Cisco ASA 5510 vs SonicWALL NSA 3500

S

SKiTLz

2[H]4U
Joined
Aug 3, 2003
Messages
2,664
Ok so we're looking for a new option for HO and our few branch offices. I'm racking my brain and just can't decide.

I have all the literature and white papers from both companies saying why their product is better. We currently use a SonicWALL Pro 3060 in HO and have had a quite a few issues. But it is also old. So i try not to judge on old malested hardware.

Everyone seems to go "Cisco no doubt" without ever giving any facts or reasoning. Half the people probably haven't even used one.

Looking for some real input here. Some points...

HO is around 60 users.
10Mb Full Duplex Fiber
Few small branch offices which must have reliable tunnels.
Kinda bumbed the ASA's doesn't do Policy Based Routing.
WAN Failover (Again ASA won't do any form of simple load balancing. Just failover)

I really like the new NSA's Application Firewall. For example check HTTP header for youtube.com and throttle the bandwidth. ASA offer anything like that?

SonicWALL i think definitely has some nice features over the ASA. But that doesn't help me if nothing is realiable which is why we are upgrading right now.

Fire away guys. Thoughts? Experience?
 
Vito_Corleone said:
If you want policy routing and load balancing, get a router.
Click to expand...
This exactly.
Cisco makes products that do the job they are supposed to do VERY well.
Their firewalls are firewalls, they are not routers. If you want routing... get a router.
 
#1 reason = Cisco TAC support is f'in amazing, by far one of the best tech support experiences you will have.

#2, Sonicwalls NAT rules are a pain in the butt, i GUI is just not adaquate

#3, Service contracts from Cisco are cheaper and better.

#4, according to sonicwall support, you will NOT get help unless you are on the latest firmware release, this is really a pain, they say the reason is because the firmware version you have is buggy

#5, Cisco VPN is one of the most solid an reliable out there, if your VPN goes down, its cause you lost internet.

#6, Sonicwall software. . . . . . I hate it lol

Thats a start to your list, the ASA's are a great product line, with a ton of features you will likely never use.
 
I managed 50 PIX and ASAs at my previous employer. We had PIX 505s, 515Es, 525s, 535s, and various 5500 series ASAs with versions that ran from 6.3(5) to 8.0(x). I've worked on Cyberguard firewalls and Checkpoint NGX firewalls as well. I'd buy Cisco over anything else.

Cisco firewalls have an easy to understand IOS-like command line interface and a decent ASDM gui for those that like it. Tasks that take 10 seconds on an ASA take 10 minutes to do on a Checkpoint... just get an ASA and be happy.
 
Last edited:
Bit of a land slide so far.

I'll admit my Cisco experience is limited. I'm definitely not an IOS god but I don't see any problems with me picking it up. This may be what is making me a little hesistant in the back of my mind.

I don't know the Cisco lineup very well. PBR and Load Balancing (noththing crazy) is something I want. Anyone recommend a Router that isn't going to kill my budget that would do what I need?

Keep the opinions coming though. Id like to hear from the SonicWALL band wagon.. If there is one.
 
There's no need to fear the CLI on the Cisco. You can use ASDM(Adaptive Security Device Manager) to configure it with a GUI.

We run a SonicWALL NSA 2400 in our colo. It's web GUI doesn't stay up reliably. The web reset command from the CLI doesn't bring it back. SonicWALL's answer to this is "reboot the device." Due to this alone I'd choose Cisco in the future. We've never had a problem with a PIX or ASA.
 
You guys sold me. Placing my order tommorow..

5510 for HO. Haven't decided on the CSC module yet.
5505 for Branches.

Just need a recommendation on a 2 port WAN/ethernet router to do my PBR to put in front of the ASA. Thinking the 1811.

Thoughts?
 
I would just get an 1841 or if you want to spend a tiny bit more get a new generation 2 ISR
http://www.cisco.com/en/US/products/ps10546/index.html

the 1941s I have deployed to some of my clients smaller branch sites, they are pretty awesome for the price point.

get the wireless model and you gain an 802.11n AP built in, pretty handy for small sites.
be sure to get the security bundle as well so you get the proper licenses.
 
Cheers Tacman.

What does the Security bundle license give me? I don't want to get redundant licensing IPS (for example) on both units.

I had to fight to get this approved. They're going to love me coming back asking for a new router too. But it is needed.
 
SKiTLz said:
You guys sold me. Placing my order tommorow..

5510 for HO. Haven't decided on the CSC module yet.
5505 for Branches.

Just need a recommendation on a 2 port WAN/ethernet router to do my PBR to put in front of the ASA. Thinking the 1811.

Thoughts?
Click to expand...

1841
 
SKiTLz said:
Cheers Tacman.

What does the Security bundle license give me? I don't want to get redundant licensing IPS (for example) on both units.

I had to fight to get this approved. They're going to love me coming back asking for a new router too. But it is needed.
Click to expand...
The security bundle takes your ASA 5510's 10/100 ports to 10/100/1000 and allows for failover. It also increases the VLAN count, etc.
 
cyr0n_k0r said:
The security bundle takes your ASA 5510's 10/100 ports to 10/100/1000 and allows for failover. It also increases the VLAN count, etc.
Click to expand...

Thanks. None of which we need right now.

It has been approved. I will be doing a 5510, 5505 Branch offices, and a 1841.
Now comes the task of setting it up. Should be a riot.

Thanks for the input.
 
You must log in or register to reply here.
Back
Top