What needs improvement with Sangfor NGAF?

We will probably invest a little more time into the VDI solution - not specifically for security but for desktop computing VDI solutions.

The tool's support is an area of concern where improvements are required. The support should be available locally, I would say. As of now, I think the tool is moving towards offering local support. I have heard from my previous customer that the support is actually from another region, making it quite hard for them to get in touch with the technical team.

Sangfor’s team directly deals with clients. I feel Sangfor should follow the hierarchy and close deals via resellers instead of closing it all with their own team.

The tool is expensive.

The support for YouTube or the Internet is not enough.

There are some difficulties with the deployment of the LDAP part in Sangfor NDAF, making it an area of concern where improvements are required. The support offered by the product has certain shortcomings where improvements are required. The knowledge levels and response time of the support team need improvement.

Sangfor could improve by providing better real-time reporting, as the current reports don't offer the level of detail we need, especially for runtime insights. We find ourselves relying on other applications for this purpose. While performance is okay for our healthcare setup with 500 desktops, it might need closer consideration for industries like finance with more specific requirements.

The solution should be able to work in a hybrid setup.

The product must provide more IPS features. It should also provide more VPN and security features.

It does not offer any recommendations on how to mitigate or control attacks.

It is a relatively new product in the market, so we are dealing with challenges related to security and malware detection. It will need time to assess its strengths and weaknesses thoroughly. We discovered that the SD-WAN capability is available within this product. It also includes built-in Value-Added Security Technology, which can be cost-effective, but improvements are needed, particularly in enhancing malware detection. Another area for improvement is integrating with other third-party providers' solutions for a more seamless security ecosystem.

Sangfor has recently increased their prices, which is not a good thing. Six months back, the price was very competitive for other principals, but they have increased it now, which is disappointing.

There is room for improvement in dependency on certain infrastructure, like the DNS dependency on the current DNS server that the company has. It should be standalone. It should not depend on any other DNS server.

The reporting and log management could be improved.

An area of improvement for Sangfor NGAF could be in the field of reporting and logging.

The interface and user experience are horrible. To perform simple things, you need to jump between many screens. There is no simplicity, everything is complex. The available information is lacking. I'm struggling to give my coworker information about how to configure. The public information available is too old and hasn't been updated. The solution is not out-of-the-box because it requires a mandatory license. Outside of China, the solution does not offer active-active, virtual domains, or concurrent sessions. The CCB or UTB sessions and BPM channels are very low. The solution is a Chinese product and that side is different from the rest of the world. China has version 8.0.59 but the rest of the world has 8.0.47 only. The solution has very, very slow hardware performance.

I would be happy if Sangfor developed a firewall designed specifically for home use, as well as for small businesses such as clinics and so on. A household version of the Sangfor firewall for your personal computer or laptop would be ideal, in my opinion.

I think the GUI needs to be improved, there are a lot of areas where the panes do not make sense. They have put the NAT in the policy section but at the same time the DPI is in the network pane. The placement of different options in the menu system of this firewall is not that logical and often doesn't make a lot of sense. The operational procedures are a little tricky and require some technical skills. A level one person will have problems. The compatibility needs to be improved.

Sangfor NGAF could improve the policies and default criteria. They could be much better.

The firewall system needs gradual improvements because there are more threats and challenges in the world every day. Sangfor NGAF has a comprehensive database for ransomware and viruses, but when we compare it to other solutions, the price could be more competitive. Since we have a very comprehensive solution with Sangfor NGAF, it is hard to identify any additional features we want to add. It already provides good features for ransomware attacks and data recovery. In the past, we wanted encrypted data for a virus to be recoverable, and Sangfor offered the solution.

Sangfor could improve their interface capacity on the 5100 series model and upgrade their hardware from one gig to 10 gig. This would improve the overall throughput.

For some reason, Sangfor doesn't filter certain websites and applications. It should recognize them and utilize the bandwidth between applications. Also, if we try to block YouTube or Facebook videos, some users will use applications like Syphon for viewing so our bandwidth is still being utilized for non-work purposes. It might detect that somebody is using Syphon, but it cannot be blocked. It's not consistent, sometimes one user can be blocked while another will have access.

An area for improvement would be the number of ports defined on the box. In the next release, I would like them to develop their provisioning stage of enrolling end devices.

I believe that IAM and NGFW need to merge into a single box, instead of there being two separate box solutions.

It would be ideal if the solution offered SD-WAN capabilities. It's not as good as what is offered by Fortinet, for example. They need to increase the number of ports in the firewall. Both Fortinet and Sophos, for example, provide many more than what Sangfor provides.

The web interface needs to be improved, making it more user-friendly.

These days there are lots of breaches and vulnerabilities which you can see if you do some research. Sangfor has similar issues with one or two products where customers have had problems. The company deaks with these things immediately and quickly brings out new firmware to solve the issue so I'm not aware of any deficiency in the solution. If a customer finds a feature lacking, we open a ticket to support and Sangfor comes up with the appropriate new firmware within 10 days. If you were to do the same with other vendors, it would normally take four to five months to get the new feature.

In terms of improvement, it should have integrated consoles. Since we have various products and we need one console that we can use to manage all of the solutions. Sangfor should provide it. It could also be cheaper.

We're still evaluating the program, so there is no guarantee that we will always get this kind of protection. They need to improve their research team and they need to study their data to analyze it and build the product. I think the developers should sit with their clients to understand how they can improve their product. Although it's running very smooth, they need to collect data from their clients to improve the product. Cisco, for example, has forums where you can go and type in your question and get the answer. So the developers of Sangfor needs to get feedback from the users and adapt their product on the basis of that feedback.