Sonicwall – Old dog learns [some] new tricks

~12 years ago I had a drinking buddy that worked with me at the regional ISP.   We had a lot in common, he had been an icon back in the didjits era of punk rock in Champaign Urbana and we had briefly been in a terrible band together.  He introduced me to a dude that to this day I just knew as “Ravi Sonicwall”.  He had apparently been recruited from the U of I, written a lot of the low level pieces of the original sonicwall and retired to enjoy life and buy beers (he actually scolded me at a bar for buying him a beer saying “when I’m in town, I buy the beers”).

I had purchased a few sonicwall boxes after that, having only really used linux, IOS, checkpoint on nokia boxes and *shudder* Novell Border manager.  I liked the boxes since they had a GUI and I could hand off day-to-day operations to someone that !=Me.  After a year or so in production, I started to become frustrated with them,  the ones I had lacked a CLI completely and had fallen behind on the things I needed to do with them.   Their cost to feature wasn’t there for what I needed and the ones I had purchased systematically had hardware failures all within 7 months.  I wrote off sonicwall completely at that point.

Fast forward a decade.

Sonicwall purchased by Dell.

We’ve heavily invested in the Juniper SRX.

The SRX mostly does what we ask of it (talk to me about Oracle replication through one and their SQL ALG).

The SRX has some limitation as far as management and display of eye candy.

While I personally like a CLI to rummage around in, not everyone does.  Palo Alto Networks has an amazing GUI.  Like, the best I’ve ever seen.  Sonicwall……well, theirs always left me wanting back in the day.  Now…..wow, a totally different ballgame.

Don’t get me wrong, I’m not confident that the Sonicwall “Super Massive” won’t compete (in this guys opinion) with a Juniper 5800.  However, their transparent mode is a tad better and their web management is an order of magnitude better.  Performance?  I don’t think anything can touch an SRX loaded with SPCs, but the numbers are impressive.  I’d like to do a bake off once I get some time (and a super massive in my lab)

That being said, I gave the Sonicwall we have as a demo a good go around.  I found it’s ease of setup pretty refreshing.  For those that have non-networking savvy security folks running these boxes, they’ll likely love the interface.  I like the AppFlow Monitor.  It’s a nice reprensentation of the transit data in an easy to understand format.  Here is an example of the box in my lab after running a few days.

 

 

The threat reports are nice as well, very eye candy and they seem pretty accurate based on what we threw at it and what we generally see in the wild west.

 

 

 

 

 

 

 

 

 

 

 

 

 

The real time monitor reminds me a lot of the Palo Alto.  It gives some serious eye candy, live, realtime graphs of any traffic transiting the box.  Very eye catching and I can see a use case for it.

However, I find the management of the interfaces a bit clunky and the lack of non-beta IPv6 support is a but disappointing.  I’ll be testing the IPv6 support soon, I’m just waiting on the activation of the box I have to support it.

Firmware updates seem to require a registration of the machine in their system, something I understand but the old school networking guy in me really hates feature licensing and remote activation of network hardware.  A lot.  the fact that every vendor seems to be doing it just makes my skin crawl, but such is life.

The box comes with an SSL VPN server as well, I’ve still been twiddling with getting mine working.  The smaller SOHO devices have wifi built in, but that’s way outside of my scope, so I’ll leave it at that.

 

The CLI isn’t terrible, either.  It’s more IOS that I remember, but a far cry from JunOS.  Tab complete works and there are a decent amount of options.  I’ve not yet tried to configure much with it but have used the show commands some.  Here is an example from the small box we have:
User:admin
Password:

labfw> show interface sta
labfw> show interface statistics
Interface statistics for X0
InDiscards : 0
InNUcast : 401464
InUcast : 4921467
InOctets : 2207976060
InErrs : 0
OutDiscards : 37
OutNUcast : 9733
OutUcast : 5407031
OutOctets : 3031626437
OutErrs : 0
InUnkProto : 0
InMcast : 291793
InBcast : 109671
OutMcast : 0
OutBcast : 9733

Interface statistics for X1
InDiscards : 0
InNUcast : 5401982
InUcast : 4496250
InOctets : 3192806274
InErrs : 0
OutDiscards : 0
OutNUcast : 54
OutUcast : 4582195
OutOctets : 2114718776
OutErrs : 0
InUnkProto : 0
InMcast : 1500142
InBcast : 3901840
OutMcast : 0
OutBcast : 54

 

Overall, not a bad platform.  They’ve certainly done their homework.

5 Comments

  1. Paul Leet says:

    Having worked on both and done POC for 5800 and Supermassive, if you enable any DPI function or SSL offload, the SRX chokes while the Supermassive hums along.

    There are only a couple configurations where the SRX has the SonicWALL beat.

    Check out Network testing and NSS labs results for independent testing. I can send them to you if you wish.

    /p

  2. I did not have that result at all. Quite the opposite, in fact. We were able to have full DPI on all IPv4, pumped the box full of traffic, IPv4, IPv6 and IPv4 multicast, al while inspecting all packets and spanning packet size from 9k to 64 bytes. We even pulled out SPCs while doing this and the box happily plumbed along. And actually, we’re doing DPI on IPv6 traffic as well, in production, now.
    That being said, I look forward to putting the supermassive through it’s paces. I really welcome great competition to high level products. The more options out there, the better.

  3. EH says:

    Funny story re: those older sonicwall platforms. 10 years ago or so, I was working with a client that had one of the smaller Sonicwall platforms, and there was a software bug that would hold sessions indefinitely. This would cause the box to stop forwarding traffic after a few days. You could clear the sessions through some hidden “diag.html” page, but my client didn’t have anyone on staff that was savvy enough to do it. So, I ended up putting the Sonicwall on a christmas tree timer that would reboot it each night after hours. Problem solved. Haven’t installed another Sonicwall since. I’ve worked on many and still don’t care for their GUI. Maybe its time to revisit their latest platform and software versions.

© 2019 The Forwarding Plane. All rights reserved.

Copyright 2016 Nick Buraglio, ForwardingPlane, LLC

%d bloggers like this: