What needs improvement with SonicWall TZ?

The logs need improvement. SonicWall TZ should include a hard disk to keep log files for at least one week or maybe one month. This feature might be available in greater series but not in the basic product.

The product needs more free SSL VPN user licenses as the current offering is limited. Also, the process for configuring DNAT and port forwarding is complex, requiring multiple policies to be set up, which could be simplified.

I expect to see SD-WAN in the tool's next release. The product should implement a content filtering feature. You need to put an agent on the user's laptop device. It would enforce security policies and block sites even if they were off-site. You can block sites from network sites.

The solution's antivirus checking could be improved so that we can have a deeper inspection of the packets.

The solution must provide more ports.

We encounter issues while generating new reports. We have to buy an extra license for it. There could be a subscription management feature. Along with this, the cost of large-scale firewalls could be reduced. There needs to be flexibility in terms of hardware. We should be able to implement and install external software on hardware, such as VMware or HP servers, etc.

We are currently using a 54.1 version, which, when compared to other solutions like FortiGate or Check Point, needs to improve in many aspects. Even the new SonicWall 7.85 is not safe compared to FortiGate. There is a huge difference.

I have no notes for feature improvement. The monitoring could be improved. Pricing could be lowered slightly.

The cost of the solution has room for improvement.

The technical support has room for improvement. We have had some issues that have not been resolved. SonicWall TZ can increase the number of built-in VPN connections. I would like to have 30 VPN connections in the next release.

The products' reporting can be improved. Additionally, the solution can include a way to find the information provided by users.

I would like SonicWall to act as a DNS server to host DNS zones. Our small business clients sometimes have a single DNS server on-premise. If that's the case, we're out of luck. It would be great if we could host DNS on the SonicWall, even as a secondary DNS.

I think content filtering is the area this product should improve. It's a little tricky to get put in correctly.

Though it is not as powerful and as good as the Palo Alto, Check Point, and Juniper firewalls, it is a small firewall and it is actually, highly acceptable for SMB customers where there is not much outflow of internet traffic and users are less in number. They can update or enhance the application signatures. They have that Capture ATP option, which is the sandboxing option there. Other than that, they can enhance the application signature, because, in SonicWall, the signatures of the application are not up-to-date. It is not a big database compared to Palo Alto, or Fortinet. It is slow and it takes time. If you have created zones it automatically creates the access policy for allowing traffic from one zone to another zone. Similarly, if you create a site-to-site tunnel or a remote tunnel, in that case, it will automatically stage the access policy. However, there are options to disable that auto-creation, but if you compare this with the other firewalls, other firewalls don't have that. This is basically one thing that SonicWall TZ can work on so that an unnecessary access policy doesn't get generated in the firewall.

The user interface is a little challenging. It is not something I am familiar with. Things could go much more smoothly if they could be improved. The interface and technical support are probably the two most important things that I would like SonicWall to improve. If the product that they have is to be phased out, there must be an upgrade in technology as well.

The user support could be improved because you have to go outside to get that kind of support.

In terms of what could be improved. That is a very good question. Maybe the price could be lower. That is the only thing. Otherwise, it is really a very good product with really good performance. The only thing is maybe to lower the price a little bit - but it's not a complaint. I don't have complaints with SonicWall. SonicWall is really a very complete product.

The price could be better for us in Bolivia.

The areas we would like to see improvement include more features available similar to the equivalent FortiGate appliance, e.g. SSL encryption and inspection. Two-factor authentication capability would be another additional feature that could be included in the next release.

We have experienced some issues with SonicWall TZ and they are lacking some advanced features other vendors have.

The solution should provide some additional ports. Currently, we have only four to five of these.

The marketing of SonicWall has to be increased. Currently, when it comes to firewalls, most people go for Cisco and Palo Alto. SonicWall should improve its marketing and branding policies to increase sales. Other than that, it is good.

I would like to see more integration with other platforms. The flexibility can also be improved and it could be more user-friendly.

There is a point I don't like about SonicWall in the past and now. Most of the destinations we look at when we're detecting some user using too much bandwidth or something like that, SonicWall just gave us the destination IP address instead of the full qualified domain name. I think that's the most important part that is still missing. I think that's the most important thing for us. The fully qualified domain name is very good flexible information. We can detect issues on each page, so we don't have to wonder a lot about other tools. It would also help if there was a simple way to log in the users, which is one login from Windows Active Directory, without having to deploy patch information or using external tools like SSO.

Its pricing can be better. It is very expensive.

