Slashdot Mirror
Dell Announces Intent To Acquire SonicWALL
New submitter iroc_eater writes with news of an announcement from Dell that it plans to acquire SonicWall, a security services provider.
"SonicWall’s technology detects and protects networks from intrusions and malware attacks, and helps protect data. Dell is buying services and software businesses as the PC market faces competition from smartphones and tablets. Last month, the company hired CA Inc. Chief Executive Officer John Swainson to oversee the software push, and today he said security is an important part of that strategy. 'My goal is to make software a meaningful part of Dell’s overall portfolio, so that means that this is not the last thing you’re going to see from us,' Swainson said."
Why wouldn't you buy a good one? The hotel I stay at for business has a sonicwall firewall, and it isn't the greatest. I can see a lot of vulnerabilities in it; I just don't exploit them.
The only SonicWall device I've ever had to work with had a limit of 10 nodes that could "connect to the internet". The limit was really 10 nodes that could NAT to port 80. Every other port was open. I always figured that if sonic wall didn't care about protecting their licenses why would they care about protecting their networks?
We use a SonicWall appliance at our workplace. Works great. Price is pretty good too. We chose it for its content filtering ability which is pretty stellar compared to other things we saw on the market.
.........I can see a lot of vulnerabilities in it; I just don't exploit them.
Please illuminate us then on these exploitable vulnerabilities.
Says everything you need to know right there.
Like CA, Dell is turning into a place where technology goes to die.
In a previous job, I somehow got onto their sales mailing list while we were demoing their product. Let me tell you, they never give up, and won't take you off the list no matter WHO you talk to! Plus, their product was, well... bad. There's no other way of putting it.
To be fair, half the hotels I've stayed at have had non-working or badly-misconfigured wireless routers. At my last job we had a couple of SonicWALL3060s that worked pretty fucking good, and all of our remote workers had TZ170s, the difference is they were set up by people who knew what the fuck they were doing.
Sounds like a match made in heaven then.
"I use a Mac because I'm just better than you are."
Dell is a truly innovative company with a very interesting approach to manufacturing and sales; their efficient inventory management (with stock never older than a week or so) is pretty impressive. And unlike other big vendors they understand the needs of small and medium businesses and they make it very easy to become a customer (easy financing, good online inventory, etc.).
Their consumer or entry-level products are not as flashy as Apple or as robust as Lenovo but they are very competitive on the price/quality ratio and they came a long way over the last 10 years. For servers nowadays the PowerEdge as pretty much equivalent to the products from other vendors (HP, IBM) but less expensive, and their storage offering is pretty good (Equallogic, Compellent, etc.) with aggressive pricing as well. If I had to build a new data center today they would definitely be in my vendors shortlist.
I think it's a good thing that they move in the software field even if I am not a big fan of the products they acquired so far. If they follow their usual strategy within a few years they will offer a viable, cost-effective alternative to other big vendors. I guess HP is the one that will get squeezed between the expensive, corporate solutions from IBM and the more affordable Dell products.
lucm, indeed.
Now, I won't argue that Sonicwalls are pretty shitty devices, in that they have very limited features and an absolutely abysmal interface. But if you see a Sonicwall that is littered with vulnerabilities, that's a configuration issue, not a fault of the product. I mean, my old company has a Cisco ASA that I could still to this day exploit in 10 different ways to get inside their network, but that certainly doesn't mean that Cisco makes shitty firewalls, it just means that particular firewall is very poorly configured.
To be fair, half the hotels I've stayed at have had non-working or badly-misconfigured wireless routers. At my last job we had a couple of SonicWALL3060s that worked pretty fucking good, and all of our remote workers had TZ170s, the difference is they were set up by people who knew what the fuck they were doing.
What's even better is not using SonicWALL. Instead use a BSD or Linux box that is configured by 'people who knew what the fuck they were doing'. It's must less expensive and doesn't lock you into their shitty firmware.
Have you ever tried to mesh a bunch of SonicWALLs together? (Oops--time to buy more licenses) Have you ever tried to make a change to lots of SonicWALL devices--like update an ACL? (Oops--not easily scriptable) Have you ever tried to install updates to lots of SonicWALL boxes? (Gotta download a blob that's locked against each devices individual key).
SonicWALL is the king of shitty user interfaces, excessively locked-down equipment, expensive 'addons', and hard-to-manage (script) devices.
