Home page logo

nanog logo nanog mailing list archives

RE: Sonicwall 3500/netflow
From: Brandon Kim <brandon.kim () brandontek com>
Date: Tue, 14 Feb 2012 10:49:00 -0500

I've been using 5.8 with no problems thus far. As for the CLI, yes it is CLUNKY.

But they are completely revamping it, it will be very similar to Cisco in the near future...

From: blake () pfankuch me
To: jay () miscreant org; jra () baylink com
Subject: RE: Sonicwall 3500/netflow
Date: Tue, 14 Feb 2012 14:40:40 +0000
CC: nanog () nanog org

      If you have questions contact me off list.  I would shoot for a little higher device to support that bandwidth 
if you are going to be enabling Services at all.  Also if you use services, make sure they are enabled only on 1 zone 
as to not double scan traffic.  Also I would skip the DPI-SSL services for now, as they are extremely throughput 
intensive.  The company I work for manages a few hundred Sonicwalls, some of them in a pretty complex setup..  
SonicWall netflow is a little unique, they have a GUI feature called APPFlow which makes it pretty easy to trim down 
to watch exactly what you need (once you get the hang of it).  Some of the additional free features make the 
SonicWall very nice.  The SSLVPN portal is very handy for remote troubleshooting.  You can bind it to a VLAN 
interface with private addresses for management purposes as well as remote access.  

Careful though, they can either be a beast, or a joy to manage depending on how you set it up.

If you want to do entirely CLI management on the SonicWall, be prepared for a headache.  Everything is case 
sensitive, and not the cleanest.  If you build quick templates in your favorite text editor, it can be very simple to 
manage this way.  

SonicWall is pushing firmwares to all of the partners as far as I know (maybe to everyone) if you call in 
with an issue.  Check the caveats though, we have a few conflicts related to VPN stuff as well as dynamic routing a 
few places.


-----Original Message-----
From: Jay Mitchell [mailto:jay () miscreant org] 
Sent: Tuesday, February 14, 2012 3:59 AM
To: Jay Ashworth
Subject: Re: Sonicwall 3500/netflow

According to the spec sheet it does, haven't had the opportunity to play with one to comment any further though.



On 14/02/2012, at 2:21 PM, Jay Ashworth <jra () baylink com> wrote:

This will be my first time in Sonicwall territory.  I'm assuming this 
thing will (effectively) *be* my edge router; does it support netflow, 
as has been being discussed in the recent thread?

I'm likely going to have 100M from L3, with FiOS/150 and Roadrunner/50 
for backup/load bal; I don't think this will be a BGP application.  

-- jra
Jay R. Ashworth                  Baylink                       jra () baylink com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]