It's a good product, but it's not a next-generation firewall. We are looking for a next-generation firewall and considering Cisco. We require centralized monitoring of the network features, which they have but they are not to the level that we require. The reporting is not good. Also, the historical configuration of the data or backup is not available. To compete in the market, there have to be a lot of improvements. We do not plan to continue using SonicWall TZ. We are looking for a replacement because we need centralized monitoring across the organization. It has been very difficult for us to manage the firewall as it is not managed centrally. This is the main drawback in our current scenario. In the next release, I would like to see better scalability, easier installation, improved reporting, storage configuration, backup, and centralized management with reporting.

The solution doesn't have great scalability. Getting support can be slow. The proxy feature is not so good. They need to work on word filtering and also the SD-WAN. With FortiGate, they provide an NAC solution. They provide FortiClient, which is an advanced feature. SonicWall doesn't provide NAC solutions, and even their SSL VPN client is not advanced.

SonicWall TZ can improve the UI application and when you create any net policies or any new policy, it will not sync or work properly.

Support for SonicWall TZ needs improvement, particularly the time it takes before you're able to speak to a support person, e.g. you have to wait for at least 30 minutes on the phone, and this needs to be improved. This is an affordable solution, but a competitor like Sophos can give SonicWall a run for their money. Sophos and Fortinet are major competitors of SonicWall, and the way they package their solutions, especially Sophos, they're cheaper, so for some customers who aren't technical, they will just run to these competitors because they're cheaper. However, once you explain to the customer that this is the situation, mostly we're able to win the business for SonicWall. An additional feature I'd like to see in the next release of SonicWall TZ is enhanced automation.

SonicWall is very expensive in terms of using it for 500 users. It's very expensive compared to Cisco Meraki. Cisco Meraki is half the price with the same features. Even FortiGate is less expensive than SonicWall. I'd like to see anti-spam included in the standard license. I have to pay more for anti-spam when really it should be the standard feature.

SonicWall has many problems with the reporting analytics. The reporting analytics could be improved, it is very unstable.

In the next release, I would like to see a SonicWall integration with the DLP tool, this would be interesting. Data Loss Prevention integration.

It could probably be more user-friendly, and it could be more scalable with releases and subscriptions.

In terms of what needs to be improved, I would say better load balancing and data filtering. This way we have low utilization of the net from the corporate office to all the branches. This is the connectivity there. The traffic from the HQ to all the branches goes on the low latency so that connectivity is continuous and not dropped. In the next release it should have both the failure and load balancing combined on there. Whenever there is a failure and whenever they are load balancing, it should auto-generate the traffic for any connectivity on there, so it will run smoothly. It should also generate the alert.

I would probably say their GSM or their Sonic Analyzer could be improved. I have always found it difficult to manage and not very intuitive. I'd like to have better visibility of what each endpoint is doing. That's something Meraki has that is very easy to use.

Its reporting can be improved. Currently, we cannot directly get the user names. It only shows the IP, which makes it a bit confusing because we need to use the IP to find the user. If we could directly get the name of the user, it would be better. Its licensing should be improved. We would like to get the reporting part along with the license, without having to purchase it separately. It would be good if they combine both of these. Its scalability can also be improved.

It would be nice if it was more user-friendly. The user interface is a bit difficult to navigate. The technology in this particular version is very old. They have to improve their assistant client application. In this particular SonicWall has a challenge with the SSL client. It provided NetExtender, a client application that is very challenging and is difficult to manage.

We are not receiving the rated throughput that the solution claims. We have noticed our client's internet bandwidth has increased but we are not receiving the throughput that the device is sized for. For example, if I have a device that is rated to handle 400 megabits of throughput, we are not receiving that speed. We are receiving significantly less than that in some cases, this needs to be improved. I do not know if this is still the case with the latest generation of SonicWall's, but we have sixth-generation SonicWall's in use and we are not receiving the rated bandwidth. We have built a host secondary DNS directly on the firewall. For example, If you have a small business environment where you only have one server or you have a remote office location where you do not have any servers, you could use a VPN back to the main office and rely on the internal DNS server. However, you will have no redundancy for DNS. There are two choices, we can either use a public DNS service, which is a mistake because it will not know where the information is on the local network. The active directory is not going to work properly if the resources you want cannot be found. You end up picking between two poor options. You either have no redundancy for DNS or you have redundant DNS where one of them is not the best quality. The whole industry is lacking an alternative. I would like to be able to host a secondary DNS on a firewall appliance, many people need this feature. In an upcoming release, SonicWall could improve by adding cloud management for all devices for free or at a nominal cost. Currently, they have a cloud management platform but is not free. We have the MySonicWall portal for purchasing from them for software updates and renewals.

