Cybersecurity Engineer at Networks Unlimited Africa
Real User
2021-05-25T09:33:00Z
May 25, 2021
Sometimes I found the GUI and some of the features a little bit hard to navigate, as opposed to Fortigate, which is much more user-friendly. What Fortigate has which SonicWall doesn't, is the per rule natting. SonicWall only does the central mapping. If they could include something like per rule natting it would be better.
Systems network admin at a educational organization with 10,001+ employees
Real User
2021-04-27T09:04:22Z
Apr 27, 2021
We're not happy with the device itself. We're obviously moving away from it for a reason that they're a Swiss pocket-knife of devices and they do a lot. However, nothing is really done well. They don't specialize in one thing that they excel at. They try instead to do almost everything and end up failing. We're not particularly fond of the way it generally performs. We are finding ourselves rebooting often. There are freeze-ups and that kind of thing. The stability needs to improve exponentially. Technical support is pretty slow to respond and escalate matters. The cost of the solution is quite high. The solution could use an invisible DPI-SSL or something that doesn't require a certificate rewrite. Most of the other vendors are doing that now. The SSL VPN performance-wise is terrible.
Network Security Engineer at a tech services company with 51-200 employees
Real User
2021-03-14T14:07:40Z
Mar 14, 2021
The content ID needs to be improved. If I compare it with Palo Alto, there are more features in Palo Alto that are not included in SonicWall. For example, PDoS is not available in the current version, that I could find. They do have DLP and Host protection, but not PDoS. Also, the IPS and the UTM need to be improved. I haven't found anything regarding the IoT security in the device security on SonicWall.
Director Comercial at a tech services company with 201-500 employees
Real User
2021-03-02T09:34:41Z
Mar 2, 2021
I would like to have a built-in vulnerability scanner in the firewall. It would be great to have such functionality. Its price could also be better. It would also be good to have a local warehouse. It doesn't get damaged a lot, but if a customer needs a replacement, currently, it has to come from Miami or Mexico, which can take a few days. It would be better if they have a local warehouse from where we can just pick replacements and quickly solve a client's needs in terms of replacing equipment. It would be great to have it locally instead of waiting for it from Mexico or the USA.
It would be useful to have an application firewall that prevents the outside world from seeing your private IPs. You don't need to publicize your private IPs to the outside world, and you can create a barrier, like a proxy server.
IT Manager at a educational organization with 51-200 employees
Real User
2021-01-25T13:24:54Z
Jan 25, 2021
It doesn't require much improvement. The only improvement area is that cloud reporting, assessment reporting, and other reporting features should be available with the subscription. They should provide reporting features with the subscription base, which is currently not there. We bought the reporting tool, but there are some complications. They have made some changes to the application, and now the reporting management is completely on the cloud.
The reporting feature could be better because most of the companies want to have the analytics included, which is something that you have to buy separately.
IT and Project Manager at Network Secure El Salvador
Real User
2020-12-10T21:49:01Z
Dec 10, 2020
The content filter needs to be improved. I would also like to see better application filtering. When we are troubleshooting problems, we find that the logs we see are not sufficient. It makes it difficult to find out what the main issue is. It means that we have to search further or perform another test to see what happened. Technical support is in need of improvement.
President at a tech services company with 1-10 employees
Reseller
2020-11-05T20:44:04Z
Nov 5, 2020
The Fortinet Firewall is not the easiest firewall to maintain, nor is to set up and configure. Checkpoint and Sonos are much easier. SonicWall, from my point of view is the same category as Fortinet. Checkpoint and Sonos are easier to use, but they don't have as many features as SonicWall. You can do zero-trust networking with SonicWall, but it's not easy. Also, their desktop anti-virus sucks.
In terms of improvement, they should consider changing the logic of how the rules are created. Everything is spread out into multiple pockets, so to speak; it should be more condensed. The technology is sound; I am not saying that it's brilliant, but it is very sound for most mid-range uses — it does a fantastic job. They should consider upgrading the capabilities within the GUI. The way the GUI is configured for creating rules, I would say they should consider making that a bit more flexible. That would really help a lot.
Director of IT at a consultancy with 11-50 employees
Real User
2020-10-20T04:19:16Z
Oct 20, 2020
Currently, I just have the basic modules turned on. I'd love to see how it works in terms of preventing more malware from getting through. We still get phishing emails that manage to come through from time to time. The solution could use a bit more security. We had issues with the VPN tunnel between two sites. It wouldn't stay up. That was a problem for us. They need to fix it if they find it happens across the board to other customers.
