NSM On-Prem vs. NSM SaaS: Which Is Best for You?


SonicWall’s Network Security Manager (NSM) provides centralized management, 360-degree control and unparalleled visibility into network security infrastructures utilizing SonicWall Next-Generation Firewalls (NGFW).

NSM offers two deployment options: on cloud and on-prem. If you’re wondering which is the best fit for your environment, here are some factors to consider:

  • Understanding Your Business Needs: The emergence of cloud computing has allowed companies to shift the management and maintenance of their IT infrastructure to their cloud provider, thereby reducing their operational costs. SonicWall reduces your operational overhead in much the same way by hosting and maintaining the web-based NSM SaaS application on the cloud. NSM SaaS is a scalable, cloud-native offering that’s easy to deploy. It is ideal for the security needs of any business, particularly a small or medium-sized business, that wants to minimize their day-to-day IT costs and offload their operational and deployment challenges to SonicWall. But say you have a well-established IT infrastructure of your own and customization is key for you — for example, a managed security service provider (MSSPs) with a dedicated IT team to deploy, constantly monitor and maintain on-prem systems for clients. In that case, NSM on-prem would be the better choice. This option also offers full control over the scaling of your on-prem system to quickly facilitate on-demand growth.
  • Feature Parity: NSM SaaS and NSM on-prem use a unified code base — meaning you’ll get the same management capabilities on both. In other words, features like device groups, tenant management, user management, templates, commit and auditing workflow, etc., will be the same. But the NSM 2.2 release brings along a few more NSM on-prem-specific security and deployment features:
    • Closed Network Support: A closed network is a private network that is completely shut off from the outside environment and has no internet connectivity. NSM 2.2 helps preserve the privacy and security of closed networks by offering an airgap method for onboarding and licensing SonicWall firewall devices managed by NSM — meaning you won’t have to contact License Manager (LM) or MySonicWall.com (MSW).
    • User Access Controls: You can prevent unauthorized individuals from gaining access to your on-prem environment through enhanced security features. These include account lockout based on number of unsuccessful login attempts, two-factor authentications through Microsoft or Google authenticator apps, whitelisting IP addresses, and so on.
    • High Availability Support: To ensure there is no single point of failure and to provide uninterrupted access to NSM, the NSM 2.2 release lets users associate a secondary node to their primary node with similar settings.
    • Deployment Flexibility: NSM on-prem can now be deployed on Azure, KVM, ESXi and Hyper-V platforms. It requires a minimum system requirement of 16 GB RAM and 4 core CPU.
  • Licensing: Both NSM SaaS and NSM on-prem are based on subscription licensing models. NSM SaaS licensing depends on firewall type and has two available options, NSM Essentials and NSM Advanced. NSM Essentials offers full management capability with seven days of reporting, whereas NSM Advanced contains full management capability with 365 days of reporting and 30 days of Analytics. NSM on-prem licensing is node-based, with a base license of five nodes and add-on licenses. Currently, NSM on-prem has full management capabilities only. On-prem Analytics can be used as an add-on license for data reporting and analytics.

In summary, NSM on-prem is ideal for deployments requiring tighter system and data security controls, such as a closed network environment. But if you’re looking for on-demand scaling and a modern, cloud-native architecture, NSM SaaS is the best fit for you. Either way, you’ll get everything you need for comprehensive firewall management. And whatever you choose, you can rest assured that SonicWall is committed to providing you with impeccable support and a comprehensive feature set.

Suriti Singh
Product Manager | SonicWall
Suriti Singh is a product manager at SonicWall. Suriti is a University of California MBA graduate with a combined experience of 5 years in software engineering and product management. She specializes in network security, cloud computing and digital transformation.