Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

NSM - Never used - should i?

I have not used NSM, but recently purchasing agent purchased NSM without discussing with me, after reading several of the community complaints I do not feel comfortable enabling NSM on our main production firewall. Things like Login loops, rebooting, X1 only issues. just to name a few are red flags. Lots of comments on its not mature enough.

I feel this like this product is a disaster, and should I even attempt it. Personally I don't mind managing it locally. I grew up in that era and just been a part of my life. Cloud has its place but not sure managing production firewalls is one of them. My worry / concern is some of the things that have been reported and even recently (Jun 2021) so that is pretty recent. I have a couple of TZ350s that i could do a trial on.

It seems the general census is DO NOT USE IT.

Category: Network Security Manager
Reply

Answers

  • LarryLarry Cybersecurity Overlord ✭✭✭

    My view on NSM is simple (and I've posted enough rants to warrant advice to tone it down): If you manage only a handful of devices, and have no requirement for any analytics, there is simply no need to use this product. However, if you have a large, dispersed fleet - either at one client site or multiple sites - then it might be a time-saving offering for overall management.

    But, if you want to use it, you'll have to realize that it is a product that was released without full functionality. It is being built on a continual basis. This means that features that either aren't present may (or may not) be on a roadmap. Broken items have unknown fix dates only in future releases (it seems there's no such thing as a "hot fix" for the cloud). For example: Capture ATP reporting for licensed AGSS devices hasn't been available in the NSM Dashboard since it was released. Supposedly it will arrive by the end of June 2021 with 2.3.x.

    So, if you can live with that kind of uncertainty, go ahead. Otherwise, there is no need to spend your clients' money.

  • MPERU99MPERU99 Newbie ✭
    edited June 2021

    Ya I only have like 5 production office firewalls, 3 production remote user firewalls and 2 non production TZ350 (lab) firewalls to play with. So basically a handful , definitely not a fleet , I dont even use CSC on any of them. I have only known how to maintain locally ( I kind of prefer that anyhow.) and for the kind of management I want to do, you still cannot do under the cloud based. Like exporting all the IPs out of one firewall and importing them into another firewall.. using the simple GUI. and no not using the CLI either. what the point of the CLI when i can copy and paste faster using the GUI, the CLI offers no efficiency and I spend more time struggling on how to use the CLI then actually getting anything done. I have complained about this lack of simple useful export of IPs for a while. Its sad that so many other firewalls can do this and yet sonicwall cannot.

    Larry, thanks for you input, it is valued, I appreciate someone with more experience reaching out and providing a lighted path, so that others do not fall into the darkness of the unknown.

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    I agree with Larry's comments. I have a handful of firewalls on NSM and barely touch it. Most of these devices I have access to either via a server local to the firewall or its direct WAN interface.

    I had used their pre-cloud GSM years ago and found it lacking. Analytics was a big reason we tried NSM and as mentioned it's not quite there yet.

    I can totally see NSM use for a distributed helpdesk that covers a large geographical footprint with a mix of ISPs. I do not advocate for cellular connectivity, but NSM could be the best way to manage firewalls on cell services (because otherwise you are stuck behind carrier-grade NAT and not able to manage directly remotely).

    I really dislike agile development (I call it fr-agile) and thats what SW's latest offerings are.

  • mantis2kmantis2k Newbie ✭
    edited June 2021

    One of our most used features on sonicwall is the Public Server / NAT config wizard. My very first experience with using NSM was to click on the wizard and discover that the Public Server wizard is missing. All the other wizards are there though?! This seems kind of crazy. I then found this on their FAQ, so much for NSM making our life easier, sigh:

    https://www.sonicwall.com/support/knowledge-base/sonicwall-network-security-manager-nsm-faq/200803090636870/

    • I have a customer with more than 200 firewalls that uses LTU. Will NAT configuration wizard be available on NSM?  

    This a roadmap feature under consideration. This feature will have wizards to create large scale VPNs and SDWAN, etcetera.

  • montanadavemontanadave Newbie ✭

    Flat out answer: NO.

    They release things without proper testing, training, nor support. Save yourself a ton of headaches and wait a year.

    Try applying a template to a firewall. The template "engine" doesn't pull in newly created zones so you can't use them in the rest of the config. Try changing the time to log out as admin due to inactivity (default is 5 min). The template won't save and throws an error.

    I've spent hours configuring a template to see only portions of it apply to a firewall.

    Love the direction SNWL is going but they seem to be more concerned about moving forward than getting stuff to work.

    And when it comes to their switches, make sure they are cloud managed and not managed by firewall if you are using VLAN's amongst wired and wireless clients. Firewall managed switches and WAP's have issues -- cloud management all the way.

    The amount of hours I have spent with support is ridiculous. No one knows the product suite including support.

    Keep it simple and stick to the basic functionality and strength of the firewall. NSM isn't ready.

  • Here's my 2 cents as someone in IT that's only worked with Sonicwall firewalls at my company and now I'm using NSM, deployed at the beginning of 2021.... the product looks very nice and it would be awesome if it actually worked, but it doesn't.

