Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

NSM - Never used - should i?

I have not used NSM, but recently purchasing agent purchased NSM without discussing with me, after reading several of the community complaints I do not feel comfortable enabling NSM on our main production firewall. Things like Login loops, rebooting, X1 only issues. just to name a few are red flags. Lots of comments on its not mature enough.

I feel this like this product is a disaster, and should I even attempt it. Personally I don't mind managing it locally. I grew up in that era and just been a part of my life. Cloud has its place but not sure managing production firewalls is one of them. My worry / concern is some of the things that have been reported and even recently (Jun 2021) so that is pretty recent. I have a couple of TZ350s that i could do a trial on.

It seems the general census is DO NOT USE IT.

Category: Network Security Manager


  • LarryLarry Cybersecurity Overlord ✭✭✭

    My view on NSM is simple (and I've posted enough rants to warrant advice to tone it down): If you manage only a handful of devices, and have no requirement for any analytics, there is simply no need to use this product. However, if you have a large, dispersed fleet - either at one client site or multiple sites - then it might be a time-saving offering for overall management.

    But, if you want to use it, you'll have to realize that it is a product that was released without full functionality. It is being built on a continual basis. This means that features that either aren't present may (or may not) be on a roadmap. Broken items have unknown fix dates only in future releases (it seems there's no such thing as a "hot fix" for the cloud). For example: Capture ATP reporting for licensed AGSS devices hasn't been available in the NSM Dashboard since it was released. Supposedly it will arrive by the end of June 2021 with 2.3.x.

    So, if you can live with that kind of uncertainty, go ahead. Otherwise, there is no need to spend your clients' money.

  • MPERU99MPERU99 Newbie ✭
    edited June 10

    Ya I only have like 5 production office firewalls, 3 production remote user firewalls and 2 non production TZ350 (lab) firewalls to play with. So basically a handful , definitely not a fleet , I dont even use CSC on any of them. I have only known how to maintain locally ( I kind of prefer that anyhow.) and for the kind of management I want to do, you still cannot do under the cloud based. Like exporting all the IPs out of one firewall and importing them into another firewall.. using the simple GUI. and no not using the CLI either. what the point of the CLI when i can copy and paste faster using the GUI, the CLI offers no efficiency and I spend more time struggling on how to use the CLI then actually getting anything done. I have complained about this lack of simple useful export of IPs for a while. Its sad that so many other firewalls can do this and yet sonicwall cannot.

    Larry, thanks for you input, it is valued, I appreciate someone with more experience reaching out and providing a lighted path, so that others do not fall into the darkness of the unknown.

  • TKWITSTKWITS Cybersecurity Overlord ✭✭✭

    I agree with Larry's comments. I have a handful of firewalls on NSM and barely touch it. Most of these devices I have access to either via a server local to the firewall or its direct WAN interface.

    I had used their pre-cloud GSM years ago and found it lacking. Analytics was a big reason we tried NSM and as mentioned it's not quite there yet.

    I can totally see NSM use for a distributed helpdesk that covers a large geographical footprint with a mix of ISPs. I do not advocate for cellular connectivity, but NSM could be the best way to manage firewalls on cell services (because otherwise you are stuck behind carrier-grade NAT and not able to manage directly remotely).

    I really dislike agile development (I call it fr-agile) and thats what SW's latest offerings are.

Sign In or Register to comment.