SonicWall NSa Room for Improvement
In terms of improvement, they should consider changing the logic of how the rules are created. Everything is spread out into multiple pockets, so to speak; it should be more condensed. The technology is sound; I am not saying that it's brilliant, but it is very sound for most mid-range uses — it does a fantastic job.
They should consider upgrading the capabilities within the GUI. The way the GUI is configured for creating rules, I would say they should consider making that a bit more flexible. That would really help a lot.View full review »
SonicWall has weaknesses. During its tenure with Dell, it was severely damaged (its reputation, innovation, etc.). It is now recovering, but it may take time to get competitive again. They are clueless in some regards, which is unfortunate as they have the potential.
CPU: The CPUs are not able to compete with a similar price point to the Fortinet, WatchGuard, or Palo Alto product. Compare with the need to get 1Gbps throughput with full security (common nowadays), you are looking at NSA 5700.
Wireless: What a disaster this has been historically. The new SonicWall will tell you it has been resolved and improved. It has improved - it actually works now, but performance is substandard. It is a terrible strategy to have a firewall act as an AP controller, in any case. Perhaps for an SMB, the integrated WiFi in their TZ series has a niche.
Anti-spam: Do not even consider it. It leaks like a shower head. What a mess that offering is. It requires a specific Java version on the server side (do not update it, otherwise it will break). In any case, a firewall doing anti-spam might be a low cost solution, but it is not your best strategy.
Logging/reporting: You need their analyzer to properly generate reports. This is an expensive, licensed feature, with a complex application or appliance back-end.
MSP: They are not ready for managed security services. Their Cloud GMS product is weak, barely out of beta (buggy).
VPN: Site-to-site is another problem area - Client-based VPN is another hot mess. Global VPN client issues and mobile connect issues. Do not even consider NetExtender - probably one of the most horrific, nightmare grade Java-based VPN clients. We have but all given up trying to make it work reliably. If VPN is important for you - look elsewhere. You have to pay for licenses (most competitive vendors include this by default). You will have 4 different methods, 3 different clients, 2 licenses and all of this to have a horrible VPN connectivity. No proper or modern 2FA for additional security. AVOID!
AGSS / ATP: This is poorly implemented. A user will click to download a new type of file, and nothing happens. They have to wait an indeterminate amount of time, and try again to see if it works. It is so annoying, most clients avoid this capability, just nullifying the whole purpose of it.
App Control: Be aware that either due to firmware updates, or bugs - app control will behave poorly (cause packet loss, or outright blocking) with normal and legitimate activities. Resetting and re-configuring it is the work-around (super annoying).
Manager of IT at a healthcare company with 10,001+ employees
There's always room for improvement.
For example, the monitoring system is in need of improvement. Their monitoring system is too expensive. Most of the company doesn't apply the monitoring system as it's too expensive. Some more monitoring features should be built into the firewall device itself.
Management spends a lot of money on the device, and they want to know what is working, et cetera. To understand this, we need some reports, graphs, and figures. Without these items, management may not be convinced they are spending the money in the right way. Having reports that reflect the work done to keep the network secure would show the benefits and the ROI in a positive way that would help sell management on the product itself.
The ongoing service fees are high.
The solution could use more online educational tools to help users understand the underlying functionality of the product. Things like videos and tutorials could help a lot.
Systems network admin at a educational organization with 10,001+ employees
We're not happy with the device itself. We're obviously moving away from it for a reason that they're a Swiss pocket-knife of devices and they do a lot. However, nothing is really done well. They don't specialize in one thing that they excel at. They try instead to do almost everything and end up failing.
We're not particularly fond of the way it generally performs. We are finding ourselves rebooting often. There are freeze-ups and that kind of thing. The stability needs to improve exponentially.
Technical support is pretty slow to respond and escalate matters.
The cost of the solution is quite high.
The solution could use an invisible DPI-SSL or something that doesn't require a certificate rewrite. Most of the other vendors are doing that now.
The SSL VPN performance-wise is terrible.View full review »
Network Administrator at a healthcare company with 201-500 employees
It's not as easy to use, as, for example, Palo Alto.
