| Saturday, January 15th, 2011 | 12 Comments »

Not much has been blogged about SonicwWALL’s CSSA(Certified Sonicwall Security Administrator) certification program, so I think I’ll take a stab at it!

Last month my company was visited by Sonicwall to take a 2 day course on administering and securing Sonicwall firewalls. Believe it or not, there was no catch, other than having to wake up extremely early in the morning in order to avoid New York City commuting traffic!

I kept a clear mind when going in, not sure what to expect. Will it be hands on? Will it just be theory based? How much knowledge of their firewalls must one have before taking this course?

Well to be fair, the course was based on those who have had very little interaction with their firewalls. My experience with SonicWALL’s firewalls, at the writing of this post, is about 6 months. Granted it’s web-gui based, one probably thinks it’s easy. And for the most part it is. If you know how to configure firewalls in general, they are all the same. The key is understanding how to go about it from Sonicwall’s point-of-view. How to navigate their web interface.

I had been thrown into the fire on day one when starting at my new company 6 months ago. I was sent to troubleshoot a Sonicwall firewall issue, it was a TZ 210 model. Not ever having even seen a TZ-210, I wasn’t sure what to expect. To make the long story short, the web interface was very nice to be honest with you. Very nice icons, clearly laid out. I really admired what they have done with their interface. Being a web guy, I love clean designs. (cough cough, Cisco ASDM/SDM)

Anyways, back to the training. The first day was pretty basic in that we went over the operations and features of the SonicOS 5.6. What to expect from the firewall and just overall general understanding. We also began to configure the firewall using a nifty remote desktop session to our own TZ-210 firewalls. The way it worked was that the firewalls were actually housed in another location, I think the instructor mentioned somewhere in Tennessee?

The second day we went over some more fun features such as:

  • failover/load balancing
  • route based VPN
  • dynamic route based VPN
  • global VPN clients with local and LDAP database
  • SSL VPN with local and LDAP database
  • Gateway Anti-Virus
  • System settings & firmware backup and restore

It was actually quite an educational experience. It’s always nice to receive formal training and fill in the gaps in areas that you may not work with on a daily basis. The instructor really knew his stuff with the SonicOS.

During lab time, because it was hands on, we were able to configure the firewalls for all the above items I mentioned, with our lab partners. It was quite fun!

At the end of the 2nd day, we were given a choice to take the exam on-premise or take it later. But you had to sit in another course if you take it later, so what’s the point? To be honest, I was a bit nervous because, well, does anyone want to fail a Sonicwall exam? Just sayin’……

We had roughly 2 hours to take the exam which was made up of 60 questions.

It took me about one hour and a half to finish this exam! The questions, which may not be technical in the sense of taking a CCNA exam (no subnetting or questions about routing protocols for example)…… The reason it took me so long was that it was all based on understanding how to configure features in the OS. So it was having a solid familiarity with the interface and it’s abilities.

Can it do this? Can it not? If you only want client VPN’s to receive one login prompt instead of two, what do you have to do?


In conclusion, I am happy to say that I passed. There were many however in the course that did not pass with MANY more years of experience than me. I’m not sure what I would have done if I didn’t pass, so I’m glad I don’t have to think about that right now.

If you’re unsure of taking the exam, go to Sonicwall’s website and look at the CSSA’s course objectives. I won’t list them here as they can change. I think having certifications is a good start, if you look at what Cisco has done with their certfication programs, they are the gold standard IMO. The more educated your users are on your product, the better they will market your products by proxy. And this, is at no cost to the vendor.

Not everyone has the luxury of working on just a single vendor in their daily workplace. My experience is with mostly with Cisco and Sonicwalls. Most of our customers use Sonicwalls for their ease of installation and configuration. One can argue until you’re blue in the face the specs between a TZ-210 and a Cisco ASA 5505.

The point is, at the end of the day, customers don’t really care all that much what product you implement, as long as it WORKS and is cost efficient. As long as they don’t have to think about it. It’s a business decision on both the customer and the provider. Do you implement a Cisco ASA if only one engineer knows it? How will your other engineers support this client if that engineer leaves or is out sick? You have to step a little bit out of your shoe and think from a business standpoint.

