SonicWall TZ Room for Improvement
Virtual CIO/ CISO at Kyber Security
We've turned the SSL inspection on, and it is a nightmare. It doesn't mean it doesn't work, but it will turn your world upside down for weeks until you tune it and get it right. That's an across the board problem. It's not just TZ. That's TZ's, NSA's, etc. Wherever you're using their implementation of SSL, where you've got to implement a certificate on every machine. Once you even get past that it's still going to be particular and finicky. Banking sites are driven crazy by it every time we turn it on.
It is trying to lock down outbound traffic so tightly that you get to sites that are already very security conscious. It's just a battle to get the traffic through. Intentional traffic, the traffic you want to get through, seems to be a problem. It will stop almost everything. Too much in fact. I understand the concept. It's just a little threatening. We just had a client sign off on a 6650. Then we send them a scope of work for implementing it. We specifically put a note in there in enormous bold type: "Note does not include SSL-DPI implementation". That is additional. The client responded that "That's the one piece I wanted you guys to do. I'm scared of it."
He said, "We're scared of it," and I told him, "We're scared of it too." I said, "I don't know how long it's going to take. And it's going to turn your universe upside down for a week to 10 days to maybe two weeks." He said that he heard that this would be the case.
My fear is that the client thinks that we'll say it will take four hours and then, when it turns into 40, try to make us give them the submission for free.
Even tiny environments, for example, 10 user environments, once you turn it on, you will spend days tuning it. The last one we did took us 22 hours to get it perfect. We learned our lesson. We slotted in four to eight hours to do it and it took us 16 to 20.
From a support perspective, if we're talking tech support I think Silver Partners, Gold Partners, Platinum, whatever level, should have a different number to call. End users can call tech support over at SonicWall if they've paid for support as part of their AGSS or whatever services they bought. The end-user can call, or we can call, however, I don't want to be calling the same line that an end user's calling. I don't want the same response time. I need a different level of expertise.View full review »
Owner\Operator with 1-10 employees
There was one complaint I always had in the past. Years ago, you always had to enable the device. You had to go online to enable the device. You had to connect and do that. That was always a thing in my mind: "Well, why do I have to do that? Why do I have to go outside of my network just to do that?" Now, it seems to be less of an issue. However, that's been something that has frustrated me. It's not fixed. It's still the same. It's just something I live with now. I wish you didn't have to go off your network to connect.
I would like the solution to build in more redundancy. I would hope that doesn't come with a price increase, however, it would make the solution that much better.View full review »
I would probably say their GSM or their Sonic Analyzer could be improved. I have always found it difficult to manage and not very intuitive. I'd like to have better visibility of what each endpoint is doing. That's something Meraki has that is very easy to use.
Not relating to this product specifically, but I think overall the company needs to think more broadly about security continuity across the entire security spectrum and integrate more security options with their solutions, like Cisco is doing. They need identity management products and DNS solutions to really complete the line of security. Because of the whole management system, there could also be improvement to their GMS, which is a system allowing you to manage an entire fleet of their firewalls via a central pane of glass. Today as more organizations as forced to working from home and the security perimeter is now the home, businesses need more affordable and scalable systems to manage and monitor numerous devices, more easily and push out updates through essential platforms.
Senior Member Of Technical Staff at Flexera
In terms of what needs to be improved, I would say better load balancing and data filtering. This way we have low utilization of the net from the corporate office to all the branches. This is the connectivity there. The traffic from the HQ to all the branches goes on the low latency so that connectivity is continuous and not dropped.
In the next release it should have both the failure and load balancing combined on there. Whenever there is a failure and whenever they are load balancing, it should auto-generate the traffic for any connectivity on there, so it will run smoothly. It should also generate the alert.View full review »
Director at VULPINE SOFTWARE PVT LTD
The dashboard needs to be improved.
They can work on the GUI part of the solution. Currently, it is a little bit complicated as compared to other competitors.