Vendor support needs improvement. The frequency of time and support should be increased. From a vendor perspective, we were expecting more support. When we experience a technical issue, it should be rectified immediately. We are facing a delay with response and resolution.
Senior Manager Information Technology Infrastructure at a wholesaler/distributor with 1,001-5,000 employees
Real User
2020-10-07T07:04:32Z
Oct 7, 2020
Initially, it may be difficult for some people to learn and become acquainted with it. I have been using it for a long time and find it straightforward to use.
IT Security Analyst at a outsourcing company with 51-200 employees
Real User
2020-08-23T08:17:22Z
Aug 23, 2020
It would help us a lot of SonicWall sent us more information about the latest updates and things that are changing. I would like to have the capability for full active-active mode.
The pricing for this product in India is high and the fees should be reduced. The visual process needs improvement. Because of the price, our customers prefer PSA. The price is what needs to be addressed in the next release, it's the only that that matters. I would rate this solution a five out of ten.
Senior Systems Administrator at a manufacturing company with 51-200 employees
Real User
2020-08-19T07:57:33Z
Aug 19, 2020
The reporting solution from SonicWall is not the greatest. We have more than two firewalls and I expected we'd get more information from the reporting than we actually do. That area could definitely be improved. I've seen a couple of features on the firewall that I don't have use for because we're not a huge company, we're a 200-user company. The reporting feature is there, it would be nice if it was more detailed. The firewall itself has the reporting tool. Obviously, it's not as complete as the solution that they want to sell because they provide it for free. It means that you need to get the software separately in order to get a better understanding of what's going on in your firewall. A good additional feature would be improvement on the firewall reporting feature without needing extra software or extra expense.
IT Head at a construction company with 51-200 employees
Real User
2020-07-29T07:45:00Z
Jul 29, 2020
Because this is an old device, the throughput needs to improve. Right now, the only problem is that since it eight years devices had to keep up with the latest technology. Most of the devices are now linked to the plants. That is one thing that can be improved. We also need to increase the throughput because the other devices are slower. The throughput will become slow. Since we're using VoIP, it tends to affect the voice quality. Even if you're using a quality service, it tends to decrease. We're going to replace them. Since this is already eight years old, so we're going to replace the hardware but with a different brand.
The number of concurrent VPN users is too limited. SonicWall does not support DynDNS, yet this is an important feature for smaller companies that do not have a static IP address. It means that if the IP address changes then it would automatically be picked up by the firewall and it will assist with site-to-site VPN connections.
Having to deal with too many lower-level people in technical support means that it takes longer to resolve issues, so escalating support tickets should be faster.
Manager at a manufacturing company with 1,001-5,000 employees
Real User
2020-07-22T08:17:22Z
Jul 22, 2020
The product has a lot of bugs, actually. We are facing some issues with this product. The DPI SSL feature which is there, it is not working properly. The IRL, when it was installed, had us facing some issues. However, as they kept on uploading the images, the issues are starting to get fixed. They already have this feature of advanced capture, set rotation, and so it is a next-generation firewall only. They could improve on their software side. Their software, which is managing the hardware, it's not up to the mark.
IT Manager at a manufacturing company with 51-200 employees
Real User
2020-06-17T10:56:03Z
Jun 17, 2020
Over time, this solution is becoming more complicated, and when I need support it often is not available. I would like U.S.-based technical support. VPN functionality needs to be improved. As it is now, I need to combine another SSL VPN with my firewall. I want it to be done very easily.
Solutions Specialist at a tech services company with 11-50 employees
Real User
2019-07-10T13:04:00Z
Jul 10, 2019
The solution was deployed to suit all areas of the company. This product is unable to secure access to endpoints for our external employees. Our next plan will be to deploy a solution for visibility and control of 'shadow IT' applications and also to provide security for accesses outside our company. We plan to use another solution from SonicWall, such as Cloud App Security (CASB), to meet the needs of our external employees.
* The cloud services may be in need of some improvement. * ADR needs to be added to the portfolio. * Some next-generation features are not included in the product.
Lead Technical Consultant at a tech services company with 11-50 employees
Real User
2018-08-09T07:01:00Z
Aug 9, 2018
The only thing that we would want would be single-pane management, which it has, but the GMS is not very good. It's purely the management of multiple devices for multiple customers, that's the only thing that it's lacking.
After-sales support and hands-on training facilities are poor or not available in my country. Improving these will help users like me optimally manage and administer this solution.
