We just raised a $30M Series A: Read our story
2017-12-13T02:28:00Z

What needs improvement with SonicWall NSA?

13

Please share with the community what you think needs improvement with SonicWall NSA.

What are its weaknesses? What would you like to see changed in a future version?

ITCS user
Guest
3333 Answers

author avatar
Top 10Real User

Sometimes I found the GUI and some of the features a little bit hard to navigate, as opposed to Fortigate, which is much more user-friendly. What Fortigate has which SonicWall doesn't, is the per rule natting. SonicWall only does the central mapping. If they could include something like per rule natting it would be better.

2021-05-25T09:33:00Z
author avatar
Top 10Real User

We're not happy with the device itself. We're obviously moving away from it for a reason that they're a Swiss pocket-knife of devices and they do a lot. However, nothing is really done well. They don't specialize in one thing that they excel at. They try instead to do almost everything and end up failing. We're not particularly fond of the way it generally performs. We are finding ourselves rebooting often. There are freeze-ups and that kind of thing. The stability needs to improve exponentially. Technical support is pretty slow to respond and escalate matters. The cost of the solution is quite high. The solution could use an invisible DPI-SSL or something that doesn't require a certificate rewrite. Most of the other vendors are doing that now. The SSL VPN performance-wise is terrible.

2021-04-27T09:04:22Z
author avatar
Top 5Real User

The content ID needs to be improved. If I compare it with Palo Alto, there are more features in Palo Alto that are not included in SonicWall. For example, PDoS is not available in the current version, that I could find. They do have DLP and Host protection, but not PDoS. Also, the IPS and the UTM need to be improved. I haven't found anything regarding the IoT security in the device security on SonicWall.

2021-03-14T14:07:40Z
author avatar
Top 10Real User

I would like to have a built-in vulnerability scanner in the firewall. It would be great to have such functionality. Its price could also be better. It would also be good to have a local warehouse. It doesn't get damaged a lot, but if a customer needs a replacement, currently, it has to come from Miami or Mexico, which can take a few days. It would be better if they have a local warehouse from where we can just pick replacements and quickly solve a client's needs in terms of replacing equipment. It would be great to have it locally instead of waiting for it from Mexico or the USA.

2021-03-02T09:34:41Z
author avatar
Top 5LeaderboardReal User

It would be useful to have an application firewall that prevents the outside world from seeing your private IPs. You don't need to publicize your private IPs to the outside world, and you can create a barrier, like a proxy server.

2021-02-23T13:19:18Z
author avatar
Top 5Real User

It doesn't require much improvement. The only improvement area is that cloud reporting, assessment reporting, and other reporting features should be available with the subscription. They should provide reporting features with the subscription base, which is currently not there. We bought the reporting tool, but there are some complications. They have made some changes to the application, and now the reporting management is completely on the cloud.

2021-01-25T13:24:54Z
author avatar
Top 5Real User

The reporting feature could be better because most of the companies want to have the analytics included, which is something that you have to buy separately.

2020-12-17T18:11:13Z
author avatar
Top 5Real User

The content filter needs to be improved. I would also like to see better application filtering. When we are troubleshooting problems, we find that the logs we see are not sufficient. It makes it difficult to find out what the main issue is. It means that we have to search further or perform another test to see what happened. Technical support is in need of improvement.

2020-12-10T21:49:01Z
author avatar
Top 5LeaderboardReal User

The scalability is something that should be improved.

2020-11-30T12:25:35Z
author avatar
Top 10Reseller

The Fortinet Firewall is not the easiest firewall to maintain, nor is to set up and configure. Checkpoint and Sonos are much easier. SonicWall, from my point of view is the same category as Fortinet. Checkpoint and Sonos are easier to use, but they don't have as many features as SonicWall. You can do zero-trust networking with SonicWall, but it's not easy. Also, their desktop anti-virus sucks.

2020-11-05T20:44:04Z
author avatar
Top 5LeaderboardReal User

In terms of improvement, they should consider changing the logic of how the rules are created. Everything is spread out into multiple pockets, so to speak; it should be more condensed. The technology is sound; I am not saying that it's brilliant, but it is very sound for most mid-range uses — it does a fantastic job. They should consider upgrading the capabilities within the GUI. The way the GUI is configured for creating rules, I would say they should consider making that a bit more flexible. That would really help a lot.

