Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Gen 7 TZ 370

I have to ask. Are the gen 7 firewalls just complete garbage? I know the NMS "cloud management" is a stinking, hot. pile of garbage but I assumed the gen 7 on local management would be ok. I have been trying to configure one for 2 weeks and it seems no matter what after entering some number of settings it just locks up then page loads take 60+ seconds in the UI until I factory reset then it does it again. Seriously can it be this bad or am I having bad luck? I can not open another ticket where some level one tech wastes hours of my life telling me "it shouldn't work like that". Yeah I know that's why I'm talking to you.

Category: Entry Level Firewalls
Reply

Answers

  • SaravananSaravanan Moderator

    Hi @THEKMUMM,

    Thank you for visiting SonicWall Community.

    Sorry to hear that your experience with Gen 7 appliance is not a pleasant one so far. If the firewall gets locked up on its own, we should be able to find some traces on the tracelogs or system logs. Didn't the support engineer help you with verifying those logs and providing you a root cause?

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • TKWITSTKWITS Cybersecurity Overlord ✭✭✭

    Gen 7s with the latest firmware 7.0.0.906 seem to be hit or miss. Im running a number of TZ570s that are stable, but aren't exactly up to par with the Gen5 / 6s they replaced in various aspects.

    Reports from other users on the forum of TZ370 / 270s make them sound like a mess even on the latest firmware. So it's not just you.

    Supposedly a new Gen 7 firmware release is coming this month... also a price increase on the older models.

  • ThekmummThekmumm Newbie ✭
    I sure like paying $1500 per device to be a beta tester. Spent another 2 hours on the phone with support for them to say they have no idea why it's not working. What a great way to treat a customer of 15 plus years. Thinking about just returning all 18 that I bought and doing a credit card dispute. To call these alpha at this point would be a complete joke.
  • LarryLarry Cybersecurity Overlord ✭✭✭

    It is unfortunate that it has come to this.

    Last summer, when the new "7 series" was announced, I dutifully attended the online sessions. I took the SonicWall University courses.

    And I resolved to wait two years before investing any time or effort into these new devices. I believe that will give the company sufficient time to work out the problems that are baked into the first iteration of these devices and the new OS.

    I've contacted all of my clients and have informed them that 2023 will be the earliest they will see a hardware upgrade. And, if prices on the Gen 6.5 models and support licenses increase, then I'll pass that "hardship tax" on to my clients, rather than subject myself (and them) to the sheer waste of (unbillable) time on support calls.

  • ThekmummThekmumm Newbie ✭

    OK so I figured out what is causing the slowness. Anytime the FW loses WAN connectivity on X1 the UI slows to a crawl. If I unplug it, set a static IP on X1 for a network it is not currently connected to or turn on the tunnel all mode an IPSEC tunnel. All three cause the FW to take 1-3 minutes to load each page in the UI. I don't have NSM or GMS turned on so it makes zero sense to me. Also I would report it to support but they closed my ticket so I guess they don't care. Oh well to the dumpster she goes I guess.


  • TKWITSTKWITS Cybersecurity Overlord ✭✭✭

    Now that you mention the WAN I have experienced an issue similar. Have a TZ570 with 2x 1.5Mbps DSL lines and the local web UI is appallingly slow. I rarely manage it locally though because it's on NSM, BUT the two times I did I remember it being awful.

    This makes me believe that Gen7s are calling home wwaayyyyy more than they need to but I haven't bothered to verify myself.

  • TerriTerri Administrator

    Hi Everyone,

    I wanted to jump on this thread, introduce myself and clarify some actions that were taken by SonicWall staff in the last 48 hours.

    My name is Terri O'Leary and I'm the VP for Web and Digital Services at SonicWall. You can get my attention on this community by using "@Terri" when you write a post. 

    Our Community is a public forum. It is important to us to be transparent, and to provide a place for our end users, partners and employees to interact, ask questions and help each other. That is the whole purpose for this Community to exist.

    These posts are reviewed by a team of SonicWall moderators daily. As with any public-facing platform, we have some rules about acceptable practices here. You can read our full Community Rules and Guidelines here: https://community.sonicwall.com/technology-and-support/discussion/43/community-guidelines/  

    In general, I can simplify them down into the following statements:

    - We don't tolerate spam

    - We don't allow profanity, demeaning or abusive behavior

    - We don't allow the advertisement of competitor products

     In the last few days, a few posts have been flagged by our Moderation team for possible breach of Community Guidelines. While the posts were being reviewed by a dedicated review board, they were temporarily removed from the Community. Reading the content, some of the language used could be determined to be in breach of our Community Rules. Let's just say it's borderline. However, our review board has taken the decision to restore the content fully and encourage the continuation of this conversation. Your feedback is invaluable to us and is being reviewed by the right people - the people responsible for our engineering roadmaps, development, testing and ultimately delivery of our products.

    Our process is to notify the poster that their content has been temporarily removed, while it us under review. In this case, it seems those notifications were not received and I have a team looking into fixing that issue today so it does not happen again.

