We will probably invest a little more time into the VDI solution - not specifically for security but for desktop computing VDI solutions. 

The cost of licensing is very high compared to other firewalls available here. There should be improvements in hardware scalability, allowing for more storage and memory capacity. Making the solution available as a virtual appliance would be more feasible for data centers, avoiding the need for physical hardware.

There is room for improvement in dependency on certain infrastructure, like the DNS dependency on the current DNS server that the company has. It should be standalone. It should not depend on any other DNS server.

The tool is expensive. 

Sangfor could improve by providing better real-time reporting, as the current reports don't offer the level of detail we need, especially for runtime insights. We find ourselves relying on other applications for this purpose. While performance is okay for our healthcare setup with 500 desktops, it might need closer consideration for industries like finance with more specific requirements.

The support for YouTube or the Internet is not enough.

The setup phase is quite complex. The setup process could be easier.

The product must provide more IPS features. It should also provide more VPN and security features.

I would be happy if Sangfor developed a firewall designed specifically for home use, as well as for small businesses such as clinics and so on. A household version of the Sangfor firewall for your personal computer or laptop would be ideal, in my opinion.

There are some difficulties with the deployment of the LDAP part in Sangfor NDAF, making it an area of concern where improvements are required.

The support offered by the product has certain shortcomings where improvements are required. The knowledge levels and response time of the support team need improvement.

The interface and user experience are horrible. To perform simple things, you need to jump between many screens. There is no simplicity, everything is complex. 

The available information is lacking. I'm struggling to give my coworker information about how to configure. The public information available is too old and hasn't been updated. 

The solution is not out-of-the-box because it requires a mandatory license. 

Outside of China, the solution does not offer active-active, virtual domains, or concurrent sessions. The CCB or UTB sessions and BPM channels are very low. The solution is a Chinese product and that side is different from the rest of the world. China has version 8.0.59 but the rest of the world has 8.0.47 only. 

The solution has very, very slow hardware performance. 

The firewall system needs gradual improvements because there are more threats and challenges in the world every day. Sangfor NGAF has a comprehensive database for ransomware and viruses, but when we compare it to other solutions, the price could be more competitive.

Since we have a very comprehensive solution with Sangfor NGAF, it is hard to identify any additional features we want to add. It already provides good features for ransomware attacks and data recovery. In the past, we wanted encrypted data for a virus to be recoverable, and Sangfor offered the solution.

The solution should be able to work in a hybrid setup.

The tool's support is an area of concern where improvements are required. The support should be available locally, I would say. As of now, I think the tool is moving towards offering local support. I have heard from my previous customer that the support is actually from another region, making it quite hard for them to get in touch with the technical team.

Sangfor NGAF could improve by refining its application control policies, especially in addressing challenges with certain types of applications.

An area of improvement for Sangfor NGAF could be in the field of reporting and logging.

Sangfor NGAF could improve the policies and default criteria. They could be much better.

Sangfor’s team directly deals with clients. I feel Sangfor should follow the hierarchy and close deals via resellers instead of closing it all with their own team.

It does not offer any recommendations on how to mitigate or control attacks.

I think the GUI needs to be improved, there are a lot of areas where the panes do not make sense. They have put the NAT in the policy section but at the same time the DPI is in the network pane. The placement of different options in the menu system of this firewall is not that logical and often doesn't make a lot of sense. The operational procedures are a little tricky and require some technical skills. A level one person will have problems. The compatibility needs to be improved. 

Sangfor need greater exposer in the market because the market is mainly saturated by Fortinet. The user experience of Fortinet is quite different compared to NGAF. If we want to switch our users from Fortinet to NGAF, we have to convince them that the user experience will be much easier once once they start to use it. 

Sangfor could improve their interface capacity on the 5100 series model and upgrade their hardware from one gig to 10 gig. This would improve the overall throughput. 

It has an issue with the Sangfor Cloud Platform rather than the firewall. When we run a virtual machine, the window tabs display Chinese characters. This could be a hindrance when presenting it to clients, especially since many of our clients prefer US-based products. We’re pitching Sangfor as part of our solutions, but the presence of Chinese characters might be a concern.

It is a relatively new product in the market, so we are dealing with challenges related to security and malware detection. It will need time to assess its strengths and weaknesses thoroughly. We discovered that the SD-WAN capability is available within this product. It also includes built-in Value-Added Security Technology, which can be cost-effective, but improvements are needed, particularly in enhancing malware detection. Another area for improvement is integrating with other third-party providers' solutions for a more seamless security ecosystem.

For some reason, Sangfor doesn't filter certain websites and applications. It should recognize them and utilize the bandwidth between applications. Also, if we try to block YouTube or Facebook videos, some users will use applications like Siphon for viewing so our bandwidth is still being utilized for non-work purposes. It might detect that somebody is using Siphon, but it cannot be blocked. It's inconsistent, sometimes one user can be blocked while another will have access. 

The reporting and log management could be improved. 

I believe that IAM and NGFW need to merge into a single box, instead of there being two separate box solutions.

We're still evaluating the program, so there is no guarantee that we will always get this kind of protection. They need to improve their research team and they need to study their data to analyze it and build the product. I think the developers should sit with their clients to understand how they can improve their product. Although it's running very smooth, they need to collect data from their clients to improve the product. 

Cisco, for example, has forums where you can go and type in your question and get the answer. So the developers of Sangfor needs to get feedback from the users and adapt their product on the basis of that feedback.

An area for improvement would be the number of ports defined on the box. In the next release, I would like them to develop their provisioning stage of enrolling end devices.

The solution has too many bugs and these slow down the implementation. The software should be updated to account for this. 

It would be ideal if the solution offered SD-WAN capabilities. It's not as good as what is offered by Fortinet, for example.

They need to increase the number of ports in the firewall. Both Fortinet and Sophos, for example, provide many more than what Sangfor provides. 

The web interface needs to be improved, making it more user-friendly.

In terms of improvement, it should have integrated consoles. Since we have various products and we need one console that we can use to manage all of the solutions. Sangfor should provide it. 

It could also be cheaper.