IT Superintendent at a mining and metals company with 11-50 employees
Real User
2018-07-15T09:16:00Z
Jul 15, 2018
The problem primarily with SonicWall is it's a Unix box. And it's all software, all the activities, blocking, censoring, everything has to happen in the software. If you start hitting the box with a lot of sessions it slows down and that's not what I expect from a firewall. I have worked with this box for six months, and it's a daily task to manage this thing. You don't have to always have time to do this. The room for improvement is to step away from the Unix platform. It needs to be a specialized system that manages firewall activity. You don't want to rely on two systems, one being Unix and one being the firewall. Unix is a powerful system, I have no doubts about it. I've set up Unix systems my whole life and they're very powerful. However, when it comes to dedicated tasks it's not suitable. That's Unix. Unix is general. It does everything. And by doing everything, it's not always as powerful as a dedicated system like a hardware solution, like Fortigate.
* Load balance algorithms * Resource usage graphs (throughput, connections, external accesses, and the possibility to export the content of the address object).
Senior IT Consultant at a tech consulting company with 51-200 employees
User
2017-12-13T02:28:00Z
Dec 13, 2017
SonicWall has weaknesses. During its tenure with Dell, it was severely damaged (its reputation, innovation, etc.). It is now recovering, but it may take time to get competitive again. They are clueless in some regards, which is unfortunate as they have the potential. CPU: The CPUs are not able to compete with a similar price point to the Fortinet, WatchGuard, or Palo Alto product. Compare with the need to get 1Gbps throughput with full security (common nowadays), you are looking at NSA 5700. Wireless: What a disaster this has been historically. The new SonicWall will tell you it has been resolved and improved. It has improved - it actually works now, but performance is substandard. It is a terrible strategy to have a firewall act as an AP controller, in any case. Perhaps for an SMB, the integrated WiFi in their TZ series has a niche. Anti-spam: Do not even consider it. It leaks like a shower head. What a mess that offering is. It requires a specific Java version on the server side (do not update it, otherwise it will break). In any case, a firewall doing anti-spam might be a low cost solution, but it is not your best strategy. Logging/reporting: You need their analyzer to properly generate reports. This is an expensive, licensed feature, with a complex application or appliance back-end. MSP: They are not ready for managed security services. Their Cloud GMS product is weak, barely out of beta (buggy). VPN: Site-to-site is another problem area - Client-based VPN is another hot mess. Global VPN client issues and mobile connect issues. Do not even consider NetExtender - probably one of the most horrific, nightmare grade Java-based VPN clients. We have but all given up trying to make it work reliably. If VPN is important for you - look elsewhere. You have to pay for licenses (most competitive vendors include this by default). You will have 4 different methods, 3 different clients, 2 licenses and all of this to have a horrible VPN connectivity. No proper or modern 2FA for additional security. AVOID! AGSS / ATP: This is poorly implemented. A user will click to download a new type of file, and nothing happens. They have to wait an indeterminate amount of time, and try again to see if it works. It is so annoying, most clients avoid this capability, just nullifying the whole purpose of it. App Control: Be aware that either due to firmware updates, or bugs - app control will behave poorly (cause packet loss, or outright blocking) with normal and legitimate activities. Resetting and re-configuring it is the work-around (super annoying).
SonicWall NSa dispenses advanced threat protection using a high-performance security platform. The NSa series implements intuitive deep learning technologies in the SonicWall Capture Cloud Platform to dispatch the automated real-time threat detection and deterrence enterprise organizations need today. SonicWall Network Security appliance (NSa) series is best for mid-sized organizations to distributed enterprises and data centers. SonicWall NSa series next-generation firewalls (NFGWS) combine...
Sometimes I found the GUI and some of the features a little bit hard to navigate, as opposed to Fortigate, which is much more user-friendly. What Fortigate has which SonicWall doesn't, is the per rule natting. SonicWall only does the central mapping. If they could include something like per rule natting it would be better.
We're not happy with the device itself. We're obviously moving away from it for a reason that they're a Swiss pocket-knife of devices and they do a lot. However, nothing is really done well. They don't specialize in one thing that they excel at. They try instead to do almost everything and end up failing. We're not particularly fond of the way it generally performs. We are finding ourselves rebooting often. There are freeze-ups and that kind of thing. The stability needs to improve exponentially. Technical support is pretty slow to respond and escalate matters. The cost of the solution is quite high. The solution could use an invisible DPI-SSL or something that doesn't require a certificate rewrite. Most of the other vendors are doing that now. The SSL VPN performance-wise is terrible.
The content ID needs to be improved. If I compare it with Palo Alto, there are more features in Palo Alto that are not included in SonicWall. For example, PDoS is not available in the current version, that I could find. They do have DLP and Host protection, but not PDoS. Also, the IPS and the UTM need to be improved. I haven't found anything regarding the IoT security in the device security on SonicWall.