2020-10-21T15:03:00Z
author avatar
Top 10Real User

Currently, I just have the basic modules turned on. I'd love to see how it works in terms of preventing more malware from getting through. We still get phishing emails that manage to come through from time to time. The solution could use a bit more security. We had issues with the VPN tunnel between two sites. It wouldn't stay up. That was a problem for us. They need to fix it if they find it happens across the board to other customers.

2020-10-20T04:19:16Z
author avatar
Top 5LeaderboardReal User

Vendor support needs improvement. The frequency of time and support should be increased. From a vendor perspective, we were expecting more support. When we experience a technical issue, it should be rectified immediately. We are facing a delay with response and resolution.

2020-10-11T08:58:22Z
author avatar
Top 10Real User

Initially, it may be difficult for some people to learn and become acquainted with it. I have been using it for a long time and find it straightforward to use.

2020-10-07T07:04:32Z
author avatar
Top 5Reseller

There are a few areas that need improvement including the VPN, user management, and reporting.

2020-08-30T08:33:49Z
author avatar
Top 10Real User

It would help us a lot of SonicWall sent us more information about the latest updates and things that are changing. I would like to have the capability for full active-active mode.

2020-08-23T08:17:22Z
author avatar
Top 20Real User

The filter settings are confusing and overly complicated. The user interface can be improved.

2020-08-23T08:17:00Z
author avatar
Top 5LeaderboardReal User

The pricing for this product in India is high and the fees should be reduced. The visual process needs improvement. Because of the price, our customers prefer PSA. The price is what needs to be addressed in the next release, it's the only that that matters. I would rate this solution a five out of ten.

2020-08-20T07:50:15Z
author avatar
Top 5Real User

The reporting solution from SonicWall is not the greatest. We have more than two firewalls and I expected we'd get more information from the reporting than we actually do. That area could definitely be improved. I've seen a couple of features on the firewall that I don't have use for because we're not a huge company, we're a 200-user company. The reporting feature is there, it would be nice if it was more detailed. The firewall itself has the reporting tool. Obviously, it's not as complete as the solution that they want to sell because they provide it for free. It means that you need to get the software separately in order to get a better understanding of what's going on in your firewall. A good additional feature would be improvement on the firewall reporting feature without needing extra software or extra expense.

2020-08-19T07:57:33Z
author avatar
Top 20Real User

Because this is an old device, the throughput needs to improve. Right now, the only problem is that since it eight years devices had to keep up with the latest technology. Most of the devices are now linked to the plants. That is one thing that can be improved. We also need to increase the throughput because the other devices are slower. The throughput will become slow. Since we're using VoIP, it tends to affect the voice quality. Even if you're using a quality service, it tends to decrease. We're going to replace them. Since this is already eight years old, so we're going to replace the hardware but with a different brand.

2020-07-29T07:45:00Z
author avatar
Top 5MSP

The number of concurrent VPN users is too limited. SonicWall does not support DynDNS, yet this is an important feature for smaller companies that do not have a static IP address. It means that if the IP address changes then it would automatically be picked up by the firewall and it will assist with site-to-site VPN connections.

2020-07-26T08:19:06Z
author avatar
Top 5LeaderboardReseller

Having to deal with too many lower-level people in technical support means that it takes longer to resolve issues, so escalating support tickets should be faster.

2020-07-23T07:58:36Z
author avatar
Top 10Real User

The product has a lot of bugs, actually. We are facing some issues with this product. The DPI SSL feature which is there, it is not working properly. The IRL, when it was installed, had us facing some issues. However, as they kept on uploading the images, the issues are starting to get fixed. They already have this feature of advanced capture, set rotation, and so it is a next-generation firewall only. They could improve on their software side. Their software, which is managing the hardware, it's not up to the mark.

2020-07-22T08:17:22Z
author avatar
Top 20Real User

Over time, this solution is becoming more complicated, and when I need support it often is not available. I would like U.S.-based technical support. VPN functionality needs to be improved. As it is now, I need to combine another SSL VPN with my firewall. I want it to be done very easily.

2020-06-17T10:56:03Z
author avatar
Real User

The solution was deployed to suit all areas of the company. This product is unable to secure access to endpoints for our external employees. Our next plan will be to deploy a solution for visibility and control of 'shadow IT' applications and also to provide security for accesses outside our company. We plan to use another solution from SonicWall, such as Cloud App Security (CASB), to meet the needs of our external employees.

