What needs improvement with SonicWall NSa?

Certain features like SD-WAN are sometimes confusing to configure. One important feature that should be provided by default is SSL VPN, without needing a separate license.

My company can't connect directly with SonicWall's support team, making it an area where improvements are required.

Live tracking of packets could be improved because there are some URLs or payment URLs that we need to block.

It could be improved in the reporting format. The way their analysis software is working, they need to improve their reporting. Second, I think they need to improve their security at the endpoint level, in the SD-WAN area. Apart from this, the main drawbacks are their support and hardware failure. In our last four to five years with the NSa 3600, we have faced hardware failure two to three times. Even though they replaced the hardware, we still faced the issue.

The tool needs to improve its reporting features.

The dashboard must be improved. The product should enable alerts. When hackers compromise our websites and applications, it will help us alert our staff and network administrators.

SonicWall needs to work on SD-WAN. It's a very good technology, and they have started, but they need to catch up. SonicWall is very strong in SSL VPN. Nobody can compare to their VPN feature software. Threat detection is getting better, and they should continue to develop their SD-WAN capabilities.

The product could expand its throughput capacity.

The web interface administration of SonicWall NSa could be improved. Compared to Sophos and FortiGate, making rules is easier with those systems.

The scope of management must be improved. The scope of what users can do with the product must be improved. The product must enable integration with endpoint protection tools.

One issue with the solution is that no authorization or authentication features exist. We have to use another software, which should be built for authentication. Other than that, it's become difficult to get the best price from SonicWall.

SonicWall NSa's reporting could be improved.

The support is severely lacking with very slow response times. There are latency issues with this solution. I'd like to see improved performance and an updated dashboard.

When it comes to security I think all of the features are currently open to improvement.

I do not see any specific areas that need improvement. The solution can be a bit expensive.

The user interface could be better.

The cost could be lower. There could also be more flexibility for smaller companies. The cost to maintain SonicWall is quite high. After updating the firmware, sometimes the solution stops working. I had to do a factory reset and reconfiguration to solve the problem.

The detection of malware can improve in SonicWall NSa.

An area for improvement would be SonicWall NSa's integration with antiviruses. In the next release, SonicWall should include a wireless solution so we can implement the firewall in our networks and for wireless users and access points.

The dynamics needs to be improved. The solution is not very compatible compared to the market products.

I can't speak to any missing features. They've recently released a new version and it's quite good. Right now, it's the best solution. I'd like to see integration with Microsoft 365 for authentication.

We have security as a service, and they make recommendations about adding to the denylist and other things. That part could be more accessible and more user-friendly. I'd like to see SonicWall add a user-friendly interface where our internal team can drag and drop everything. We get the IOCs from the security companies, so these things can be filtered and blocked at the gateway level. They could add a feature where our team uploads the IOCs in an Excel spreadsheet instead of entering them in one at a time.

Overall, I'm quite happy about the product. The configuration and the interface are very good. Maybe the pricing and licensing could be improved. It is not scalable. If your enterprise is growing hard then you have to buy another, bigger product. Maybe if you use it virtually it is more scalable.

I am a technical engineer, I have complete knowledge of SonicWall. I can do all of the configurations for the firewall. We are a service-based company and I handle the different solutions. If they need any requirement or they any action on the firewall then I can do that myself. The only thing that needs improvement is the VPN because we need to pay to connect the points.

There's always room for improvement. For example, the monitoring system is in need of improvement. Their monitoring system is too expensive. Most of the company doesn't apply the monitoring system as it's too expensive. Some more monitoring features should be built into the firewall device itself. Management spends a lot of money on the device, and they want to know what is working, et cetera. To understand this, we need some reports, graphs, and figures. Without these items, management may not be convinced they are spending the money in the right way. Having reports that reflect the work done to keep the network secure would show the benefits and the ROI in a positive way that would help sell management on the product itself. The ongoing service fees are high. The solution could use more online educational tools to help users understand the underlying functionality of the product. Things like videos and tutorials could help a lot.

In terms of improvement, features like App Control do not work properly.

The reporting and monitoring are a bit complex and should be easier in SonicWall NSa because other firewalls I have experienced have been more simple, such as Palo Alto. We are able to receive a clear view of our network. As a general user with little experience, it would be difficult for them to handle.

I would like to see better integration, the easy of bandwidth monitoring.

Currently, the only issue that has been experienced is with expansion. The model that we are using cannot expand very well, and the firewall is not able to handle all of them. They could add some more features. The current version does not have a duo power interface. It only has a single power interface, which has limitations in terms of high availability. Duo Power is a good feature to have. The interface is an area that can be improved.

The product likely isn't a good fit for a large organization. They need to elaborate on their business from a technical point of view.

