Gen 7 TZ 370
Thekmumm
Newbie ✭
I have to ask. Are the gen 7 firewalls just complete garbage? I know the NMS "cloud management" is a stinking, hot. pile of garbage but I assumed the gen 7 on local management would be ok. I have been trying to configure one for 2 weeks and it seems no matter what after entering some number of settings it just locks up then page loads take 60+ seconds in the UI until I factory reset then it does it again. Seriously can it be this bad or am I having bad luck? I can not open another ticket where some level one tech wastes hours of my life telling me "it shouldn't work like that". Yeah I know that's why I'm talking to you.
Category: Entry Level Firewalls
1
Answers
Hi @THEKMUMM,
Thank you for visiting SonicWall Community.
Sorry to hear that your experience with Gen 7 appliance is not a pleasant one so far. If the firewall gets locked up on its own, we should be able to find some traces on the tracelogs or system logs. Didn't the support engineer help you with verifying those logs and providing you a root cause?
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Gen 7s with the latest firmware 7.0.0.906 seem to be hit or miss. Im running a number of TZ570s that are stable, but aren't exactly up to par with the Gen5 / 6s they replaced in various aspects.
Reports from other users on the forum of TZ370 / 270s make them sound like a mess even on the latest firmware. So it's not just you.
Supposedly a new Gen 7 firmware release is coming this month... also a price increase on the older models.
It is unfortunate that it has come to this.
Last summer, when the new "7 series" was announced, I dutifully attended the online sessions. I took the SonicWall University courses.
And I resolved to wait two years before investing any time or effort into these new devices. I believe that will give the company sufficient time to work out the problems that are baked into the first iteration of these devices and the new OS.
I've contacted all of my clients and have informed them that 2023 will be the earliest they will see a hardware upgrade. And, if prices on the Gen 6.5 models and support licenses increase, then I'll pass that "hardship tax" on to my clients, rather than subject myself (and them) to the sheer waste of (unbillable) time on support calls.
OK so I figured out what is causing the slowness. Anytime the FW loses WAN connectivity on X1 the UI slows to a crawl. If I unplug it, set a static IP on X1 for a network it is not currently connected to or turn on the tunnel all mode an IPSEC tunnel. All three cause the FW to take 1-3 minutes to load each page in the UI. I don't have NSM or GMS turned on so it makes zero sense to me. Also I would report it to support but they closed my ticket so I guess they don't care. Oh well to the dumpster she goes I guess.
Now that you mention the WAN I have experienced an issue similar. Have a TZ570 with 2x 1.5Mbps DSL lines and the local web UI is appallingly slow. I rarely manage it locally though because it's on NSM, BUT the two times I did I remember it being awful.
This makes me believe that Gen7s are calling home wwaayyyyy more than they need to but I haven't bothered to verify myself.
Hi Everyone,
I wanted to jump on this thread, introduce myself and clarify some actions that were taken by SonicWall staff in the last 48 hours.
My name is Terri O'Leary and I'm the VP for Web and Digital Services at SonicWall. You can get my attention on this community by using "@Terri" when you write a post.
Our Community is a public forum. It is important to us to be transparent, and to provide a place for our end users, partners and employees to interact, ask questions and help each other. That is the whole purpose for this Community to exist.
These posts are reviewed by a team of SonicWall moderators daily. As with any public-facing platform, we have some rules about acceptable practices here. You can read our full Community Rules and Guidelines here: https://community.sonicwall.com/technology-and-support/discussion/43/community-guidelines/
In general, I can simplify them down into the following statements:
- We don't tolerate spam
- We don't allow profanity, demeaning or abusive behavior
- We don't allow the advertisement of competitor products
In the last few days, a few posts have been flagged by our Moderation team for possible breach of Community Guidelines. While the posts were being reviewed by a dedicated review board, they were temporarily removed from the Community. Reading the content, some of the language used could be determined to be in breach of our Community Rules. Let's just say it's borderline. However, our review board has taken the decision to restore the content fully and encourage the continuation of this conversation. Your feedback is invaluable to us and is being reviewed by the right people - the people responsible for our engineering roadmaps, development, testing and ultimately delivery of our products.