Do yourself a favor and use *BSD or Linux. If the CLI (and fwbuilder) scares you, use pfSense.
I have dealt with SonicWall Aventail E-series quite a bit. I am very familiar with their system because my companies security products integrate with them(along with Cisco, Juniper, Fortigat, NetScaler,etc..) They are nice robust systems. Their VM version of their product even runs a modified version on Debian. I have heard that the old SonicWall hardware was more orientated to SMB and was not as flexible or feature rich.
I think Dell is smart to acquire SonicWall. It is a good rounding out Dell's networking product portfolio. This give them a good content filtering system and a SSL VPN product.
No good deed goes unpunished.
I really hope Dell took a look at a Sonicwall running in production - they're completely undependable! Real fixer-upper of a purchase.
Nonsense. To mass manage SonicWALLs effectively, you should use their GMS (Global Management System). This makes all the tasks you mentioned EASY. Don't blame SonicWALL because you're not using the right tools.
Sonicwall's products are a mixed bag. On one hand you can get some reliable devices that are easy to use, just limited. Reasonably priced too.
On the other their business model is to use their hardware as an anchor to sell you crapware and expensive subscription services.
Their email marketing is garish and relentless. They also deluge you with postal mail that is damn near designed to trick your AP in to thinking their solicitations are bills. Sleazy stuff.
I understand this being on Yahoo Finance or the like, but this is just a blurb about a corporate acquisition. Just because they're IT companies just really make it geeky or nerdy.
Slashdot shouldn't get into trying to reporting on mergers and acquisitions, but should stick to what it does best: regurgitating the articles I read yesterday on Hacker News, which were then on Reddit 12 hours ago.
The best thing about a boolean is even if you are wrong, you are only off by a bit.
Speaking as someone who's written software for SonicWall devices, I have to both agree and disagree. Yes, SonicWall's products are cludged-together junk made almost entirely by outside vendors.
But also no, SonicWall's products are on par with other vendors. Router/security boxes are ALWAYS cludged-together junk made almost entirely by outside vendors.
The whole industry is a joke.
Nonsense. To mass manage SonicWALLs effectively, you should use their GMS (Global Management System). This makes all the tasks you mentioned EASY. Don't blame SonicWALL because you're not using the right tools.
Yes--at nearly $2,000 for 5 nodes, I think I'll stick with my mass-management system which costs $0/node (cluster ssh, puppet, etc...)
To be fair, half the hotels I've stayed at have had non-working or badly-misconfigured wireless routers. At my last job we had a couple of SonicWALL3060s that worked pretty fucking good, and all of our remote workers had TZ170s, the difference is they were set up by people who knew what the fuck they were doing.
What's even better is not using SonicWALL. Instead use a BSD or Linux box that is configured by 'people who knew what the fuck they were doing'. It's must less expensive and doesn't lock you into their shitty firmware.
Have you ever tried to mesh a bunch of SonicWALLs together? (Oops--time to buy more licenses) Have you ever tried to make a change to lots of SonicWALL devices--like update an ACL? (Oops--not easily scriptable) Have you ever tried to install updates to lots of SonicWALL boxes? (Gotta download a blob that's locked against each devices individual key).
SonicWALL is the king of shitty user interfaces, excessively locked-down equipment, expensive 'addons', and hard-to-manage (script) devices.
Do yourself a favor and use *BSD or Linux. If the CLI (and fwbuilder) scares you, use pfSense.
Obviously you have never used fortigate, 3Com or H3C
Now that I'm thinking of it, does anyone have any suggestions for repurposing that box?
Comment removed based on user account deletion
At least according to the national CVE database, they dont seem to be that bad vulnerability wise. As another poster said, show us these vulnerabilities that you "saw" (what are you, neo? You can "see" the vulnerabilities?)
Ive used pfSense, and in a lot of ways I prefer it over sonicwall.
But youre ignorant if you think it is superior in every way. For one, it is a LOT more buggy, especially when it comes to IPsec VPN (a single cisco client attempting to connect will completely lock up the racoon daemon-- thats REAL secure). For another, the IDS, AV, and filtering options in pfSense are, being generous, "ghetto". Snort is broken every other patch (was in utter shambles until recently), clam-av filtering is mediocre, and theres no integration with the big-boy web filters (like websense).
