Download our free Firewall Vendor Report based on nearly 500 real user experiences.
Next-generation firewalls (NGFWs) from SonicWall and Palo Alto Networks both made eSecurity Planet’s list of top NGFW vendors. While each network firewall solution has much to offer any enterprise customer, there are critical differences between the two. What follows is a look at each product’s key features, as well as some important strengths and weaknesses.
The Bottom Line
Both solutions have received top marks from users and analysts. SonicWall is a particularly good fit for cost-conscious purchasers, though its cloud security is less mature than that of its top competitors, and the company can be slow in introducing feature enhancements and new functionality. Palo Alto is a better fit when features and performance are more heavily weighted than price. NSS Labs’ recent testing rated SonicWall’s total cost of ownership per protected Mbps at $4, one of the most cost-effective NGFWs, with Palo Alto following close behind at $7, itself an impressive number for a solution offering market-leading performance. NSS Labs gave the two solutions almost identical security effectiveness ratings – 98.8 percent for SonicWall and 98.7 percent for Palo Alto.
SonicWall Product Highlights
Overview: SonicWall Network Security Appliance (NSA) next-generation firewalls leverage the company’s multi-engine Capture Advanced Threat Protection (ATP) and Real-Time Deep Memory Inspection (RTDMI) technology to detect and block threats, and the patented Reassembly-Free Deep Packet Inspection (RFDPI) engine to examine every byte of every packet. The company’s NGFWs are available as hardware and as virtual appliances.
Recent developments: SonicWall recently announced the addition of more than 50 new features to its SonicOS, including advanced networking and connectivity capabilities to optimize system availability. The company also enhanced its NSA firewalls by more than doubling the number of SPI connections (up to 4 million) and quadrupling the number of DPI-SSL connections.
Analysts’ take: Gartner says SonicWall is a good shortlist candidate for value-conscious enterprises seeking more throughput at a reasonable price – customers frequently mention the product’s ability to meet budget and performance requirements, and give good scores for ease of management. Still, the research firm says SonicWall’s cloud security is less mature than its leading competitors, and it’s been slow in providing differentiating new features.
Read our in-depth look at SonicWall’s NGFW solutions.
Palo Alto Product Highlights
Overview: Palo Alto Networks’ NGFWs inspect all traffic, including applications, threats and content, and tie it to the user regardless of location or device type. The aim is to manage applications, users and content by classifying all traffic, determining the business use case, and assigning policies to protect access to relevant applications and block threats. The company’s NGFWs are available in purpose-built hardware appliances and as virtual appliances.
Recent developments: Palo Alto Networks recently released version 8.1 of its PAN-OS operating system, adding over 60 new features, among them expanded SSL decryption capabilities and more granular control of SaaS applications. Newly introduced appliances include the rugged PA-220R, the PA-3200 Series, and the PA-5280.
Analysts’ take: Gartner says Palo Alto is visible on shortlists across all industries, though it’s a particularly solid contender when features and management quality are given more weight than price. Still, the research firm says some clients have expressed concern about the pace of firmware releases, and price is frequently cited as a reason not to select Palo Alto Networks.
Read our in-depth look at Palo Alto’s NGFW solutions.
NGFW Product Ratings
Here are eSecurity Planet‘s ratings of each solution’s key features.
Security: Both solutions provide exemplary performance. In NSS Labs’ most recent testing, SonicWall’s NSA 2650 received a 98.8 percent security effectiveness rating, while Palo Alto’s PA-5220 got a 98.7 percent rating – a negligible difference.
Performance: NSS Labs rated SonicWall’s NGFW at 1,028 Mbps, and the more expensive Palo Alto NGFW at 7,888 Mbps.
Value: SonicWall is the more cost-effective solution with a TCO of $4 per protected Mbps, compared to $7 for Palo Alto. Gartner also reports that its clients frequently cite pricing as a reason not to select Palo Alto.
Implementation and management: While SonicWall’s ease of management is a key strength, Palo Alto users say the setup process requires a little more knowledge than most. Some Palo Alto users complain about the sluggishness of Palo Alto’s interface when managing several appliances.
Support: SonicWall customers generally report positive experiences with support, which has improved over the last few years. While some Palo Alto customers give the company positive reviews for its support, others express frustration with the promptness of replies to support queries.
Cloud features: While both solutions offer virtual appliances and a range of cloud functionality, Gartner says SonicWall’s cloud security is less mature than its leading competitors.
IT Central Station users give SonicWall NSA an average rating of 3.5 stars out of five, and Palo Alto Networks’ NGFWs an average of 4 stars out of 5. Gartner Peer Insights users give SonicWall an average rating of 4.2 out of 5, and Palo Alto an average of 4.5 out of 5.
SonicWall reviewers said the solution “allows us to block applications, i.e. websites by application type category,” adding, “It is far more capable than content filtering alone.” Another reviewer said the “technical support is quite good,” and “SonicWall absolutely has the best bang for the buck, hands down.”
Palo Alto reviewers said the company’s NGFW “gives us full visibility and protection” and “is very stable.” Another reviewer said Palo Alto “had the most complete solution” among the vendors they considered, with “the typical features of a next-generation firewall,” and “did well in terms of performance.”
SonicWall’s NGFWs are available as hardware and as virtual appliances, with security services delivered automatically from the SonicWall Capture Cloud Platform.
Palo Alto Networks’ NGFWs are offered as hardware appliances (PA Series), and as the VM Series for use in virtualized or cloud environments.
SonicWall’s NGFWs are sold with one-, two- or three-year Advanced Gateway Security Suite subscriptions providing a continuously updated sandbox, gateway anti-virus, intrusion prevention, content filtering, application control and technical support. A 30-day trial of the service is available. The NSA 2650 tested by NSS Labs has a base list price of $2,495, though it’s widely available for under $2,000.
Palo Alto Networks’ newest appliances – the PA-220R, PA-3200 Series and PA-5280 – range in price from $2,900 to $200,000. The PA-5220 tested by NSS sells for approximately $70,000, with support packages extra.