This will be my first time in Sonicwall territory. I'm assuming this thing will (effectively) *be* my edge router; does it support netflow, as has been being discussed in the recent thread? I'm likely going to have 100M from L3, with FiOS/150 and Roadrunner/50 for backup/load bal; I don't think this will be a BGP application. :-) Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
According to the spec sheet it does, haven't had the opportunity to play with one to comment any further though. http://www.sonicwall.com/us/products/NSA_3500.html#tab=specifications --jay On 14/02/2012, at 2:21 PM, Jay Ashworth <jra@baylink.com> wrote:
This will be my first time in Sonicwall territory. I'm assuming this thing will (effectively) *be* my edge router; does it support netflow, as has been being discussed in the recent thread?
I'm likely going to have 100M from L3, with FiOS/150 and Roadrunner/50 for backup/load bal; I don't think this will be a BGP application. :-)
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
JRA, If you have questions contact me off list. I would shoot for a little higher device to support that bandwidth if you are going to be enabling Services at all. Also if you use services, make sure they are enabled only on 1 zone as to not double scan traffic. Also I would skip the DPI-SSL services for now, as they are extremely throughput intensive. The company I work for manages a few hundred Sonicwalls, some of them in a pretty complex setup. SonicWall netflow is a little unique, they have a GUI feature called APPFlow which makes it pretty easy to trim down to watch exactly what you need (once you get the hang of it). Some of the additional free features make the SonicWall very nice. The SSLVPN portal is very handy for remote troubleshooting. You can bind it to a VLAN interface with private addresses for management purposes as well as remote access. Careful though, they can either be a beast, or a joy to manage depending on how you set it up. If you want to do entirely CLI management on the SonicWall, be prepared for a headache. Everything is case sensitive, and not the cleanest. If you build quick templates in your favorite text editor, it can be very simple to manage this way. SonicWall is pushing 5.8.1.4 firmwares to all of the partners as far as I know (maybe to everyone) if you call in with an issue. Check the caveats though, we have a few conflicts related to VPN stuff as well as dynamic routing a few places. Blake -----Original Message----- From: Jay Mitchell [mailto:jay@miscreant.org] Sent: Tuesday, February 14, 2012 3:59 AM To: Jay Ashworth Cc: NANOG Subject: Re: Sonicwall 3500/netflow According to the spec sheet it does, haven't had the opportunity to play with one to comment any further though. http://www.sonicwall.com/us/products/NSA_3500.html#tab=specifications --jay On 14/02/2012, at 2:21 PM, Jay Ashworth <jra@baylink.com> wrote:
This will be my first time in Sonicwall territory. I'm assuming this thing will (effectively) *be* my edge router; does it support netflow, as has been being discussed in the recent thread?
I'm likely going to have 100M from L3, with FiOS/150 and Roadrunner/50 for backup/load bal; I don't think this will be a BGP application. :-)
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
I've been using 5.8 with no problems thus far. As for the CLI, yes it is CLUNKY. But they are completely revamping it, it will be very similar to Cisco in the near future...
From: blake@pfankuch.me To: jay@miscreant.org; jra@baylink.com Subject: RE: Sonicwall 3500/netflow Date: Tue, 14 Feb 2012 14:40:40 +0000 CC: nanog@nanog.org
JRA, If you have questions contact me off list. I would shoot for a little higher device to support that bandwidth if you are going to be enabling Services at all. Also if you use services, make sure they are enabled only on 1 zone as to not double scan traffic. Also I would skip the DPI-SSL services for now, as they are extremely throughput intensive. The company I work for manages a few hundred Sonicwalls, some of them in a pretty complex setup.. SonicWall netflow is a little unique, they have a GUI feature called APPFlow which makes it pretty easy to trim down to watch exactly what you need (once you get the hang of it). Some of the additional free features make the SonicWall very nice. The SSLVPN portal is very handy for remote troubleshooting. You can bind it to a VLAN interface with private addresses for management purposes as well as remote access.
Careful though, they can either be a beast, or a joy to manage depending on how you set it up.
If you want to do entirely CLI management on the SonicWall, be prepared for a headache. Everything is case sensitive, and not the cleanest. If you build quick templates in your favorite text editor, it can be very simple to manage this way.
SonicWall is pushing 5.8.1.4 firmwares to all of the partners as far as I know (maybe to everyone) if you call in with an issue. Check the caveats though, we have a few conflicts related to VPN stuff as well as dynamic routing a few places.