Each uplink is quite a big and complicated sort of tool. Other products, like Checkpoint, are so-so, however, they are better. Fortinet is a good example of one that is very good and easy to use.View full review »
President at a tech services company with 1-10 employees
We are not receiving the rated throughput that the solution claims. We have noticed our client's internet bandwidth has increased but we are not receiving the throughput that the device is sized for. For example, if I have a device that is rated to handle 400 megabits of throughput, we are not receiving that speed. We are receiving significantly less than that in some cases, this needs to be improved. I do not know if this is still the case with the latest generation of SonicWall's, but we have sixth-generation SonicWall's in use and we are not receiving the rated bandwidth.
We have built a host secondary DNS directly on the firewall. For example, If you have a small business environment where you only have one server or you have a remote office location where you do not have any servers, you could use a VPN back to the main office and rely on the internal DNS server. However, you will have no redundancy for DNS. There are two choices, we can either use a public DNS service, which is a mistake because it will not know where the information is on the local network. The active directory is not going to work properly if the resources you want cannot be found. You end up picking between two poor options. You either have no redundancy for DNS or you have redundant DNS where one of them is not the best quality. The whole industry is lacking an alternative. I would like to be able to host a secondary DNS on a firewall appliance, many people need this feature.
In an upcoming release, SonicWall could improve by adding cloud management for all devices for free or at a nominal cost. Currently, they have a cloud management platform but is not free. We have the MySonicWall portal for purchasing from them for software updates and renewals.View full review »
In terms of what could be improved. That is a very good question. Maybe the price could be lower. That is the only thing. Otherwise, it is really a very good product with really good performance. The only thing is maybe to lower the price a little bit - but it's not a complaint. I don't have complaints with SonicWall.
SonicWall is really a very complete product.View full review »
Product Manager at a tech services company with 1,001-5,000 employees
The marketing of SonicWall has to be increased. Currently, when it comes to firewalls, most people go for Cisco and Palo Alto. SonicWall should improve its marketing and branding policies to increase sales. Other than that, it is good.View full review »
DPO - Especialista em Proteção de Dados at a tech services company with 11-50 employees
The user interface could be improved. Another issue is that part of the company strategy is that once the license expires, the company blocks features and things slow down. It would be nice if they would provide a free version for small companies. Most companies here in Brazil either don't have the money or their culture is cost-oriented so they don't make large investments in security. They prefer products which are less expensive such as open, source-based firewalls. Having access to a free version would mean that we could create an awareness within the company about the importance of these solutions. Because of the dollar rate, the product is quite expensive for us, whereas in the States it's affordable to spend a few thousand dollars on a solution.
General Manager at Antea Consulting
It's worked well for us over the years. We don't have any special demands in terms of new features. It has everything we need.
Although the pricing is good, it could always be lower. If we get to pay less, we're happier.View full review »
Its reporting can be improved. Currently, we cannot directly get the user names. It only shows the IP, which makes it a bit confusing because we need to use the IP to find the user. If we could directly get the name of the user, it would be better.
Its licensing should be improved. We would like to get the reporting part along with the license, without having to purchase it separately. It would be good if they combine both of these.
Its scalability can also be improved.View full review »
IT Infra Head at a consumer goods company with 1,001-5,000 employees
It's a good product, but it's not a next-generation firewall. We are looking for a next-generation firewall and considering Cisco.
We require centralized monitoring of the network features, which they have but they are not to the level that we require.
The reporting is not good. Also, the historical configuration of the data or backup is not available.
To compete in the market, there have to be a lot of improvements.
We do not plan to continue using SonicWall TZ. We are looking for a replacement because we need centralized monitoring across the organization. It has been very difficult for us to manage the firewall as it is not managed centrally. This is the main drawback in our current scenario.
In the next release, I would like to see better scalability, easier installation, improved reporting, storage configuration, backup, and centralized management with reporting.View full review »
It would be nice if it was more user-friendly. The user interface is a bit difficult to navigate.
The technology in this particular version is very old.
They have to improve their assistant client application.