Sometimes I found the GUI and some of the features a little bit hard to navigate, as opposed to Fortigate, which is much more user-friendly. What Fortigate has which SonicWall doesn't, is the per rule natting. SonicWall only does the central mapping. If they could include something like per rule natting it would be better.

We're not happy with the device itself. We're obviously moving away from it for a reason that they're a Swiss pocket-knife of devices and they do a lot. However, nothing is really done well. They don't specialize in one thing that they excel at. They try instead to do almost everything and end up failing. We're not particularly fond of the way it generally performs. We are finding ourselves rebooting often. There are freeze-ups and that kind of thing. The stability needs to improve exponentially. Technical support is pretty slow to respond and escalate matters. The cost of the solution is quite high. The solution could use an invisible DPI-SSL or something that doesn't require a certificate rewrite. Most of the other vendors are doing that now. The SSL VPN performance-wise is terrible.

It's not as easy to use, as, for example, Palo Alto. Some of the configurations could be better.

It would be amazing if all of the ports on the throughput devices were 10 gig or 100 gig. That would make it so much easier for me to designate 10 gigs throughout the whole network. Right now, with SonicWall NSa, I'm doing designations like "use 10 gigs through the whole network until you hit firewall." In that case, all of the traffic that has firewall enabled on it drops to one gig. That causes issues with throughput, especially when you're talking about data stores and Ice Guzzy, or when you're splitting things out with VLANs. MAC address filtering on the VPN and on the firewall itself would be a good thing to add as well. If it's there, I don't know where it is. Automation would also be good. The implementation for VLANs is a little bit cumbersome. It would be good to make that a little bit easier.

The content ID needs to be improved. If I compare it with Palo Alto, there are more features in Palo Alto that are not included in SonicWall. For example, PDoS is not available in the current version, that I could find. They do have DLP and Host protection, but not PDoS. Also, the IPS and the UTM need to be improved. I haven't found anything regarding the IoT security in the device security on SonicWall.

I would like to have a built-in vulnerability scanner in the firewall. It would be great to have such functionality. Its price could also be better. It would also be good to have a local warehouse. It doesn't get damaged a lot, but if a customer needs a replacement, currently, it has to come from Miami or Mexico, which can take a few days. It would be better if they have a local warehouse from where we can just pick replacements and quickly solve a client's needs in terms of replacing equipment. It would be great to have it locally instead of waiting for it from Mexico or the USA.

It would be useful to have an application firewall that prevents the outside world from seeing your private IPs. You don't need to publicize your private IPs to the outside world, and you can create a barrier, like a proxy server.

It doesn't require much improvement. The only improvement area is that cloud reporting, assessment reporting, and other reporting features should be available with the subscription. They should provide reporting features with the subscription base, which is currently not there. We bought the reporting tool, but there are some complications. They have made some changes to the application, and now the reporting management is completely on the cloud.

The reporting feature could be better because most of the companies want to have the analytics included, which is something that you have to buy separately.

The content filter needs to be improved. I would also like to see better application filtering. When we are troubleshooting problems, we find that the logs we see are not sufficient. It makes it difficult to find out what the main issue is. It means that we have to search further or perform another test to see what happened. Technical support is in need of improvement.

The scalability is something that should be improved.

The Fortinet Firewall is not the easiest firewall to maintain, nor is to set up and configure. Checkpoint and Sonos are much easier. SonicWall, from my point of view is the same category as Fortinet. Checkpoint and Sonos are easier to use, but they don't have as many features as SonicWall. You can do zero-trust networking with SonicWall, but it's not easy. Also, their desktop anti-virus sucks.

In terms of improvement, they should consider changing the logic of how the rules are created. Everything is spread out into multiple pockets, so to speak; it should be more condensed. The technology is sound; I am not saying that it's brilliant, but it is very sound for most mid-range uses — it does a fantastic job. They should consider upgrading the capabilities within the GUI. The way the GUI is configured for creating rules, I would say they should consider making that a bit more flexible. That would really help a lot.

Currently, I just have the basic modules turned on. I'd love to see how it works in terms of preventing more malware from getting through. We still get phishing emails that manage to come through from time to time. The solution could use a bit more security. We had issues with the VPN tunnel between two sites. It wouldn't stay up. That was a problem for us. They need to fix it if they find it happens across the board to other customers.

Vendor support needs improvement. The frequency of time and support should be increased. From a vendor perspective, we were expecting more support. When we experience a technical issue, it should be rectified immediately. We are facing a delay with response and resolution.

Initially, it may be difficult for some people to learn and become acquainted with it. I have been using it for a long time and find it straightforward to use.

There are a few areas that need improvement including the VPN, user management, and reporting.

It would help us a lot of SonicWall sent us more information about the latest updates and things that are changing. I would like to have the capability for full active-active mode.