The log sections could be done more clearly. I would like there to be the ability to manage content filtering on a per-user basis or by using the application as we normally would for all users. Currently, it is applied to a group of users and I do not think it is reliable or performing as good as it should.

It's worked well for us over the years. We don't have any special demands in terms of new features. It has everything we need. Although the pricing is good, it could always be lower. If we get to pay less, we're happier.

The stability could be a lot better. The SonicOS, which we were using, was not that stable. Sometimes it is not performing as expected as per the policies we have set. The log, the logging capabilities, are not so good. For example, the logging for traffic logs was not being stored properly. The logging must support some storage space. If there is a storage device or storage mechanism within it we would be able to get the log easier.

FortiGate has a client DNS in the firewall, but SonicWall doesn't have that. To create or configure a site-to-site VPN tunnel, we have to give a DNS name. Currently, we have to get the DNS name from a third party and then include it in SonicWall, whereas FortiGate has its own client DNS, so it provides a DNS name, and it does not require a third party. There should be a graphical option to view the network utilization and bandwidth usage.

As compared to other firewalls, they should provide an unlimited number of users for the SSL VPN. The VPN that is available in the new version is a bit bulky and slower in speed. It should also be easier to use. The SD-WAN feature should be enhanced, similar to Fortinet FortiGate.

There was one complaint I always had in the past. Years ago, you always had to enable the device. You had to go online to enable the device. You had to connect and do that. That was always a thing in my mind: "Well, why do I have to do that? Why do I have to go outside of my network just to do that?" Now, it seems to be less of an issue. However, that's been something that has frustrated me. It's not fixed. It's still the same. It's just something I live with now. I wish you didn't have to go off your network to connect. I would like the solution to build in more redundancy. I would hope that doesn't come with a price increase, however, it would make the solution that much better.

The GUI interface could be improved. It would make a difference if they could update that.

The user interface could be improved. Another issue is that part of the company strategy is that once the license expires, the company blocks features and things slow down. It would be nice if they would provide a free version for small companies. Most companies here in Brazil either don't have the money or their culture is cost-oriented so they don't make large investments in security. They prefer products which are less expensive such as open, source-based firewalls. Having access to a free version would mean that we could create an awareness within the company about the importance of these solutions. Because of the dollar rate, the product is quite expensive for us, whereas in the States it's affordable to spend a few thousand dollars on a solution.

It could be made more user friendly.

The dashboard needs to be improved. They can work on the GUI part of the solution. Currently, it is a little bit complicated as compared to other competitors. Each uplink is quite a big and complicated sort of tool. Other products, like Checkpoint, are so-so, however, they are better. Fortinet is a good example of one that is very good and easy to use.

We've turned the SSL inspection on, and it is a nightmare. It doesn't mean it doesn't work, but it will turn your world upside down for weeks until you tune it and get it right. That's an across the board problem. It's not just TZ. That's TZ's, NSA's, etc. Wherever you're using their implementation of SSL, where you've got to implement a certificate on every machine. Once you even get past that it's still going to be particular and finicky. Banking sites are driven crazy by it every time we turn it on. It is trying to lock down outbound traffic so tightly that you get to sites that are already very security conscious. It's just a battle to get the traffic through. Intentional traffic, the traffic you want to get through, seems to be a problem. It will stop almost everything. Too much in fact. I understand the concept. It's just a little threatening. We just had a client sign off on a 6650. Then we send them a scope of work for implementing it. We specifically put a note in there in enormous bold type: "Note does not include SSL-DPI implementation". That is additional. The client responded that "That's the one piece I wanted you guys to do. I'm scared of it." He said, "We're scared of it," and I told him, "We're scared of it too." I said, "I don't know how long it's going to take. And it's going to turn your universe upside down for a week to 10 days to maybe two weeks." He said that he heard that this would be the case. My fear is that the client thinks that we'll say it will take four hours and then, when it turns into 40, try to make us give them the submission for free. Even tiny environments, for example, 10 user environments, once you turn it on, you will spend days tuning it. The last one we did took us 22 hours to get it perfect. We learned our lesson. We slotted in four to eight hours to do it and it took us 16 to 20. From a support perspective, if we're talking tech support I think Silver Partners, Gold Partners, Platinum, whatever level, should have a different number to call. End users can call tech support over at SonicWall if they've paid for support as part of their AGSS or whatever services they bought. The end-user can call, or we can call, however, I don't want to be calling the same line that an end user's calling. I don't want the same response time. I need a different level of expertise.

