1

Hi All,

I own a small IT firm and so far my UTM of choice was Sonicwall (TZ105-NSA220).

I’m a bit disappointed with Sonicwall recently and am looking for other solution.

any recommendations?

(Needs solution that includes gateway A/V,Intrusion Prevention, Anti Malware, Anti-spam, Firewall, and app control). I prefer products that are not limited by license count.

7 Spice ups
2

A little learning curve but I’ve been happy with Sophos UTM devices. Replaced a couple of older Sonicwalls.

2 Spice ups
3

I replaced all of my Sonicwalls with Watchguards and haven’t looked back.

1 Spice up
4

Other way around here.

I heard a lot of good about Sophos as well.

Any specific issues with the Sonicwalls? (other than wifi? lol )

1 Spice up
5

I’m using, selling and supporting WatchGuard firewalls for more than a decade and I wouldn’t go for any other for my own use.

1 Spice up
6

As I see Sophos, it’s boxes offer less configuration options / features / flexibility / granularity than WatchGuard. If you are an advanced WatchGuard user for years, you would see switching to Sophos as a huge step backwards, where WatchGuard was a few years ago.

But that actually attracts users that are not so deep into security and don’t see the need for more granularity or security features. Some want to keep security as generic and simple as possible, they don’t want to tweak proxies for all the details, they don’t even understand, like you can with WatchGuard. That means also less learning - but for sure not also better security in the end (at least not in most cases).

Some of the Sophos UI is really frustrating for a WatchGuard user. The UI looks very nice at first sight, but when you want to do some management stuff, than you really start missing the approach and visibility you have on WatchGuard. Even traffic monitoring is frustrating on a Sophos, when not even all the ‘live’ logs in one place, etc.

Sure, that there are many not so skilled people out there, who just don’t know, what all the additional features and functionality on a WatchGuard should be good for. These are those, who will have a very high opinion on Sophos, who make you hear ‘a lot of good’. but this may be very relative - depending very much on what you were using in the past and the networking/security skills and expectations you have.

1 Spice up
7

For me, it was constant stability issues with the sonicwall. Internets being slow? Stuff’s not working? Reboot the sonicwall, fixed. Saw this with multiple models. Had huge issues with the NSA2400 dropping internet, solution was ultimately to put a dumb switch in front of it.

Remotely accessing the webui is slow.

Watchguard gives me central management and monitoring. I can see the status of all of my Fireboxes in one management interface. I like the fact that I can make my changes and then just save the config to the firewall. I can of course do it via the webui like you do with the Sonicwall as well. The advantage of using the policy manager software is that it will save revisions locally on the drive. Made a config change and it broke things? Open the previous config file and save it to the firebox.

There are some things about the policy manager UI that I think are stupid entry level UI mistakes. Want to sort your aliases? Good luck with that. I tolerate that but it still irritates me.

I like the branch office virtual interface/route vpn structure over the way I used to do it with sonicwall, setting up the tunnel and adding address objects to it. WG also has a similar setup if you want to go that way, but I prefer doing it with routes.

8

Can you expand on that, the Sophos XG series even has heartbeat connection to endpoint so the granularity is pretty amazing now

Im not sure on how much experience you have on Sophos UTM but all the logs are in…wait for it…the log section. Yes there are other direct links to logs elsewhere but these are secondary. If you want all the logs in one place they are there

Of course all advice here is going to be subjective and virtually any UTM on the market will cover what the OP needs

I use Sophos because all my devices are laptops so we need to integrate perimeter security with a software endpoint so the same policy is applied when the laptop user is at home or on another network, having a single vendor make both solutions allows for this. But this may not be important to many.

As with many things its go out and try them see what fits your needs best

9

@Toby - the Heartbeat stuff is quite new for Sophos and in general it is a concept, that is relatively new to the industry. It’s pretty much like Application control a few years ago, when just one vendor had it in the beginning and today everyone worth mentioning is supporting application filtering.

I don’t expect WatchGuard to create and offer an endpoint integration like heartbeat on their own - much more I’d expect, that they will be offering it trough some of their technology partners, like the new mobile client security, that comes from Kaspersky. WatchGuard is lately building up some interesting alliances with technology partners, that can offer you much more choice, as if you have to rely on a one vendor solution.

When it is something that involves AV (Sophos is actually an AV company…), I see it as an advantage, if I have different AV engines on the firewall and the endpoint - Sophos heartbeat is not really offering you this diversity.

I used to work with quite a few vendors, that were not so often the first on the market with a new feature or concept. They watched the mistakes others made and later implemented their own version avoiding the mistakes others have made.

I can’t say anything about how useful this heartbeat stuff is in real life - will have to see it in action some day, to get a realistic impression on it.

But when I talked about granularity, I was not thinking of heartbeat, but about the granular settings WatchGuards proxies allow you to make. When I looked into the settings you could make in the ALG’s on a Sophos box, I asked myself ‘are they joking?’.

But as I already said - there are many users out there, that do not want that kind of granularity, WatchGuard is offering with their proxies. Or even worse - some could get scared, when they open up the proxy settings for the first time, seeing all these settings and options they possibly don’t even know, what they stand for. Without a good tutor by the side, all these advanced settings may be something, that could turn some less experienced user to go for a ‘simpler’ solution like Sophos. I’ve seen people getting scared off, when they insisted, that they want to do the evaluation on their own, without having a tutor by their side to explain them, that they do not need to tweak every and each of the proxy settings, that the predefined defaults in most cases work quite well,…

But if you are an experienced WatchGuard user, understanding how these proxies work and what they are good for - and most important - knowing how to troubleshoot problems they might introduce, than you will be frustrated if you have to change to a solution, that does not offer you this kind of granularity.