The filter settings are confusing and overly complicated. The user interface can be improved.

The pricing for this product in India is high and the fees should be reduced. The visual process needs improvement. Because of the price, our customers prefer PSA. The price is what needs to be addressed in the next release, it's the only that that matters. I would rate this solution a five out of ten.

The reporting solution from SonicWall is not the greatest. We have more than two firewalls and I expected we'd get more information from the reporting than we actually do. That area could definitely be improved. I've seen a couple of features on the firewall that I don't have use for because we're not a huge company, we're a 200-user company. The reporting feature is there, it would be nice if it was more detailed. The firewall itself has the reporting tool. Obviously, it's not as complete as the solution that they want to sell because they provide it for free. It means that you need to get the software separately in order to get a better understanding of what's going on in your firewall. A good additional feature would be improvement on the firewall reporting feature without needing extra software or extra expense.

Because this is an old device, the throughput needs to improve. Right now, the only problem is that since it eight years devices had to keep up with the latest technology. Most of the devices are now linked to the plants. That is one thing that can be improved. We also need to increase the throughput because the other devices are slower. The throughput will become slow. Since we're using VoIP, it tends to affect the voice quality. Even if you're using a quality service, it tends to decrease. We're going to replace them. Since this is already eight years old, so we're going to replace the hardware but with a different brand.

The number of concurrent VPN users is too limited. SonicWall does not support DynDNS, yet this is an important feature for smaller companies that do not have a static IP address. It means that if the IP address changes then it would automatically be picked up by the firewall and it will assist with site-to-site VPN connections.

Having to deal with too many lower-level people in technical support means that it takes longer to resolve issues, so escalating support tickets should be faster.

The product has a lot of bugs, actually. We are facing some issues with this product. The DPI SSL feature which is there, it is not working properly. The IRL, when it was installed, had us facing some issues. However, as they kept on uploading the images, the issues are starting to get fixed. They already have this feature of advanced capture, set rotation, and so it is a next-generation firewall only. They could improve on their software side. Their software, which is managing the hardware, it's not up to the mark.

Over time, this solution is becoming more complicated, and when I need support it often is not available. I would like U.S.-based technical support. VPN functionality needs to be improved. As it is now, I need to combine another SSL VPN with my firewall. I want it to be done very easily.

The solution was deployed to suit all areas of the company. This product is unable to secure access to endpoints for our external employees. Our next plan will be to deploy a solution for visibility and control of 'shadow IT' applications and also to provide security for accesses outside our company. We plan to use another solution from SonicWall, such as Cloud App Security (CASB), to meet the needs of our external employees.

SonicWall has weaknesses. During its tenure with Dell, it was severely damaged (its reputation, innovation, etc.). It is now recovering, but it may take time to get competitive again. They are clueless in some regards, which is unfortunate as they have the potential. CPU: The CPUs are not able to compete with a similar price point to the Fortinet, WatchGuard, or Palo Alto product. Compare with the need to get 1Gbps throughput with full security (common nowadays), you are looking at NSA 5700. Wireless: What a disaster this has been historically. The new SonicWall will tell you it has been resolved and improved. It has improved - it actually works now, but performance is substandard. It is a terrible strategy to have a firewall act as an AP controller, in any case. Perhaps for an SMB, the integrated WiFi in their TZ series has a niche. Anti-spam: Do not even consider it. It leaks like a shower head. What a mess that offering is. It requires a specific Java version on the server side (do not update it, otherwise it will break). In any case, a firewall doing anti-spam might be a low cost solution, but it is not your best strategy. Logging/reporting: You need their analyzer to properly generate reports. This is an expensive, licensed feature, with a complex application or appliance back-end. MSP: They are not ready for managed security services. Their Cloud GMS product is weak, barely out of beta (buggy). VPN: Site-to-site is another problem area - Client-based VPN is another hot mess. Global VPN client issues and mobile connect issues. Do not even consider NetExtender - probably one of the most horrific, nightmare grade Java-based VPN clients. We have but all given up trying to make it work reliably. If VPN is important for you - look elsewhere. You have to pay for licenses (most competitive vendors include this by default). You will have 4 different methods, 3 different clients, 2 licenses and all of this to have a horrible VPN connectivity. No proper or modern 2FA for additional security. AVOID! AGSS / ATP: This is poorly implemented. A user will click to download a new type of file, and nothing happens. They have to wait an indeterminate amount of time, and try again to see if it works. It is so annoying, most clients avoid this capability, just nullifying the whole purpose of it. App Control: Be aware that either due to firmware updates, or bugs - app control will behave poorly (cause packet loss, or outright blocking) with normal and legitimate activities. Resetting and re-configuring it is the work-around (super annoying).