[149737] in North American Network Operators' Group
RE: Sonicwall 3500/netflow
daemon@ATHENA.MIT.EDU (Brandon Kim)
Tue Feb 14 10:51:05 2012
From: Brandon Kim <brandon.kim@brandontek.com>
To: <blake@pfankuch.me>, <jay@miscreant.org>, <jra@baylink.com>
Date: Tue, 14 Feb 2012 10:49:00 -0500
In-Reply-To: <CC75EEBF17C7374EA8309102B7B10C84860B1FFB@SHSBS.shenrons-house.local>
Cc: nanog group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I've been using 5.8 with no problems thus far. As for the CLI=2C yes it is =
CLUNKY.
But they are completely revamping it=2C it will be very similar to Cisco in=
the near future...
> From: blake@pfankuch.me
> To: jay@miscreant.org=3B jra@baylink.com
> Subject: RE: Sonicwall 3500/netflow
> Date: Tue=2C 14 Feb 2012 14:40:40 +0000
> CC: nanog@nanog.org
>=20
> JRA=2C
> If you have questions contact me off list. I would shoot for a little h=
igher device to support that bandwidth if you are going to be enabling Serv=
ices at all. Also if you use services=2C make sure they are enabled only o=
n 1 zone as to not double scan traffic. Also I would skip the DPI-SSL serv=
ices for now=2C as they are extremely throughput intensive. The company I =
work for manages a few hundred Sonicwalls=2C some of them in a pretty compl=
ex setup.. SonicWall netflow is a little unique=2C they have a GUI feature=
called APPFlow which makes it pretty easy to trim down to watch exactly wh=
at you need (once you get the hang of it). Some of the additional free fea=
tures make the SonicWall very nice. The SSLVPN portal is very handy for re=
mote troubleshooting. You can bind it to a VLAN interface with private add=
resses for management purposes as well as remote access. =20
>=20
> Careful though=2C they can either be a beast=2C or a joy to manage depend=
ing on how you set it up.
>=20
> If you want to do entirely CLI management on the SonicWall=2C be prepared=
for a headache. Everything is case sensitive=2C and not the cleanest. If=
you build quick templates in your favorite text editor=2C it can be very s=
imple to manage this way. =20
>=20
> SonicWall is pushing 5.8.1.4 firmwares to all of the partners as far as I=
know (maybe to everyone) if you call in with an issue. Check the caveats =
though=2C we have a few conflicts related to VPN stuff as well as dynamic r=
outing a few places.
>=20
> Blake
>=20
> -----Original Message-----
> From: Jay Mitchell [mailto:jay@miscreant.org]=20
> Sent: Tuesday=2C February 14=2C 2012 3:59 AM
> To: Jay Ashworth
> Cc: NANOG
> Subject: Re: Sonicwall 3500/netflow
>=20
> According to the spec sheet it does=2C haven't had the opportunity to pla=
y with one to comment any further though.
>=20
> http://www.sonicwall.com/us/products/NSA_3500.html#tab=3Dspecifications
>=20
> --jay
>=20
>=20
> On 14/02/2012=2C at 2:21 PM=2C Jay Ashworth <jra@baylink.com> wrote:
>=20
> > This will be my first time in Sonicwall territory. I'm assuming this=20
> > thing will (effectively) *be* my edge router=3B does it support netflow=
=2C=20
> > as has been being discussed in the recent thread?
> >=20
> > I'm likely going to have 100M from L3=2C with FiOS/150 and Roadrunner/5=
0=20
> > for backup/load bal=3B I don't think this will be a BGP application. =20
> > :-)
> >=20
> > Cheers=2C
> > -- jra
> > --=20
> > Jay R. Ashworth Baylink jra@bayl=
ink.com
> > Designer The Things I Think R=
FC 2100
> > Ashworth & Associates http://baylink.pitas.com 2000 Land Ro=
ver DII
> > St Petersburg FL USA http://photo.imageinc.us +1 727 6=
47 1274
> >=20
>=20
>=20
=