Some of the configurations could be better.View full review »
Manager with 51-200 employees
The product has a lot of bugs, actually. We are facing some issues with this product. The DPI SSL feature which is there, it is not working properly.
The IRL, when it was installed, had us facing some issues. However, as they kept on uploading the images, the issues are starting to get fixed.
They already have this feature of advanced capture, set rotation, and so it is a next-generation firewall only. They could improve on their software side. Their software, which is managing the hardware, it's not up to the mark.View full review »
Director Comercial at a tech services company with 201-500 employees
I would like to have a built-in vulnerability scanner in the firewall. It would be great to have such functionality. Its price could also be better.
It would also be good to have a local warehouse. It doesn't get damaged a lot, but if a customer needs a replacement, currently, it has to come from Miami or Mexico, which can take a few days. It would be better if they have a local warehouse from where we can just pick replacements and quickly solve a client's needs in terms of replacing equipment. It would be great to have it locally instead of waiting for it from Mexico or the USA.View full review »
Director of IT at a consultancy with 11-50 employees
Currently, I just have the basic modules turned on. I'd love to see how it works in terms of preventing more malware from getting through.
We still get phishing emails that manage to come through from time to time.
The solution could use a bit more security.
We had issues with the VPN tunnel between two sites. It wouldn't stay up. That was a problem for us. They need to fix it if they find it happens across the board to other customers.View full review »
President at a tech services company with 1-10 employees
The Fortinet Firewall is not the easiest firewall to maintain, nor is to set up and configure. Checkpoint and Sonos are much easier.
SonicWall, from my point of view is the same category as Fortinet. Checkpoint and Sonos are easier to use, but they don't have as many features as SonicWall.
You can do zero-trust networking with SonicWall, but it's not easy. Also, their desktop anti-virus sucks.View full review »
IT Head at a construction company with 51-200 employees
Because this is an old device, the throughput needs to improve. Right now, the only problem is that since it eight years devices had to keep up with the latest technology. Most of the devices are now linked to the plants. That is one thing that can be improved.
We also need to increase the throughput because the other devices are slower. The throughput will become slow. Since we're using VoIP, it tends to affect the voice quality. Even if you're using a quality service, it tends to decrease.
We're going to replace them. Since this is already eight years old, so we're going to replace the hardware but with a different brand.View full review »
The reporting solution from SonicWall is not the greatest. We have more than two firewalls and I expected we'd get more information from the reporting than we actually do. That area could definitely be improved. I've seen a couple of features on the firewall that I don't have use for because we're not a huge company, we're a 200-user company. The reporting feature is there, it would be nice if it was more detailed.
The firewall itself has the reporting tool. Obviously, it's not as complete as the solution that they want to sell because they provide it for free. It means that you need to get the software separately in order to get a better understanding of what's going on in your firewall. A good additional feature would be improvement on the firewall reporting feature without needing extra software or extra expense.
Cybersecurity Engineer at a comms service provider with 51-200 employees
Sometimes I found the GUI and some of the features a little bit hard to navigate, as opposed to Fortigate, which is much more user-friendly.
What Fortigate has which SonicWall doesn't, is the per rule natting. SonicWall only does the central mapping. If they could include something like per rule natting it would be better.
The number of concurrent VPN users is too limited.
SonicWall does not support DynDNS, yet this is an important feature for smaller companies that do not have a static IP address. It means that if the IP address changes then it would automatically be picked up by the firewall and it will assist with site-to-site VPN connections.View full review »
IT Manager at a educational organization with 51-200 employees
It doesn't require much improvement. The only improvement area is that cloud reporting, assessment reporting, and other reporting features should be available with the subscription. They should provide reporting features with the subscription base, which is currently not there. We bought the reporting tool, but there are some complications. They have made some changes to the application, and now the reporting management is completely on the cloud.View full review »
It would be amazing if all of the ports on the throughput devices were 10 gig or 100 gig. That would make it so much easier for me to designate 10 gigs throughout the whole network. Right now, with SonicWall NSa, I'm doing designations like "use 10 gigs through the whole network until you hit firewall." In that case, all of the traffic that has firewall enabled on it drops to one gig.
That causes issues with throughput, especially when you're talking about data stores and Ice Guzzy, or when you're splitting things out with VLANs.