    In the case of Thekmumm, I believe I am joining a SonicWall meeting with you later today. I look forward to being able to address this with you directly and getting your concerns about NSM and Gen 7 addressed.

    For everyone else, let's continue the conversation, keep it productive and get your concerns addressed. You should see some additional input from our Product Management team on this thread shortly.


    Thank you all,

    Terri

     

     

     

    VP, Web and Digital Experience, SonicWall. Get my attention by tagging @Terri on the Community.

  • RobWRobW Newbie ✭

    Having many issues with the new firmware...

  • MPERU99MPERU99 Newbie ✭

    @Thekmumm @Terri @RobW @TKWITS

    We purchased the TZ670 last year, the default firmware was a major issue in regards to DNS , it would not allow you to correct DNS. this was a major issue not allowing the sonicwall to access the internet , which also means that the sonciwall itself could not get its license, or validate. there was a fix immediately created and released within days. R7xx. Luckily we had a secondary WAN connection that allowed us to trick the unit into working until we could get the new firmware at the time. I noticed even on the TZ670 the UI was slow, may not as slow as the 370 but i would contribute that to the internal processing speed. eventually updating to R906 that still did not change/fix the response issues

    Yesterday (April 13th) I did another update to the latest firmware on a production TZ670 and a non production TZ670. I still notice a difference where the production TZ670 is not as slow in the UI to respond as the non production one. the non production one does not have X0 thru X3 plugged in. i have configured X4 as my support interface for direct laptop connection. where as the production 670 is using first 4 ports, So the latest firmware has not addressed the UI speed issues.

    @Terri As I agree with the community policies , I have to agree with my fellow techs and admins out there, at some point sonicwall needs to take responsibility for the function of the units or lack there of. I am not going to advertise other products but we can all agree there are simple things like exporting IPs (address objects) or (address groups) that can be done by competitors products that sonicwall completely lacks. I hear the responses that no where does sonicwall export individual settings, and I counter with things like content filtering URI list can be exported as a text file from one sonciwall and imported into yet another sonicwall unit, I did it yesterday. I think the frustration I am hearing most is that so many good and very reasonable/functions suggestions are being asked of sonicwall to implement and are not being done, and it seems that sonicwall has concentrated its efforts on how the interface looks rather than better functionality and this is causing frustration in the community as it feels like we/they are being ignored on simple tasks that could be implemented to help improve not only sonicwall product but our efficiency supporting that product. It very frustration to have to copy 1.4K of address object over to another firewall manually, that is a lot of copying and pasting.


    regards,

  • ThekmummThekmumm Newbie ✭
    @MPERU99

    What's interesting to me is on the NSM when you apply settings it calulates a diff and shows the current config and the new config in human readable JSON. I don't know if the actual config is in JSON on the Gen 7 but I asked support if there was a way to create my own custom JSON them feed it to the firewall. They said not at this time but it is on the table as a feature request.

    I would love to be able to download the existing settings as a JSON. Edit the changes I want then send it to a firewall or a new firewall. It would also make it 100x easier to audit all the settings in one text file.
  • LarryLarry Cybersecurity Overlord ✭✭✭

    I would love to be able to download the existing settings as a JSON. Edit the changes I want then send it to a firewall or a new firewall. It would also make it 100x easier to audit all the settings in one text file.

    Wondering about the additional security layers required to accomplish that so that you'd be sure to keep intruders out...

  • MPERU99MPERU99 Newbie ✭

    Sorry but the API is cumbersome, I used it once and found it cumbersome, frustrating and made many mistakes, that and I can copy and paste in the UI faster than typing in the API, and I am not a API user by any means, I spend more time looking up the commands and using trial and error, most of the time its in error. This is very inefficient and antiquated way of managing/configuring a firewall for taking simple things like IPs and copying them over to another firewall. This should be a basic feature of any firewall. I wont name names, but my firewall at home using the UI I can export just about every tabbed item and i can import those into a different firewall. so those 1000 IPs , those GEO Blocked countries , those profiles can be exported and pushed to another firewall in just moments.. not hours or days. , and lets says days later.. added another 20 ips to the main firewall, its simple, export and import.. i can export just those new 20 ips or the entire list. less time managing my firewall from a config stand point and more focus on what attacks are being attempted, looking at reports etc., i can be pro-active instead of re-active. and i can spend the rest of the time doing other important things.

    It would just be much easier if SNWL would just put a import/export button on certain objects areas, export them out and import them in just like you do with content filter URI lists. with the proper checks and balances, importing into a new sonicwall, would check for existing names/IPs/etc while importing, alert the user with a existing IPs/RANGE/FQDN with different names exists do you want to import those. (Yes No) and if existing names/IP/RANGE/FQDN address objects already exists, no need to import those just skip.

    when importing address groups, alert user "existing group already exists, overwrite? (YES/NO/) , if No then just import those names that do not exists , otherwise overwrite all.

Sign In or Register to comment.