Our process is to notify the poster that their content has been temporarily removed, while it us under review. In this case, it seems those notifications were not received and I have a team looking into fixing that issue today so it does not happen again.
In the case of Thekmumm, I believe I am joining a SonicWall meeting with you later today. I look forward to being able to address this with you directly and getting your concerns about NSM and Gen 7 addressed.
For everyone else, let's continue the conversation, keep it productive and get your concerns addressed. You should see some additional input from our Product Management team on this thread shortly.
Thank you all,
Terri
VP, Web and Digital Experience, SonicWall. Get my attention by tagging @Terri on the Community.
Having many issues with the new firmware...
@Thekmumm @Terri @RobW @TKWITS
We purchased the TZ670 last year, the default firmware was a major issue in regards to DNS , it would not allow you to correct DNS. this was a major issue not allowing the sonicwall to access the internet , which also means that the sonciwall itself could not get its license, or validate. there was a fix immediately created and released within days. R7xx. Luckily we had a secondary WAN connection that allowed us to trick the unit into working until we could get the new firmware at the time. I noticed even on the TZ670 the UI was slow, may not as slow as the 370 but i would contribute that to the internal processing speed. eventually updating to R906 that still did not change/fix the response issues
Yesterday (April 13th) I did another update to the latest firmware on a production TZ670 and a non production TZ670. I still notice a difference where the production TZ670 is not as slow in the UI to respond as the non production one. the non production one does not have X0 thru X3 plugged in. i have configured X4 as my support interface for direct laptop connection. where as the production 670 is using first 4 ports, So the latest firmware has not addressed the UI speed issues.
@Terri As I agree with the community policies , I have to agree with my fellow techs and admins out there, at some point sonicwall needs to take responsibility for the function of the units or lack there of. I am not going to advertise other products but we can all agree there are simple things like exporting IPs (address objects) or (address groups) that can be done by competitors products that sonicwall completely lacks. I hear the responses that no where does sonicwall export individual settings, and I counter with things like content filtering URI list can be exported as a text file from one sonciwall and imported into yet another sonicwall unit, I did it yesterday. I think the frustration I am hearing most is that so many good and very reasonable/functions suggestions are being asked of sonicwall to implement and are not being done, and it seems that sonicwall has concentrated its efforts on how the interface looks rather than better functionality and this is causing frustration in the community as it feels like we/they are being ignored on simple tasks that could be implemented to help improve not only sonicwall product but our efficiency supporting that product. It very frustration to have to copy 1.4K of address object over to another firewall manually, that is a lot of copying and pasting.
regards,
What's interesting to me is on the NSM when you apply settings it calulates a diff and shows the current config and the new config in human readable JSON. I don't know if the actual config is in JSON on the Gen 7 but I asked support if there was a way to create my own custom JSON them feed it to the firewall. They said not at this time but it is on the table as a feature request.
I would love to be able to download the existing settings as a JSON. Edit the changes I want then send it to a firewall or a new firewall. It would also make it 100x easier to audit all the settings in one text file.
I would love to be able to download the existing settings as a JSON. Edit the changes I want then send it to a firewall or a new firewall. It would also make it 100x easier to audit all the settings in one text file.
Wondering about the additional security layers required to accomplish that so that you'd be sure to keep intruders out...
@Thekmumm, @MPERU99
You guys can use the API to do some of the mundane tasks like address objects etc..
https://www.sonicwall.com/support/knowledge-base/how-to-migrate-fqdn-address-objects-from-a-gen-6-to-gen-7-device-using-sonicos-api/200812073105770/
Sorry but the API is cumbersome, I used it once and found it cumbersome, frustrating and made many mistakes, that and I can copy and paste in the UI faster than typing in the API, and I am not a API user by any means, I spend more time looking up the commands and using trial and error, most of the time its in error. This is very inefficient and antiquated way of managing/configuring a firewall for taking simple things like IPs and copying them over to another firewall. This should be a basic feature of any firewall. I wont name names, but my firewall at home using the UI I can export just about every tabbed item and i can import those into a different firewall. so those 1000 IPs , those GEO Blocked countries , those profiles can be exported and pushed to another firewall in just moments.. not hours or days. , and lets says days later.. added another 20 ips to the main firewall, its simple, export and import.. i can export just those new 20 ips or the entire list. less time managing my firewall from a config stand point and more focus on what attacks are being attempted, looking at reports etc., i can be pro-active instead of re-active. and i can spend the rest of the time doing other important things.