    Issues I've had:

    • VPN connectivity between NSM and the Sonicwall NSM I am using with it - aka the most basic function to get things working and it took about 10 support calls to finally get it working and even then it was some wonkey work-around vs the automated/zero-touch method that should work
    • Analytics numbers somethings show GB instead of MB which really REALLY throws off the reporting and darn near makes it untrustworthy. This is unacceptable and I even saw this same issue in the days of GMS Analyzer
    • Monitoring and Alerting doesn't seem to work at all. I've just set up alerts for intrusions, viruses, botnets, web activity, and network performance. The only alerts it actually shows so far is a handful of Web Activity alerts, but there's literally no information about the events. Not only that, I set up a test alert for when my NSA 3600 goes above 5% CPU usage and I didn't start getting alerts until like 2 days after setting it up. And even then I was somehow only getting the emails for the alerts, but the events weren't even showing up in the NSM page where they should be viewable
    • Email alerts from NSM in general constantly get held in our spam filter due to failing DMARC which is all on Sonicwall's end as they haven't properly configured their DNS authentication for SPF and DKIM - I even called support and they acknowledged the issue
    • The login process to get into NSM is terrible. You have to first sign into MySonicWall and then go to Services and then NSM. Half the time you get stuck in continuous login loops between MySonicWall and NSM pages and the only solution is to clear your browser's cache and try again
    • NSM page loading is SUPER SLOW. Every now and then it is snappy but for the most part it is like running a super heavy website on dial-up.... No... satellite internet.
    • When you call into get NSM support, they always ask for the serial number, which the cloud hosted NSM doesn't even have a serial number so you have to give them the firewall unit serial, so then the ticket gets placed in the support queue for that firewall support category and not NSM. So when you call back you always get stuck in that loop of talking to the wrong person.
    • Support takes forever to get back to you if at all and they don't seem to actually read the information provided in cases opened online
    • As of 2021, I noticed that Sonicwall support seems to be almost always Indian women. I am not racist or sexist, but the trend seems to be getting support from someone who sounds like they could care less about your issue, doesn't listen or understand when you explain things, doesn't know how to actually solve the problem, and frequently gets disconnected or has to put you on hold for ages to get help from someone else. Then in the end, the solution is usually that the fix is coming in another firmware release

    I could probably keep going but that is the most common issues I've been having

  • LarryLarry Cybersecurity Overlord ✭✭✭

    @lostbackups - just to clear up this statement:

    When you call into get NSM support, they always ask for the serial number, which the cloud hosted NSM doesn't even have a serial number so you have to give them the firewall unit serial, so then the ticket gets placed in the support queue for that firewall support category and not NSM. So when you call back you always get stuck in that loop of talking to the wrong person.

    If you log into your MySonicWall account, select your Tenant, then My Products, and click on the firewall's serial number, a details window appears on the right-hand side. Scrolling down that window reveals the Cloud Management section, which contains the NSM serial number. That is the one to use when calling in for support.

    Now, I'd much prefer the Support dialog let us identify the firewall, select whether it is a hardware or cloud issue, thus pulling the appropriate information directly from MSW, but that's not going to happen anytime soon.

  • MPERU99MPERU99 Newbie ✭

    My original question was left back in June , I still have not gone to NSM and frankly we are looking for a replacement Firewall, the fact that it is 2021 and you cannot export or import IP address / FQDN from the gui is absurd to say the least. Support is lacking very few i speak with actually know what they are doing or even care to listen to the exact issue(s) I been playing with PFsense but its interface and the intuitiveness is a zombie apocalypse and have YET to be able to make a site to site connection regardless of all the claims it can be done. I think Sonicwall is the only firewall that allows you to make multiple network path connections under 1 site to site tunnel , and that is our dilemma, hindered by the way sonicwall was initially setup when i inherited it.

    So NSM is still garbage and has no purpose that i can see for our small setup.

  • LarryLarry Cybersecurity Overlord ✭✭✭

    @MPERU99 NSM Version 2.3.2-R8 was released on October 10, 2021. Several significant problems have been resolved with this release.

    However, if you are disheartened with SonicWall appliances and their implementation, I suggest taking a look at Fortinet's appliances. They may solve the situation(s) you face.

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭
    edited October 2021

    Four months since my last comment and I agree with Larry that NSM (with firewalls on the latest firmware release) has significantly improved. It's not perfect, but improved.

    For 'small' setups it's probably useless. For MSPs or medium to large helpdesks it can be very useful compared to direct management.

    I guess I don't get why people make a fuss about exporting / importing objects. On that note there are 'global' objects in NSM that you can apply across multiple firewalls and a now functional template system, so thats something...

  • LarryLarry Cybersecurity Overlord ✭✭✭

    And four months ago I was overly optimistic:

    Capture ATP reporting for licensed AGSS devices hasn't been available in the NSM Dashboard since it was released. Supposedly it will arrive by the end of June 2021 with 2.3.x.

    This is a significantly harder effort than was originally thought.

    Now, with the imminent arrival of the "Unified Insight" dashboard in CSC 3.x, I'm not sure if it is going to appear sooner (say early 2022) or be delayed longer (into 2023).

Sign In or Register to comment.