Blake
-----Original Message----- From: Jay Mitchell [mailto:jay@miscreant.org] Sent: Tuesday, February 14, 2012 3:59 AM To: Jay Ashworth Cc: NANOG Subject: Re: Sonicwall 3500/netflow
According to the spec sheet it does, haven't had the opportunity to play with one to comment any further though.
http://www.sonicwall.com/us/products/NSA_3500.html#tab=specifications
--jay
On 14/02/2012, at 2:21 PM, Jay Ashworth <jra@baylink.com> wrote:
This will be my first time in Sonicwall territory. I'm assuming this thing will (effectively) *be* my edge router; does it support netflow, as has been being discussed in the recent thread?
I'm likely going to have 100M from L3, with FiOS/150 and Roadrunner/50 for backup/load bal; I don't think this will be a BGP application. :-)
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
-----Original Message----- From: Brandon Kim [mailto:brandon.kim@brandontek.com] Sent: 14 February 2012 15:51 To: blake@pfankuch.me; jay@miscreant.org; jra@baylink.com Cc: nanog group Subject: RE: Sonicwall 3500/netflow
I've been using 5.8 with no problems thus far. As for the CLI, yes it is CLUNKY.
But they are completely revamping it, it will be very similar to Cisco in the near future...
Why do people like to base their CLIs on the really rather awful Cisco style interface rather than something with some more structure like Juniper? -- Leigh Porter ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________
Never messed around with Juniper....
From: leigh.porter@ukbroadband.com To: brandon.kim@brandontek.com; blake@pfankuch.me; jay@miscreant.org; jra@baylink.com CC: nanog@nanog.org Subject: RE: Sonicwall 3500/netflow Date: Tue, 14 Feb 2012 15:53:43 +0000
-----Original Message----- From: Brandon Kim [mailto:brandon.kim@brandontek.com] Sent: 14 February 2012 15:51 To: blake@pfankuch.me; jay@miscreant.org; jra@baylink.com Cc: nanog group Subject: RE: Sonicwall 3500/netflow
I've been using 5.8 with no problems thus far. As for the CLI, yes it is CLUNKY.
But they are completely revamping it, it will be very similar to Cisco in the near future...
Why do people like to base their CLIs on the really rather awful Cisco style interface rather than something with some more structure like Juniper?
-- Leigh Porter
______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________
I would be happy if it was Juniper or Cisco ish. Right now it's just total crap :) From: brandon.j.kim@live.com [mailto:brandon.j.kim@live.com] On Behalf Of Brandon Kim Sent: Tuesday, February 14, 2012 9:14 AM To: leigh.porter@ukbroadband.com; Blake Pfankuch; jay@miscreant.org; jra@baylink.com Cc: nanog group Subject: RE: Sonicwall 3500/netflow Never messed around with Juniper....
From: leigh.porter@ukbroadband.com<mailto:leigh.porter@ukbroadband.com> To: brandon.kim@brandontek.com<mailto:brandon.kim@brandontek.com>; blake@pfankuch.me<mailto:blake@pfankuch.me>; jay@miscreant.org<mailto:jay@miscreant.org>; jra@baylink.com<mailto:jra@baylink.com> CC: nanog@nanog.org<mailto:nanog@nanog.org> Subject: RE: Sonicwall 3500/netflow Date: Tue, 14 Feb 2012 15:53:43 +0000
-----Original Message----- From: Brandon Kim [mailto:brandon.kim@brandontek.com]<mailto:[mailto:brandon.kim@brandontek.com]> Sent: 14 February 2012 15:51 To: blake@pfankuch.me<mailto:blake@pfankuch.me>; jay@miscreant.org<mailto:jay@miscreant.org>; jra@baylink.com<mailto:jra@baylink.com> Cc: nanog group Subject: RE: Sonicwall 3500/netflow
I've been using 5.8 with no problems thus far. As for the CLI, yes it is CLUNKY.
But they are completely revamping it, it will be very similar to Cisco in the near future...
Why do people like to base their CLIs on the really rather awful Cisco style interface rather than something with some more structure like Juniper?
-- Leigh Porter
______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________
participants (5)
-
Blake Pfankuch
-
Brandon Kim
-
Jay Ashworth
-
Jay Mitchell
-
Leigh Porter