It would just be much easier if SNWL would just put a import/export button on certain objects areas, export them out and import them in just like you do with content filter URI lists. with the proper checks and balances, importing into a new sonicwall, would check for existing names/IPs/etc while importing, alert the user with a existing IPs/RANGE/FQDN with different names exists do you want to import those. (Yes No) and if existing names/IP/RANGE/FQDN address objects already exists, no need to import those just skip.
when importing address groups, alert user "existing group already exists, overwrite? (YES/NO/) , if No then just import those names that do not exists , otherwise overwrite all.
I agree! I am on my second one and still have not been able to deploy it. I have the default configuration LAN and WAN IP's
Seems to be an overheating problem based on my observations. Seems to run for just under 24 hours before it shutdown. I notice it is how when it does.
This is the same experience I am having with a TZ270 I deployed a few days ago. This is the first 7th gen TZ that I have deployed and I am not impressed at all. It will run somewhat reliably for 18-24 hours and then the Internet connection slows to a crawl and starts dropping out, and I can't get into the interface at all. The login page won't even load. Power-cycling the firewall gets it back working normally, but then it does the same thing again. The unit is in an air-conditioned environment, mounted to the wall, and has plenty of space around it to breath.
I just replaced it with a TZ350 this morning (I've deployed tons of these with no issues). We will see how it holds up and that will confirm if the TZ270 was the issue.
I bought a new device TZ270 (Two of them actually). Management interface cannot load internally after registering. Spins for ever, and is slower than Molasses. I also have internet general slowness. Does someone have an answer?
Latest Released Firmware
7.0.1-5030
Type
Maintenance Release
Release Date
Oct 18, 2021
I just updated my one TZ270 that’s been sitting on a shelf to the latest firmware hoping that maybe they have fixed the issue and maybe I can comfortably deploy it somewhere. But based on your post, it sounds like they haven’t.
I’m to the point of dumping Sonicwall and finding an alternative for my standard firewall deployments.
Ugh... I've been trying to setup a new TZ270 for the last few hours... same symptoms as everyone else. Found this thread while searching google for "sonicwall gen 7 unusable". I have 2 gen 7 models already out there that worked OK out of the box, but I'm afraid they will be the last for the foreseeable future. I've been using Sonicwalls for almost 20 years... hope they get their act together as I'm getting too old to enjoy learning another brand's interface...
Just throwing my hat into the pile on the TZ270 issues. Very unstable, issues all across the board. Have tried in multiple locations and in every one the same thing happens. Unstable internet, vpn, and a locked admin ui until a reboot.
I have tried RMAing a device and multiple firmware setups as well as wiping them and starting from scratch. We really need some answers or at least someone to admit there is a problem in general and not something that everyone should be handling as their own issue/support ticket. This is far too wide spread to be config problems alone, this is a firmware issue somewhere and if you ask me a bloat issue on the UI. Give us some options, a time line, and maybe a way to shut off services we are not using to see if we can figure this out.
Most of all...please give us some feedback other than telling us to do more work to figure it out. Tell us you hear us and that there is a wide spread problem that you are working on at the very least!
Chiming in here. TZ470. Wan dropping frequently, WAN slowness when it is up, GUI sluggish/non-responsive. Happens with both PPPoE connections and DOCSIS cable modems. Tried the latest firmware, factory reset/reconfig did not solve the issue. Tried using an old TZ210 temporarily no connection drops rock solid. Eventually replaced the TZ470 with a TZ400 and no connection drops again rock solid. There are serious issues with the new TZ generation hardware and/or firmware that are not getting addressed by Sonicwall forcing me to buy the older gen units until they run out of stock.