What I said, is the view of a WatchGuard user with more than 15 years of WatchGuard experience - a Cisco or Fortinet user might have a completely different view.

1 Spice up
10

We’re in the process of moving from SonicWALLs to Fortigate appliances, and i’ve been happy with their products so far.

SonicWALL kind of went to crap when DELL took over.

11

Hey Aviad- I’d recommend checking out the bundle from Fortigate and HPE Security. It combines the powerful firewalls of Fortinet and HPE’s Security Logger to give you a UTM that enables you to respond to threats quickly, and gives you the ability to recognize similar threats in the future.

I linked to specific info above, but you can also check out the below link for more information on other HPE Security products and solutions.

Hope this helps!

12

As always, thanks for using and mentioning WatchGuard @pfarrell and @bojanzajc6669 !

@aviadkrief - You have some incredibly solid advice from your fellow SpiceHeads above. There’s going to be a lot of options for you out there to replace your current solution, it’s just going to be a matter of what YOU are most comfortable using.

If you’re open to looking into WatchGuard as a possible replacement, you can start by using our Appliance Sizing Tool to get an idea for which device would work best for you: WatchGuard Appliance Sizing Tool | WatchGuard Technologies

Reach out to me with any questions you have on WatchGuard. Best of luck in your search for a replacement!

@WatchGuard_Technologies_Inc

13

Thanks all,

I found watchguard to be a mess. I just hate the interface and can’t figure what goes where. but that’s just my opinion.

Sonicwall are pretty easy as long as you follow the wizard, one step off the yellow brick road and you are in a world of pain. Since Dell took over I found their support to be less efficient. I also think they got pricey. For the most parts stability was good with NSA but less with TZ.

Last week, one of my clients got infected with lockey, which is some variant of ransomware. The Sonicwall should have blocked it as the gateway a/v was configured to block office document with script, but it didn’t, big disappointment!

14

It’s funny, I came from a WG environment and went to a Sonicwall shop. I found Sonicwall to be a mess. Then I went back to Watchguard. There were some things I did appreciate about Sonicwall, but on the whole, I liked WG better.

15

Thanks Patrick,

I will give it another try. It seems like I’m just getting old and have no patient learning new technologies :).

Megan, Can someone from watchguard give me a demo? Do you have special prices for demo/internal use units?

1 Spice up
16

@aviadkrief - I suppose you did not have a tutor by your side and have run into the ‘I hate it’ effect, that may happen to a less experienced user, trying to discover WatchGuard on his own, without having had explained the basic principles of management.

Strange enough - when I look at the Sonicwall WebUI, I have no problem to follow the logic, so it is not even that much different in its basics. But sure - when you run into the proxy config and are not prepared for it, it may scare you.

In addition, advanced users use the WebUI on WatchGuard more for the live statistics and when just a simple parameter is to be changed, while the heavy work is done with the Windows WSM application, that you possibly haven’t even seen.

Possibly WatchGuard is just not the product, that would fit the level of experience you have. But than you shouldn’t be looking at Cisco ASA or Fortinet either.

Meraki or Sophos might come much closer to your management preferences, if you like it as simple as possible, having most of the work done by some generic wizards, not having to worry, what actually happens behind the scenes. But you have also to know, that this means giving up part of the control, sometimes even to adopt your security policy to the capabilities of the firewall instead adopting the firewall to your policy, as it should be.

But for sure WatchGuard is far from a mess - that was just your first impression.

17

Thanks Bojan,

I actually had experience with ASA and checkpoint before I started working with sonicwall and I was ok with it (Using CLI on ASA). It is just Watchguard that I can’t wrap my head around, but TBH I didn’t give it too much of an opportunity, I don’t like the fact that I need a desktop application to manage the firewall and maybe that’s why I disliked it in first place. I will give it another shot and will look for an experienced Watchguard user to show me around.

18

Opposite from you, I love the desktop app and see it as a HUGE advantage, once you understand what the advantages are.

Possibly at the time, you had your experience with WatchGuard, it also had the old ugly flash based web interface?

And if someone is hot for CLI management, he can do that too.

The biggest advantage of the Windows app is the possibility to edit the configuration offline. Imagine, you plan to change your ISP and do some network reorganization. If you rely on a web interface only, you will have a few frustrating hours of work, trying to make everything right, as fast as possible, so your users have a minimum of downtime.

With the Windows app, you can start preparing the changes a week upfront, check them 3 times and apply them in a few seconds when everything else is ready.

You can prepare the config for a new firewall, before you even got it from your reseller.

Since the old flash WebUI is gone and replaced with a modern html5 one, I startet using it more and more. Some very nice features are implemented only on the WebUI (e.g. FireWatch or Network Discovery) so I see it as a complementary management platform, while primarily still using the Windows WSM app. Using the right mix of the best features of both management platforms is giving me a huge advantage over any other product I have had my hands on.

And than there is Dimension, the replacement for the old log and report server that is included at no charge, giving you more insight in your network traffic, than many other tools you have to pay for.

19

@aviadkrief - Sending you a PM now!

20

whynotuntangle.jpg

We’ve got a ton of options now , fyi. You can run it on our hardware/your own hardware/in a VM…the world is your oyster! Check out our live demo server if you want to play around.