2019-07-10T13:04:00Z
author avatar
Real User

* The cloud services may be in need of some improvement. * ADR needs to be added to the portfolio. * Some next-generation features are not included in the product.

2019-05-09T13:12:00Z
author avatar
Real User

I feel that the SSL VPN client software needs a lot of improvement.

2019-04-11T00:39:00Z
author avatar
Real User

The only thing that we would want would be single-pane management, which it has, but the GMS is not very good. It's purely the management of multiple devices for multiple customers, that's the only thing that it's lacking.

2018-08-09T07:01:00Z
author avatar
Top 5Real User

After-sales support and hands-on training facilities are poor or not available in my country. Improving these will help users like me optimally manage and administer this solution.

2018-08-02T08:07:00Z
author avatar
Real User

The problem primarily with SonicWall is it's a Unix box. And it's all software, all the activities, blocking, censoring, everything has to happen in the software. If you start hitting the box with a lot of sessions it slows down and that's not what I expect from a firewall. I have worked with this box for six months, and it's a daily task to manage this thing. You don't have to always have time to do this. The room for improvement is to step away from the Unix platform. It needs to be a specialized system that manages firewall activity. You don't want to rely on two systems, one being Unix and one being the firewall. Unix is a powerful system, I have no doubts about it. I've set up Unix systems my whole life and they're very powerful. However, when it comes to dedicated tasks it's not suitable. That's Unix. Unix is general. It does everything. And by doing everything, it's not always as powerful as a dedicated system like a hardware solution, like Fortigate.

2018-07-15T09:16:00Z
author avatar
User

* Load balance algorithms * Resource usage graphs (throughput, connections, external accesses, and the possibility to export the content of the address object).

2018-07-03T14:26:00Z
author avatar
User

Port forwarding could use streamlining. Otherwise, once you learn the user interface, the capabilities of the firewall are good.

2018-03-07T15:14:00Z
author avatar
User

SonicWall has weaknesses. During its tenure with Dell, it was severely damaged (its reputation, innovation, etc.). It is now recovering, but it may take time to get competitive again. They are clueless in some regards, which is unfortunate as they have the potential. CPU: The CPUs are not able to compete with a similar price point to the Fortinet, WatchGuard, or Palo Alto product. Compare with the need to get 1Gbps throughput with full security (common nowadays), you are looking at NSA 5700. Wireless: What a disaster this has been historically. The new SonicWall will tell you it has been resolved and improved. It has improved - it actually works now, but performance is substandard. It is a terrible strategy to have a firewall act as an AP controller, in any case. Perhaps for an SMB, the integrated WiFi in their TZ series has a niche. Anti-spam: Do not even consider it. It leaks like a shower head. What a mess that offering is. It requires a specific Java version on the server side (do not update it, otherwise it will break). In any case, a firewall doing anti-spam might be a low cost solution, but it is not your best strategy. Logging/reporting: You need their analyzer to properly generate reports. This is an expensive, licensed feature, with a complex application or appliance back-end. MSP: They are not ready for managed security services. Their Cloud GMS product is weak, barely out of beta (buggy). VPN: Site-to-site is another problem area - Client-based VPN is another hot mess. Global VPN client issues and mobile connect issues. Do not even consider NetExtender - probably one of the most horrific, nightmare grade Java-based VPN clients. We have but all given up trying to make it work reliably. If VPN is important for you - look elsewhere. You have to pay for licenses (most competitive vendors include this by default). You will have 4 different methods, 3 different clients, 2 licenses and all of this to have a horrible VPN connectivity. No proper or modern 2FA for additional security. AVOID! AGSS / ATP: This is poorly implemented. A user will click to download a new type of file, and nothing happens. They have to wait an indeterminate amount of time, and try again to see if it works. It is so annoying, most clients avoid this capability, just nullifying the whole purpose of it. App Control: Be aware that either due to firmware updates, or bugs - app control will behave poorly (cause packet loss, or outright blocking) with normal and legitimate activities. Resetting and re-configuring it is the work-around (super annoying).

2017-12-13T02:28:00Z
Learn what your peers think about SonicWall NSa. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,823 professionals have used our research since 2012.