Theres also the fact that, except under rare circumstances, you can be pretty sure an upgrade isnt going to hose your configuration.
Its nice that its free and does ACTUAL stateful filtering (it will block acks that egress out a different interface than the syn came in on), and that its configuration is a gigantic XML file, but there ARE reasons to use Sonicwall.
And a lot of these problems arent problems with pfSense, but with the state of BSD filtering and daemons. Having issues with IPsec connections to your BSD box? Whoops, theres noone to contact for support (tho pfSense itself does have excellent paid support).
Sounds like a lot of your issues are the plugins on pfSense. So how about the non-plugin version, m0n0wall? Or do you need a kitchen sink with your firewall?
But, if most of the devices you see in the wild are poorly configured, that is a device problem. Mostly a problem with the UI, but the UI is in the device. That is why Cisco dropped the Pix. Nice device, but no one in the target market could actually drive the thing.
Why wouldn't you buy a good one? The hotel I stay at for business has a sonicwall firewall, and it isn't the greatest. I can see a lot of vulnerabilities in it; I just don't exploit them.
Lets look at it this way, Sonicwall is already so bad Dell couldn't screw it up any more.
So glad I dont work on SonicWall's any more, Cisco Pix/ASA and Foritgates are much better to work with.
Calling someone a "hater" only means you can not rationally rebut their argument.
still a better acquisition for dell than intel's buy of mcafee.
The challenge is cost. What I have always looked for is a "security appliance" capable of least two WAN ports for load balancing and fail over. Dial up fail over that was available on some Netgear models was a freakin joke.
So Sonicwall, with its drawbacks, comes in at many many times cheaper in price to get the job done then Cisco and Fortinet. Sonicwall starts at around $270 and gives you a *heck* of a lot more than any consumer level router has by far.
I think Fortinet, at the bottom starts at $1500 the last time I checked?
Sonicwall is not perfect, but is the beginning of prosumer devices. You get what you pay for. Considering that I don't think Sonicwall is all that bad. They are a ton more stable than any Netgear or Linksys/Cisco piece of shit :)
The challenge is cost. What I have always looked for is a "security appliance" capable of least two WAN ports for load balancing and fail over. Dial up fail over that was available on some Netgear models was a freakin joke.
So Sonicwall, with its drawbacks, comes in at many many times cheaper in price to get the job done then Cisco and Fortinet. Sonicwall starts at around $270 and gives you a *heck* of a lot more than any consumer level router has by far.
I think Fortinet, at the bottom starts at $1500 the last time I checked?
Sonicwall is not perfect, but is the beginning of prosumer devices. You get what you pay for. Considering that I don't think Sonicwall is all that bad. They are a ton more stable than any Netgear or Linksys/Cisco piece of shit :)
You can get a Fortigate 60C for $500. I understand a Cisco Pix 501 is about the same
A 60C will run a business up to 50 employees easy, I've got clients using a 60C for 80+ staff with no problems. Fortigate support adds more, but Sonicwall do the same thing. Just try getting a Sonicwall support member to even talk to you without a support contract and without that, they are as useful as a Cheap-o Dlink.
I've had a complete nightmare getting SSL and IPSEC VPN running on Sonicwall, after 4 days of failure and no support from Sonicwall I just installed RRAS on a Windows server. With Fortinet, setting up both SSL and IPSEC is dead easy even without the user guides Fortinet publishes. Realistically, if you require more then an El-cheapo D-link and aren't willing to spend $500 to do it properly you will just end up flushing more then $500 of your time down the drain, especially with Sonicwall.
Calling someone a "hater" only means you can not rationally rebut their argument.
Sure, Mr Troll... Go ahead and perform full UTM (unified threat management) aka reorder and classify, say 500k+ simultaneous connections/flows, and in each, unencode/decompress everything as needed (e.g IMAP->MIME->base64->ZIP->GZIP->EXE) to look for 1M+ virus/malware signatures in every bit of every archive, all at 10 to 40 Gb/s sustained and with couple microseconds latency, with "cludged-together"(sic) off-the-shelf hardware and/or software. Tell me how that works for you.
Dell is blowing over 1B$ (yes, billion$) on that technology. Just sayin'
[captcha: informed]
Changing from m0n0wall to pfsense and back wont fix the issues with the racoon ipsec daemon.