I would like to have a built-in vulnerability scanner in the firewall. It would be great to have such functionality. Its price could also be better. It would also be good to have a local warehouse. It doesn't get damaged a lot, but if a customer needs a replacement, currently, it has to come from Miami or Mexico, which can take a few days. It would be better if they have a local warehouse from where we can just pick replacements and quickly solve a client's needs in terms of replacing equipment. It would be great to have it locally instead of waiting for it from Mexico or the USA.
It would be useful to have an application firewall that prevents the outside world from seeing your private IPs. You don't need to publicize your private IPs to the outside world, and you can create a barrier, like a proxy server.
It doesn't require much improvement. The only improvement area is that cloud reporting, assessment reporting, and other reporting features should be available with the subscription. They should provide reporting features with the subscription base, which is currently not there. We bought the reporting tool, but there are some complications. They have made some changes to the application, and now the reporting management is completely on the cloud.
The reporting feature could be better because most of the companies want to have the analytics included, which is something that you have to buy separately.
The content filter needs to be improved. I would also like to see better application filtering. When we are troubleshooting problems, we find that the logs we see are not sufficient. It makes it difficult to find out what the main issue is. It means that we have to search further or perform another test to see what happened. Technical support is in need of improvement.
The scalability is something that should be improved.
The Fortinet Firewall is not the easiest firewall to maintain, nor is to set up and configure. Checkpoint and Sonos are much easier. SonicWall, from my point of view is the same category as Fortinet. Checkpoint and Sonos are easier to use, but they don't have as many features as SonicWall. You can do zero-trust networking with SonicWall, but it's not easy. Also, their desktop anti-virus sucks.
In terms of improvement, they should consider changing the logic of how the rules are created. Everything is spread out into multiple pockets, so to speak; it should be more condensed. The technology is sound; I am not saying that it's brilliant, but it is very sound for most mid-range uses — it does a fantastic job. They should consider upgrading the capabilities within the GUI. The way the GUI is configured for creating rules, I would say they should consider making that a bit more flexible. That would really help a lot.
Currently, I just have the basic modules turned on. I'd love to see how it works in terms of preventing more malware from getting through. We still get phishing emails that manage to come through from time to time. The solution could use a bit more security. We had issues with the VPN tunnel between two sites. It wouldn't stay up. That was a problem for us. They need to fix it if they find it happens across the board to other customers.
Vendor support needs improvement. The frequency of time and support should be increased. From a vendor perspective, we were expecting more support. When we experience a technical issue, it should be rectified immediately. We are facing a delay with response and resolution.
Initially, it may be difficult for some people to learn and become acquainted with it. I have been using it for a long time and find it straightforward to use.
There are a few areas that need improvement including the VPN, user management, and reporting.
It would help us a lot of SonicWall sent us more information about the latest updates and things that are changing. I would like to have the capability for full active-active mode.
The filter settings are confusing and overly complicated. The user interface can be improved.
The pricing for this product in India is high and the fees should be reduced. The visual process needs improvement. Because of the price, our customers prefer PSA. The price is what needs to be addressed in the next release, it's the only that that matters. I would rate this solution a five out of ten.
The reporting solution from SonicWall is not the greatest. We have more than two firewalls and I expected we'd get more information from the reporting than we actually do. That area could definitely be improved. I've seen a couple of features on the firewall that I don't have use for because we're not a huge company, we're a 200-user company. The reporting feature is there, it would be nice if it was more detailed. The firewall itself has the reporting tool. Obviously, it's not as complete as the solution that they want to sell because they provide it for free. It means that you need to get the software separately in order to get a better understanding of what's going on in your firewall. A good additional feature would be improvement on the firewall reporting feature without needing extra software or extra expense.
Because this is an old device, the throughput needs to improve. Right now, the only problem is that since it eight years devices had to keep up with the latest technology. Most of the devices are now linked to the plants. That is one thing that can be improved. We also need to increase the throughput because the other devices are slower. The throughput will become slow. Since we're using VoIP, it tends to affect the voice quality. Even if you're using a quality service, it tends to decrease. We're going to replace them. Since this is already eight years old, so we're going to replace the hardware but with a different brand.
The number of concurrent VPN users is too limited. SonicWall does not support DynDNS, yet this is an important feature for smaller companies that do not have a static IP address. It means that if the IP address changes then it would automatically be picked up by the firewall and it will assist with site-to-site VPN connections.