Having 10 engineers who know how to configure Sonicwalls is a better business decision than having 1 guy that knows Cisco ASA’s. I would be more than happy to implement any Cisco ASA if the customer requests it. I suppose that is what I’m getting at.

I’d be happy to answer any CSSA questions regarding the course, feel free to comment! Thanks for reading! Oh, one more thing, I also plan on adding more blogs in regards to Sonicwall products and configurations, and no, I’m not defecting to Sonicwall from Cisco. LOL!

*If anyone is wondering, that is the actual photo of my course. I appeared too early for my course before anyone else showed up so I took a quick shot of the room.

  • Knwminus

    hey would you suggest the test for anyone who works in a sonicwall environment? Also how much did it cost?

  • Brandon Kim


    I would recommend it, if anything, to shore up your fundamentals. It will help you to be aware of what you know and don’t know. The exam at the end of the course is icing on the cake as you will walk away as a CSSA. I’m sure pricing varies? But I believe they are in the $2,000 – $3,000 range.
    There are more advanced courses from what I hear that are in the works, and I plan to attend those as they become available.

    Thanks for reading!

  • Bryan McKenna

    Hi Brandon,

    Liked your detailed post with regards to the Sonicwall CSSA Course/Cert. I’m booked into do the course in the next few weeks but havn’t had much experience with Sonicwall Firewalls. Do you know what study material I could start reading prior to doing the course and sitting the exam. Also do you know if any practice exams are available for the CSSA?


  • Brandon Kim

    Hi Bryan,

    The good news is that they pretty much start you off from the beginning so you won’t be missing much. In fact, in my course, there were only a handful of individuals that had a lot of experiences with SonicWall’s.
    They are going to cover everything you need and provide an administrator and lab guide to you which I think is extremely valuable.

    So you will come out much better than when you walked in…. I don’t believe there’s much material out there now, I haven’t seen them. But I wouldn’t sweat it, it’s a pretty enjoyable course.

    I would push you to take the exam after the course while the material is fresh in your mind…..

    Hope that helps!

  • Bryan McKenna

    Hi Brandon,

    Thanks for taking the time for the reply. I’ll let you know how I go on the exam :)


  • Richard Snow

    Hey Brandon,
    Good to see this. I have to re-certify after two years and that means taking the test again.
    Agree with what you have said. @Bryan and others – you could look through the SonicOS manual for some detail.
    I see three books on Amazon, but the thing is that they are out of date. A book from 2006 would probably not cover current features like load balancing and SSL VPN. I found the training to be semi vendor neutral, for example they use standard terminology for the most part.

  • Brandon Kim

    I agree, those books on Amazon are old and won’t really help. The exam is pretty fair, I think it favors overall knowledge of the SonicOS with some vendor neutral technical questions. Now I have to warn you though, I did receive questions that were NOT in the training course.
    Each question allows you to make comments so I commented everytime they asked a question that was not taught and not in the curriculum…

    Are you taking the full course or just the exam? Will you be attending the NYC training?

  • Lenard Verde

    I just took the CSSA training course & passed the exam today.  I paid about $1000 but it included the exam fee & a TZ210 appliance.  I use Sonicwall for all my clients and they work well for the SMB.

  • Brandon Kim

    Excellent! Congrats Lenard!

    Did you take the exam in NYC? I really like the TZ 210’s they are small and nifty, but are more than capable for SMB’s.
    If you want to play it safe, the NSA 240’s are good, and NSA 2400’s if you want some more power.

    But I think those TZ 210’s sell like hotcakes for SonicWALL.

  • Pingback: BrandonTek » Blog Archive » Top Ten IT Certs()

  • sreejesh ps

    Dears can i get sonicwall cssa exam preparation tools

  • ahmad syarif

    Hi, im working with sonicwall distributor in malaysia.
    SOnicwall is easy to manage and working fine. Not so much configuration. the downside is only the reporting which is not so detailed.

    i have the hand on training book.If you interested, i can give you with a small fee. Knowledge is power.

© 2018 BrandonTek LLC.