In other next-generation firewalls, if you are creating virtual systems, they will create separate hardware resources for different virtual systems. Other products will create a different routing table when we create a routing protocol. In Huawei, the routing table, control plan, and data plan will share the resources.

Every virtual system should have separate resources, routing tables, and hardware resources. We have created multiple segments and virtual systems, and we don't want one segment to communicate with another. The product must divide the virtual firewalls with different utilization systems. The hardware, routing switch, and security bundle should be separate and different.

The solution does not have sandboxing features. It should provide a sandboxing solution. It should also work on zero-day attacks. The solution should be comparable with the products provided by Palo Alto, Check Point, and Cisco.

We are facing some session problems when we are using it in the DC core. Its behavior is abrupt. Sometimes it's working great and sometimes, the session gets stuck, and it would not kill automatically.

You need to restart or reset the firewall, and it'll work for over one or two months. Then it happens again, the session problems. There's something wrong with that version, maybe.

That happens only with the EMC query.

The user interface could be more user-friendly. We need to dig down some major features like SSL VPN and IPsec VPN. We need to dig into the features and then the sub interfaces to configure it for our environment. 

We do see many false positives. Security features are not up to the mark for the enterprise level as yet.

There needs to be more security equipment for the solution. Also, the local support team could be more skilled in resolving the errors.

There are some limitations to the solution. The WAF capability in the Huawei Firewall is missing.

The tool does not have web functionality. It needs to also have high end firewalls. 

The IPS feature must be improved.

One issue is integration. Huawei can't detect Indicators of Compromise (IoC). I can get a lot of information about security, but can't automatically input the EP,  domain URL, and file hashes I get from Hackersworld into my blocklist.

It's a limitation. I have raised this issue with Huawei, but the feature isn't anywhere on the roadmap at the moment. I must manually input the rules, but the firewall has limits on the number of rules you can enter. The firewall hangs once you reach that limit.

It's it a big problem for us, but we are almost able to solve it. We are switching to another solution because Huawei doesn't have the security feature we need on its roadmap.

The solution could be cheaper.

The support could be improved. As we've gone along, we've realized the support is not effective due to the contracts we have. They need to offer more support upfront, no matter what contract you have.

The solution requires a more interactive dashboard. That would make it easier than playing with configurations the way we have to now.

It would be better if upgrading the solution was easier.

The solution needs four-way deployments and dashboard confirmation.

The product should be able to integrate with products like Ansible.

Huawei NGFW should have better reporting and a dashboard for the visibility of traffic. Right now, everyone is looking for dashboards and single-click reporting.

The usage for the data center wasn't that good. It needs to be improved.

The support is not very good.

The documentation needs to be improved. When they retire old models, they also retire the documentation. However, if you are still using an older model, you still need access to that documentation. And yet, they go ahead and removed it. It's gone. You are therefore stuck with a device with no documentation and technical support that isn't very helpful as they also remove support assistance as well. They tend to use this method to force you into upgrading.

However, even in newer models, we've noticed the documentation isn't the best. It's very limited across the board.

With the Huawei firewall, none of the features comes at the top. We found out later that customer support is really not good. For this firewall, because of our customers' routine, for example, every six months they'll do a penetration test to find weaknesses. So whenever they came up with VAPT reports, they are looking to Huawei for help. I think that's basically because it's a different culture. Chinese culture and our culture is different. They have always tried to help find some excuses or say some other things that cannot help you solve the problem immediately.

The solution could be more secure and have better integration. The bandwidth management utilization could stand improvement. 

The dashboard is a little bit slow and they can improve performance on things like configuring policies.

Wildfire analysis would be useful features to include in the future. This features help Network Administrator to have a detail visibility in the threats coming from the traffic which is analysed by the device itself. 

Adding Intrusion Detection (IDS) and Intrusion Prevention (IPS) systems would improve the product. This may exist in the enterprise-grade firewall, but on the mid-level firewall, the functionality is lacking.

I would like to see anti-phishing features included.

Better reporting generation would be useful.

The firewall needs to be more configurable.

I would like to see an antivirus solution included with the product.

The solution doesn't seem to be very mature. Our networking team says they are experiencing a lot of issues in the firewalls and some routers.

There are fewer use cases available on the net. Examples are available on the net for configuring some of their features. Our team has found that they have to refer to the documents and they need to do a lot of tweaking and experimenting with features. There have been some difficulties in getting some features enabled on the firewalls and routers.