Having to deal with too many lower-level people in technical support means that it takes longer to resolve issues, so escalating support tickets should be faster.
The product has a lot of bugs, actually. We are facing some issues with this product. The DPI SSL feature which is there, it is not working properly. The IRL, when it was installed, had us facing some issues. However, as they kept on uploading the images, the issues are starting to get fixed. They already have this feature of advanced capture, set rotation, and so it is a next-generation firewall only. They could improve on their software side. Their software, which is managing the hardware, it's not up to the mark.
Over time, this solution is becoming more complicated, and when I need support it often is not available. I would like U.S.-based technical support. VPN functionality needs to be improved. As it is now, I need to combine another SSL VPN with my firewall. I want it to be done very easily.
The solution was deployed to suit all areas of the company. This product is unable to secure access to endpoints for our external employees. Our next plan will be to deploy a solution for visibility and control of 'shadow IT' applications and also to provide security for accesses outside our company. We plan to use another solution from SonicWall, such as Cloud App Security (CASB), to meet the needs of our external employees.
* The cloud services may be in need of some improvement. * ADR needs to be added to the portfolio. * Some next-generation features are not included in the product.
I feel that the SSL VPN client software needs a lot of improvement.
The only thing that we would want would be single-pane management, which it has, but the GMS is not very good. It's purely the management of multiple devices for multiple customers, that's the only thing that it's lacking.
After-sales support and hands-on training facilities are poor or not available in my country. Improving these will help users like me optimally manage and administer this solution.
The problem primarily with SonicWall is it's a Unix box. And it's all software, all the activities, blocking, censoring, everything has to happen in the software. If you start hitting the box with a lot of sessions it slows down and that's not what I expect from a firewall. I have worked with this box for six months, and it's a daily task to manage this thing. You don't have to always have time to do this. The room for improvement is to step away from the Unix platform. It needs to be a specialized system that manages firewall activity. You don't want to rely on two systems, one being Unix and one being the firewall. Unix is a powerful system, I have no doubts about it. I've set up Unix systems my whole life and they're very powerful. However, when it comes to dedicated tasks it's not suitable. That's Unix. Unix is general. It does everything. And by doing everything, it's not always as powerful as a dedicated system like a hardware solution, like Fortigate.
* Load balance algorithms * Resource usage graphs (throughput, connections, external accesses, and the possibility to export the content of the address object).
Port forwarding could use streamlining. Otherwise, once you learn the user interface, the capabilities of the firewall are good.
SonicWall has weaknesses. During its tenure with Dell, it was severely damaged (its reputation, innovation, etc.). It is now recovering, but it may take time to get competitive again. They are clueless in some regards, which is unfortunate as they have the potential. CPU: The CPUs are not able to compete with a similar price point to the Fortinet, WatchGuard, or Palo Alto product. Compare with the need to get 1Gbps throughput with full security (common nowadays), you are looking at NSA 5700. Wireless: What a disaster this has been historically. The new SonicWall will tell you it has been resolved and improved. It has improved - it actually works now, but performance is substandard. It is a terrible strategy to have a firewall act as an AP controller, in any case. Perhaps for an SMB, the integrated WiFi in their TZ series has a niche. Anti-spam: Do not even consider it. It leaks like a shower head. What a mess that offering is. It requires a specific Java version on the server side (do not update it, otherwise it will break). In any case, a firewall doing anti-spam might be a low cost solution, but it is not your best strategy. Logging/reporting: You need their analyzer to properly generate reports. This is an expensive, licensed feature, with a complex application or appliance back-end. MSP: They are not ready for managed security services. Their Cloud GMS product is weak, barely out of beta (buggy). VPN: Site-to-site is another problem area - Client-based VPN is another hot mess. Global VPN client issues and mobile connect issues. Do not even consider NetExtender - probably one of the most horrific, nightmare grade Java-based VPN clients. We have but all given up trying to make it work reliably. If VPN is important for you - look elsewhere. You have to pay for licenses (most competitive vendors include this by default). You will have 4 different methods, 3 different clients, 2 licenses and all of this to have a horrible VPN connectivity. No proper or modern 2FA for additional security. AVOID! AGSS / ATP: This is poorly implemented. A user will click to download a new type of file, and nothing happens. They have to wait an indeterminate amount of time, and try again to see if it works. It is so annoying, most clients avoid this capability, just nullifying the whole purpose of it. App Control: Be aware that either due to firmware updates, or bugs - app control will behave poorly (cause packet loss, or outright blocking) with normal and legitimate activities. Resetting and re-configuring it is the work-around (super annoying).