MAC address filtering on the VPN and on the firewall itself would be a good thing to add as well. If it's there, I don't know where it is.
Automation would also be good.
The implementation for VLANs is a little bit cumbersome. It would be good to make that a little bit easier.View full review »
The content filter needs to be improved. I would also like to see better application filtering.
When we are troubleshooting problems, we find that the logs we see are not sufficient. It makes it difficult to find out what the main issue is. It means that we have to search further or perform another test to see what happened.
Technical support is in need of improvement.View full review »
It would be useful to have an application firewall that prevents the outside world from seeing your private IPs. You don't need to publicize your private IPs to the outside world, and you can create a barrier, like a proxy server.
IT Security Analyst at a outsourcing company with 51-200 employees
It would help us a lot of SonicWall sent us more information about the latest updates and things that are changing.
I would like to have the capability for full active-active mode.View full review »
Solutions Architect at a tech services company with 51-200 employees
Having to deal with too many lower-level people in technical support means that it takes longer to resolve issues, so escalating support tickets should be faster.View full review »
IT Manager at a insurance company with 51-200 employees
The reporting and monitoring are a bit complex and should be easier in SonicWall NSa because other firewalls I have experienced have been more simple, such as Palo Alto. We are able to receive a clear view of our network. As a general user with little experience, it would be difficult for them to handle.View full review »
I am a technical engineer, I have complete knowledge of SonicWall. I can do all of the configurations for the firewall. We are a service-based company and I handle the different solutions. If they need any requirement or they any action on the firewall then I can do that myself.
The only thing that needs improvement is the VPN because we need to pay to connect the points.View full review »
The content ID needs to be improved. If I compare it with Palo Alto, there are more features in Palo Alto that are not included in SonicWall. For example, PDoS is not available in the current version, that I could find.
They do have DLP and Host protection, but not PDoS.
Also, the IPS and the UTM need to be improved.
I haven't found anything regarding the IoT security in the device security on SonicWall.View full review »
NOC Manager at a tech services company with 51-200 employees
Currently, the only issue that has been experienced is with expansion.
The model that we are using cannot expand very well, and the firewall is not able to handle all of them.
They could add some more features.
The current version does not have a duo power interface. It only has a single power interface, which has limitations in terms of high availability. Duo Power is a good feature to have.
The interface is an area that can be improved.View full review »
Owner at it logic
The pricing for this product in India is high and the fees should be reduced.
The visual process needs improvement.
Because of the price, our customers prefer PSA. The price is what needs to be addressed in the next release, it's the only that that matters.
I would rate this solution a five out of ten.
Senior Manager Information Technology Infrastructure at a wholesaler/distributor with 1,001-5,000 employees
Initially, it may be difficult for some people to learn and become acquainted with it. I have been using it for a long time and find it straightforward to use.View full review »
The reporting feature could be better because most of the companies want to have the analytics included, which is something that you have to buy separately.View full review »
Principal Associate - CloudOps at a tech services company with 10,001+ employees
The product likely isn't a good fit for a large organization.
They need to elaborate on their business from a technical point of view.View full review »
Project Specialist at integra software
Vendor support needs improvement. The frequency of time and support should be increased.
From a vendor perspective, we were expecting more support.
When we experience a technical issue, it should be rectified immediately. We are facing a delay with response and resolution.View full review »
CISO at a manufacturing company with 10,001+ employees
The scalability is something that should be improved.View full review »
ICT Consultant at a tech services company with 11-50 employees
I would like to see better integration, the easy of bandwidth monitoring.
IT Manager at a manufacturing company with 51-200 employees
Over time, this solution is becoming more complicated, and when I need support it often is not available. I would like U.S.-based technical support.
VPN functionality needs to be improved. As it is now, I need to combine another SSL VPN with my firewall. I want it to be done very easily.View full review »
There are a few areas that need improvement including the VPN, user management, and reporting.View full review »
The logging, reporting, and storage capacity size could improve in a future release.View full review »
Owner/Founder at team one consulting
The filter settings are confusing and overly complicated. The user interface can be improved.View full review »
Creative Head/Director at a marketing services firm with 1-10 employees
In terms of improvement, features like App Control do not work properly.View full review »