In this particular SonicWall has a challenge with the SSL client. It provided NetExtender, a client application that is very challenging and is difficult to manage.View full review »
The stability could be a lot better. The SonicOS, which we were using, was not that stable. Sometimes it is not performing as expected as per the policies we have set.
The log, the logging capabilities, are not so good. For example, the logging for traffic logs was not being stored properly. The logging must support some storage space. If there is a storage device or storage mechanism within it we would be able to get the log easier.View full review »
IT Administrator at a healthcare company with 51-200 employees
FortiGate has a client DNS in the firewall, but SonicWall doesn't have that. To create or configure a site-to-site VPN tunnel, we have to give a DNS name. Currently, we have to get the DNS name from a third party and then include it in SonicWall, whereas FortiGate has its own client DNS, so it provides a DNS name, and it does not require a third party.
There should be a graphical option to view the network utilization and bandwidth usage.View full review »
In the next release, I would like to see a SonicWall integration with the DLP tool, this would be interesting. Data Loss Prevention integration.View full review »
As compared to other firewalls, they should provide an unlimited number of users for the SSL VPN.
The VPN that is available in the new version is a bit bulky and slower in speed. It should also be easier to use.
The SD-WAN feature should be enhanced, similar to Fortinet FortiGate.View full review »
It could be made more user friendly.View full review »
The log sections could be done more clearly.
I would like there to be the ability to manage content filtering on a per-user basis or by using the application as we normally would for all users. Currently, it is applied to a group of users and I do not think it is reliable or performing as good as it should.View full review »
SonicWall has many problems with the reporting analytics.
The reporting analytics could be improved, it is very unstable.View full review »
Head of IT at a engineering company with 501-1,000 employees
It could probably be more user-friendly, and it could be more scalable with releases and subscriptions.View full review »
Senior Network Engineer at a healthcare company with 501-1,000 employees
The areas we would like to see improvement include more features available similar to the equivalent FortiGate appliance, e.g. SSL encryption and inspection. Two-factor authentication capability would be another additional feature that could be included in the next release.View full review »
Diretor Comercial at a retailer with 1-10 employees
Its pricing can be better. It is very expensive.View full review »
Owner at IT CARE
We have been facing issues with reporting. We use to have a free tool for reporting, but now there is a licensing fee.View full review »
Engineer at a pharma/biotech company with 501-1,000 employees
The pricing is of this solution is high and could be reduced to make it more competitive.
The monitoring is a little bit confusing.View full review »
WCOIL/IT Department at Lima Central Catholic
I would like to see lower antivirus pricing. So far I haven't found any situation that I needed anything else added/included.View full review »
There is a point I don't like about SonicWall in the past and now. Most of the destinations we look at when we're detecting some user using too much bandwidth or something like that, SonicWall just gave us the destination IP address instead of the full qualified domain name. I think that's the most important part that is still missing. I think that's the most important thing for us.
The fully qualified domain name is very good flexible information. We can detect issues on each page, so we don't have to wonder a lot about other tools. It would also help if there was a simple way to log in the users, which is one login from Windows Active Directory, without having to deploy patch information or using external tools like SSO.View full review »
VP of IT at a tech services company with 51-200 employees
I would like to see more integration with other platforms.
The flexibility can also be improved and it could be more user-friendly.View full review »
Creative Head/Director at a marketing services firm with 1-10 employees
The solution should provide some additional ports. Currently, we have only four to five of these.
Information Technology Network Support Specialist at a hospitality company with 51-200 employees
The GUI interface could be improved. It would make a difference if they could update that.
IT Manager at K-Vac Environmental Services, Inc.
Needs more robust self-help documentation along with examples and things to watch out for.View full review »
The price could be better for us in Bolivia.View full review »
Executive Project Manager at a non-profit with 1-10 employees
We have experienced some issues with SonicWall TZ and they are lacking some advanced features other vendors have.View full review »
Integration Engineer at a non-profit with 10,001+ employees
The user support could be improved because you have to go outside to get that kind of support.