Are my SOHO firewall expectations too high?

(Before I start, thanks to Tom Lawrence for the fantastic YouTube videos that sent me here.)

I have a home office (software development & consulting) and have 3 other family members using my home network. (Including a 10 year old who I swear could do Red Teaming for a pen testing firm)

I do not have complex or zany requirements for my network or firewall. It’s 4 people in a house with some PCs and iOS devices.

Several years ago, I installed Unifi access points and a Unifi controller to improve my home wifi. Those work great. Love them.

I then thought I would get a Unifi USG to “upgrade” my network and improve security. While the USG was a big upgrade from an ISP router, I quickly discovered it had some significant limitations and issues, which really puzzled me. Horribly underpowered hardware. IDS/IDP in perpetual beta that would over load the device and cause it to crash. Lack of some basic configuration options that even my ISP router had. Every single change required the entire network to “reprovision” for 2 minutes. Firmware bugs that would break the network. I was very surprised by the limitations and issues I found, particularly since their access points seemed to work so well.

So I figured I would get a “proper” business class firewall. I buy Cylance endpoint protection from an MSP, and they sell Sonicwall. I had previously purchased a Sonicwall SMA 200 VPN appliance from them, so I figured a Sonicwall firewall would be a reasonable choice.

Based on the things I said I wanted, they recommended the Sonicwall TZ570, running SonicOS 7. That was in October 2020. They apparently had zero experience with SonicOS 7 at the time, which they failed to mention.

Let’s just say it’s been 9 months of punishment to get the thing to work properly, deal with numerous glaring bugs, many firmware updates, outages, restore failures, and wasted time with indifferent Sonicwall support reps. Very, very disappointing product. And Sonicwall support has been equally disappointing.

The final straw for me is that I have learned that the TZ570, and apparently all SonicOS 7 devices, will not let you view more than 1 HOUR of detailed log activity on the device. All of the detailed logging shown in the web UI is “ephemeral” and only stored in RAM. I cannot increase the capacity of the detailed logging shown in the UI. Period. If I wake up at 7am to see an alert email from 4am, I cannot view that alert in the firewall. It will be gone without a trace. Hours were wasted on a support ticket in order for me to have this confirmed.

My MSP and Sonicwall support never mentioned this, but I discovered that I can purchase an M.2 SSD for the TZ570. So I bought one. But I found that it only lets the device write log activity to a horribly malformed text file, and the firewall doesn’t support viewing those files in the web interface. I’m told the ONLY way I can view and analyze more than 1 hour of activity is to pay for the GMS Syslog service through my MSP. (which is not very good, IMHO).

You’ve got to be kidding me. Isn’t detailed log retention and analysis kind of important in a firewall?

Am I asking for too much for wanting to view a week’s worth of detailed logs that can be viewed from the firewall UI, with sorting and filtering? Who creates a firewall OS that only lets you see < 1 hour of activity with zero capability to increase that time frame?

I am not a network engineer. I am not a firewall engineer or expert. I just want a device with a UI that doesn’t have glaring holes, crippling bugs, and doesn’t require me to have a PhD in network engineering to administer myself. While I’m willing to pay for support, I’d prefer not to have to pay the $75 a month I’m currently paying just to get the mediocre GMS logging and deal with the issues I’m having this this Sonicwall TZ570.

Are my expectations too high?

As the Chinese say it’s easy when you know how.

75$ a month might be low, if you don’t know what to do. It strikes me that when seeking a service from any provider you need to know everything, otherwise you run the risk of being taken to the cleaners. You literally have to give them all your requirements. Obviously they aren’t so great but that’s probably the standard everywhere.

The alternative is to roll up your sleeves and get to grips with pfSense and understand how your network functions.

You should probably take a look at Untangle Firewall. They offer a home pro licence that gives you plenty of features including web filtering and threat protection. You can buy their appliance to go the DIY route and load their software and install a big drive for all the logging.

1 Like

100% go for unTangle, you can set different policies based on tags and tag certain devices / users. Their logging / reporting is amazing and better than everything else I’ve tried.

Tom has some in-depth videos on it like the one he linked.

1 Like