Thinking about moving from SonicWall NGFW to Palo Alto

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Thinking about moving from SonicWall NGFW to Palo Alto

L1 Bithead

My company has been using SonicWall for the last 7 years or so, and we're currently on a NSA 3600 (NGFW) HA pair for main branch and a TZ500 for a small remote office. The TZ500 is totally fine and the 3600 works ok for the most part but there are always a lot of bugs and issues seemingly for every service and feature (espeically HA). Changes and firmware upgrades are often a painful and worrisome ordeal. Finally, the support is absolutely terrible - I have had 100+ tickets and I find that its really hit or miss if you get someone who has any idea of what they are doing unless I luck out and get the really experienced (but super grouchy) Indian technician.


I am at the point now where I want to consider other NGFW options but I have been in IT long enough to know that just switching products because you aren't happy isn't a solution unless you do a ton of research/DD.


That said, I wanted to get some extremely surface level insight here about where to start with looking into what PA offers.


As for pricing, what is a very ballpark cost of a PA NGFW comparable to the NSA 3600 ? We pay ballpark under $6K/year for this and honestly, where I work, we could easily afford more. I just want to get a very rough idea of cost.


Secondly, with the NSA 3600, we basically have several networks and zones, integrated wifi AP's and general security services like Gateway AV/Anti-Spyware/Intrusion Prevention/App Control/App Visualization, DPI-SSL (which has issues), bot-net filter, etc. I also just recently purchased SonicWall's Network Security Manager (NSM) which is a hosted service for management and analytics and reporting - and this thing doesn't even work correctly yet, at least not with the NSA 3600 and current firmware despite being told it was.


So yeah, can anyone give me a super rough idea of cost as well as pain level of dealing with the PA products and support?


L1 Bithead

Also, I wanted to add to my first paragraph that, yes, I do do a lot of knowledgebase searching and try to solve problems and understand config on my own. I still end up having to reach out to support for things that just don't work regardless of what I do.

Cyber Elite
Cyber Elite


Welcome to the forum! I have used many different firewall models in the past and would not recommend anything other than Palo Alto. There are many reasons for this, however its platform and what it provides is second to none. With your sizing questions, Palo Alto's are sized by throughput. When sizing a PAN device, I take the highest throughput from the existing device and match it to the lowest the PAN will support. What this does is oversize it a bit and allows for growth and makes sure I dont undersize it by accident. Also are 10GB connections a must or just a nice to have and how many 1GB connections do you require?


Hope that helps.

  • 2 replies
  • 101 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!