We have been facing issues with reporting. We use to have a free tool for reporting, but now there is a licensing fee.

Not relating to this product specifically, but I think overall the company needs to think more broadly about security continuity across the entire security spectrum and integrate more security options with their solutions, like Cisco is doing. They need identity management products and DNS solutions to really complete the line of security. Because of the whole management system, there could also be improvement to their GMS, which is a system allowing you to manage an entire fleet of their firewalls via a central pane of glass. Today as more organizations as forced to working from home and the security perimeter is now the home, businesses need more affordable and scalable systems to manage and monitor numerous devices, more easily and push out updates through essential platforms.

The pricing is of this solution is high and could be reduced to make it more competitive. The monitoring is a little bit confusing.

Needs more robust self-help documentation along with examples and things to watch out for.

I would like to see lower antivirus pricing. So far I haven't found any situation that I needed anything else added/included.

Full monitoring obviously needs to be improved. We need full monitoring covered under the security licensing. The license should include reporting and monitoring. It shouldn't be an add-on, it should just go along with it. They should also make the monitoring easy to manage. Sometimes we need reports. We need some live monitoring decisions on how it's going down. We should take the live report from the SonicWall itself. I want to display the report under our monitor so I can monitor firewalls outside our area.

I currently have two issues from SonicWall. One issue is that the IP is not the public IP. Sometimes it moves to an alternate source and I have to refresh the new IP then we can proceed.

We would like to improve the rules configuration in SonicWall TZ. Sometimes the rules don't work. We cannot prove that the rules don't work. Maybe they can improve that. Sometimes you write a rule in SonicWall and users are not able to use YouTube, Facebook, or Instagram. Users can see YouTube or Instagram for a while, but five minutes later, they cannot visit the sites. The additional feature I would like to see included in the next release of this solution are analyzers. They can put it in the software, i.e which users are in which sites. We need to see which users are on which sites simultaneously. In this edition, it's hard to see. You can just see the IP address. FortiGate has 40 analyzers. Maybe SonicWall can put it in the license for at least three.

With SonicWall TZ, they should make the interface useful for the user. This needs to happen very soon because now the interface is not sufficient. When I need to apply some features, I get many tasks and too many to create objects.

This product has room for improvement in the cloud version. Also, the support could be better. Otherwise, SonicWall TZ is good for us. The additional feature I would like to see included in the next release of SonicWall is a better analyzer. That would be more helpful. Then people will stay with SonicWall.

In some places, we face problems, especially in the client VPN portion. There are certain places where we are not able to contact. We don't have the lease line, static IP addresses, or dynamic IP addresses. This is an area of concern. Another thing which I don't like about SonicWall is that it tries to bypass the resellers. That is not good. SonicWall suddenly calls the client, goes to them directly. That is not a good thing. They should consider working a bit more on their ransomware application.

There can be an improvement in analysis and reporting. We need enhancement on the reporting side.

I don't have anything that I would say needs improving at the moment. The small business line has less PPS throughput and that's what you're going to lose on when you use WatchGuard. So they need to improve the throughput of the firewall in the small business line. Easy to explain : WatchGuard T70 vs SonicWall TZ600 Firewall Throughput : 4Gbps vs 1.9Gbps Price : 610€ vs 973€

The support for this product has to be improved. With what I use, I don't really require any other features.

I find that the user interface for the product configuration needs improvement. It is not intuitive when you are trying to figure out how to get something done. An additional feature that I would like to see is reporting that includes metrics to give me more information about the number of viruses that it has actually detected and interrupted.

The hardware is outdated and very slow. They are far behind Sophos and even FortiGate when it comes to hardware.

I would like them to make the interface a little bit easier to use so you can find out where in the heck you're going instead of having to go to 15 different places to get something installed.

SonicWall Analyzer needs a different license. It would be good if Analyzer would be part of the stock license, so even if a layperson is getting the device, he or she doesn't forgets about ordering the Analyzer because it's already there. This is what we realized that over the last few months. We tried to pull some analysis, and without the Analyzer, we couldn't. Now, we are in the process of buying the additional license. It would have been better embedded from the beginning.

I'm not an IT guy. What I will say is that the market seems to be going to a cloud-supported, new generation of firewall products. I think that's probably going to be important to us, the next time around.