SonicWall NSA Room for Improvement

Leen Van Gent
IT Superintendent at a mining and metals company with 11-50 employees
The problem primarily with SonicWall is it's a Unix box. And it's all software, all the activities, blocking, censoring, everything has to happen in the software. If you start hitting the box with a lot of sessions it slows down and that's not what I expect from a firewall. I have worked with this box for six months, and it's a daily task to manage this thing. You don't have to always have time to do this. The room for improvement is to step away from the Unix platform. It needs to be a specialized system that manages firewall activity. You don't want to rely on two systems, one being Unix and one being the firewall. Unix is a powerful system, I have no doubts about it. I've set up Unix systems my whole life and they're very powerful. However, when it comes to dedicated tasks it's not suitable. That's Unix. Unix is general. It does everything. And by doing everything, it's not always as powerful as a dedicated system like a hardware solution, like Fortigate. View full review »
Senior IT Consultant at a tech consulting company with 51-200 employees
SonicWall has weaknesses. During its tenure with Dell, it was severely damaged (its reputation, innovation, etc.). It is now recovering, but it may take time to get competitive again. They are clueless in some regards, which is unfortunate as they have the potential. CPU: The CPUs are not able to compete with a similar price point to the Fortinet, WatchGuard, or Palo Alto product. Compare with the need to get 1Gbps throughput with full security (common nowadays), you are looking at NSA 5700. Wireless: What a disaster this has been historically. The new SonicWall will tell you it has been resolved and improved. It has improved - it actually works now, but performance is substandard. It is a terrible strategy to have a firewall act as an AP controller, in any case. Perhaps for an SMB, the integrated WiFi in their TZ series has a niche. Anti-spam: Do not even consider it. It leaks like a shower head. What a mess that offering is. It requires a specific Java version on the server side (do not update it, otherwise it will break). In any case, a firewall doing anti-spam might be a low cost solution, but it is not your best strategy. Logging/reporting: You need their analyzer to properly generate reports. This is an expensive, licensed feature, with a complex application or appliance back-end. MSP: They are not ready for managed security services. Their Cloud GMS product is weak, barely out of beta (buggy). VPN: Site-to-site is another problem area - Client-based VPN is another hot mess. Global VPN client issues and mobile connect issues. Do not even consider NetExtender - probably one of the most horrific, nightmare grade Java-based VPN clients. We have but all given up trying to make it work reliably. If VPN is important for you - look elsewhere. You have to pay for licenses (most competitive vendors include this by default). You will have 4 different methods, 3 different clients, 2 licenses and all of this to have a horrible VPN connectivity. No proper or modern 2FA for additional security. AVOID! AGSS / ATP: This is poorly implemented. A user will click to download a new type of file, and nothing happens. They have to wait an indeterminate amount of time, and try again to see if it works. It is so annoying, most clients avoid this capability, just nullifying the whole purpose of it. App Control: Be aware that either due to firmware updates, or bugs - app control will behave poorly (cause packet loss, or outright blocking) with normal and legitimate activities. Resetting and re-configuring it is the work-around (super annoying). View full review »
Marcio Vieira
Solutions Specialist with 201-500 employees
The solution was deployed to suit all areas of the company. This product is unable to secure access to endpoints for our external employees. Our next plan will be to deploy a solution for visibility and control of 'shadow IT' applications and also to provide security for accesses outside our company. We plan to use another solution from SonicWall, such as Cloud App Security (CASB), to meet the needs of our external employees. View full review »
Find out what your peers are saying about SonicWall, Fortinet, Sophos and others in Firewalls. Updated: March 2020.
408,154 professionals have used our research since 2012.
Bishoy Habib
Senior Security Consultant. at Ingram Micro Inc.
* The cloud services may be in need of some improvement. * ADR needs to be added to the portfolio. * Some next-generation features are not included in the product. View full review »
Lead Technical Consultant at a tech services company with 11-50 employees
The only thing that we would want would be single-pane management, which it has, but the GMS is not very good. It's purely the management of multiple devices for multiple customers, that's the only thing that it's lacking. View full review »
Tim Cook
Manager at Smeja Enterprises
Port forwarding could use streamlining. Otherwise, once you learn the user interface, the capabilities of the firewall are good. View full review »
IT Services Coordinator with 11-50 employees
I feel that the SSL VPN client software needs a lot of improvement. View full review »
Sadiq Abdulwahab
Network Administrator at Nigerian Security Printing & Minting Plc
After-sales support and hands-on training facilities are poor or not available in my country. Improving these will help users like me optimally manage and administer this solution. View full review »
Vaniele Ferreira
Consultant at Techmail
* Load balance algorithms * Resource usage graphs (throughput, connections, external accesses, and the possibility to export the content of the address object). View full review »
Find out what your peers are saying about SonicWall, Fortinet, Sophos and others in Firewalls. Updated: March 2020.
408,154 professionals have used our research since 2012.