally gave up and requested to speak to Tier 2. I have blown the entire day trying to get a resolution to a VPN problem.
This is my second Sonicwall. Support used to be very good but it was gone south (or should I say east) somewhere along the line. If I knew then what I know now I would not have bought the second Sonicwall.
JC wrote:
Well, if you buy from a reseller then you get support from them and not sonicwall directly sometimes. I've been looking at the sonicwall TZ150 and find the subscription pricing a lot of money. I just talked to a reseller of sonicwall and the price is cheaper then sonicwall directly I believe. they said they do the support and 9 out of 10 problems they can fix, if not then they send you to sonicwall directly. the problem i have is the device cost over $200 then for the gateway security subscriptions it's over $500 for all of them or it was a little more then $540 for the device and the subscriptions bundle, not sure.. they said basically yer paying for the box and the OS is just that, software as an OS just like windows or mac but for the firewall device only, they release new firmware with bug fixes and software enhancements and yer paying for being able to upgrade to a new OS. just like microsoft wants to do pretty much. also the content filtering subscription is also no different then any other cus yer paying for third party subscription for content filtering. so if you buy say the linksys wireless 802.11g with speed booster you have to pay a yearly subscription for parental control which in fact i think cost about the same or more then the content filtering from cerberian which is the CFS in sonicwall. Then there's the virus, same thing, you pay a yearly subscription of $70 or so which isn't horrible. It's a lot, but not horrible. consider it covers the whole network not just one or two pcs. it's done at the gateway, not just the pc, so it's even more secure. it auto updates etc. software you buy a new version every year as well and each year it cost about $40-$99 depending on what type of software you get, plus only covers 1 or 2 pcs. the IDP, i honestly have no idea about that one, but i know it does p2p blocking and thats what i want. in the firewall appliance the ability to just say block all p2p or at least most of it is awesome. then if someone on a local pc tries to install say kazaa and run it, it's not going to work I assume. it wouldn't connect. i don't know how good the IDP is. It's basically like to me, a device that you pay for the OS and for them to support you, just like windows xp or whatever if microsoft was doing the subscription or whatever they have talked about. the virus, same thing, the IDP same thing. the reporting viewpoint, well, don't know about that, but it sounds cool. so the firewall appliance is taking place of content filtering software, virus software and adding IDP and i think pretty cool reporting stuff. So the device covers the whole network and each pc would normally has to have software on them.
I think it's fairly reasonable as long as it worked good.
I also have a TZ170 in service here for a home ADSL line.
Support from Sonic is woe full. You need to subscribe to their support contract to be able to download firmware updates etc. If the price was reasonable I would have done so but their price per year is about 25% of the purchase price of the firewall.
Luckily, the firewall works reasonably well. I am seeing about 100 attempts per day from all around the world to break into my PC which are being rejected by the firewall. I have had 2 occasions in the last 9 months of service when the firewall appeared to be functioning properly but had disconnected the WAN side. A power off/power on reboot fixes the problem but this loses the firewall log to date - the only solution to that is to copy and paste the log to a word file if you wish to retain copies of the logs.
For the IDP, to me when reading about it and sonicwall it seems to me that if you enable the p2p blocking, when you install any p2p software app on a client local pc and the user tries to open it and connect to download and fileshare that the IDP will block the connection. Is this correct?
Also one thing about the sonicOS in the sonicwalls. Will it be able to email you the bandwidth logs information like where lan users go online and how much they download or upload or any info like that? Or is this info done only in the ViewPoint or something?
All of the features like the AV, content filtering to block categories of sites, IDP and viewpoint all to me are very interesting technology. I never knew firewall appliances could do AV stuff built in. Almost makes having AV software like Norton on a lan pc redundant almost.
The IDP is worth its weight in gold, especially if you have any sort of service (ie email, web etc).
It may be lightweight IDP but it will suprise you how much stuff it st> > > >
Awesome because my goal would be to tell the Sonicwall to not let any p2p connect so my people can't use them to fileshare.
I notice at sonicguard.com on their FAQ it says for keywords or something, something about usenet like if you enter in a word sex it would block all the alt.sex newsgroups. Here is the text from their FAQ. Here's the web site url I'm referring to.
A: Currently, the Content Filter List contains over 50,000 entries, with The Learning Company making roughly 500 additions and changes per week. Note that one entry could block multiple sites. For example, the single entry blocking newsgroups in the alt.sex category blocks hundreds of newsgroups. ===================================================== Is that from an old FAQ or is it still true today? I didn't think the sonicwall could block certain newsgroups at all or am I wrong?
I called sonicguard and it is an old FAQ, however i still want some clarification on it. I talked to their sonicwall guy there and he said he wasn't totally sure since it's been forever since he logged into any or something.
Yes the IDP will fully blook the P2P apps if you so desire.
The other functionality is awesome but you should never get rid of your desktop or server AV, the firewall merely compliments this.
Most of this functionality is common across Sonicwall, Netscreen (Juniper), and Foritnet products. And yes its bloody awesome. Sometimes I demonstrate these features by throwing a Netscreen in transparent mode behind an existing Cisco firewall and watch the users face as the Netscreen picks up all the attacks and crap the Cisco lets through.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.