I have four customers all with the same ISP and all with either a TZ270 or a TZ370 and as of 5/6/22, they are all experiencing intermittent but frequent Internet outages, as many as 30 in a 24 hour period. The outages are mostly 10 to 15 seconds in duration with some as long as 90 seconds. There is no discernible pattern and all have the latest firmware. Their VOIP service is constantly dropping calls and remote workers have frequent disconnects. I have even set all of these devices back to factory defaults with a plain vanilla out-of-the-box configuration only to still have the problem. SonicWall even sent me a warranty replacement in one case which ended up having the same exact problem......mathematically the odds of that being a coincidence are virtually impossible. 7th gen TZ270s and TZ370s have a systemic problem and are in need of an emergency hotfix ASAP !
BTW, at one of the locations replacing the SonicWall with the ISP-provided router fixed the issue so I tried it at all the other locations, and wouldn't you know it, the problems disappeared !
I have also replaced one of the TZ270 SonicWall's with a WatchGuard Firebox T20 and that also fixed the issue !
I have been selling and installing SonicWall's for 15 years and nothing even remotely this bad has ever happened !!!
🤬🤬🤬
You may want to consider ditching SonicWall altogether, I did and no more 7th gen issues plaguing my customers with downtime. 😉
Might have to leave Sonicwall myself, have two clients with multiple issues over 7th Gen Tz270's. Vpn dropping, RDP time-outs, PPOE dropping sporadically. Customer now is looking for alternatives. Sonicwall used to be the one-stop shop, you did not need to look any further. But now more and more people in the I.T. industry are starting to look elsewhere, we don't need the headaches this is causing.
I will start purchasing elsewhere now, this gen 7, should not have been released with this many problems.
I realize that this is an old thread already, but I wanted to put in my $0.15 (inflation, you know.)
There have been problems with the Gen 7 products, which is unfortunate, because they have a lot of promise. I've been dealing with them for a while now - I have a number of them deployed at various client sites. Firmware issues have plagued them. I've literally had to downgrade a device and reconfigure it from scratch, because one of the updates had some serious problems, although that's been a while. Adequate support hasn't been great. You get a lot of Tier 1 support reps who really don't know the products well. Half of them immediately want to drop into the 6x interface in order to do what they need done because they're just unfamiliar with the 7x interface, or don't find it easy to work with. (Personally, I think it's a mixed bag.)
One of the things that seems to be the case for me is that, at least, the Gen 7 TZ devices are very heat sensitive. You put them on top of another device, in say a small office environment, and you're going to have problems. Even if they aren't really that hot to the touch, they may be overheating. Why do I say that? Because when I move them such that they get better ventilation all the way around the box, they stop having lock-up problems. I've got one office where I have their TZ 370 sitting on top of a couple of Cat 6 patch cable coils, just to get it off the table, or the SonicWall switch it was sitting on. At another client, I've got them using a small, clip-fan, pointed at the TZ 570. These methods were the only things I was able to do that successfully stopped the machines from locking up. (And stay far away from SFP modules! They run super hot, and the firewalls can't actually see them. At least not the ones I tried. The switches see them though.) Now I've searched on whether anyone else has noticed this, and haven't seen anything about it. But I am convinced that heat is a major issue with these Gen 7 TZ devices. So if you're having trouble, try cooling them down.
@Beldin - heat, go figure!
I've got a TZ270W and just checked it. I was VERY surprised. I'm glad the little rubber ducky that sits on top hasn't melted.
Datasheet says Operating Environment: 32°-105° F (0°-40° C).
That hasnt changed since Dell owned them, and is not outside competitors ranges.
I do feel Gen 7's run hot and can't handle a non-temp-controlled environment well. Thankfully 99% of ours are deployed to controlled environments. I am dreading putting one in a mobile coach as it will be fully enclosed with a switch that runs hot (but thankfully the switch can handle it).
Anyone crack one open yet? I wouldn't be surprised if there was no heatsink on the SoC at all. Clearly there's no fan.
I have not had to downgrade firmwares as others have, maybe I'm just lucky.
Regarding local management, I've noticed if I'm not on the local subnet, i.e. XO subnet, the interface is slow and can hang. But I noticed this on the Gen 6, too. Most of our systems have VLAN's and if you're coming from one of those, the performance is not great.
My company has deployed close to several Gen 7 SonicWALLs, most of which are plagued with issues. Contact the country manager, however he just asked us to get in touch with the technical