The Firewall Is Not Dead: How AI Gives It a Co-Pilot

How SonicWall's AI-native platform transforms next-generation firewalls into intelligent, self-managing enforcement engines

At industry events, I often hear predictions that that firewalls are becoming obsolete. The argument usually sounds something like this: AI is changing everything, and the traditional perimeter no longer matters.

I push back on that every time I hear it. From what I see in the field, and from the data we track at SonicWall, the firewall's importance is growing, not diminishing.

The way I see it, AI has not replaced the firewall. It has given it more to protect.

AI Expands the Threat Surface the Firewall Must Defend

When I look at the threat landscape, the pattern is clear. Attackers are using AI to write cleaner phishing campaigns and generate polymorphic malware faster than signature systems can keep up. They probe for misconfigurations at machine speed, and most of that traffic is encrypted.

Inspection has to happen somewhere with the horsepower to decrypt, inspect, and re-encrypt without crushing performance. In my experience, that somewhere is still the firewall.

I also look at how networks are actually built today. Workloads sit in data centers, across multiple clouds, at branch offices, and inside AI applications that reach out to model APIs and pull data from everywhere. Every connection needs a policy decision: who is allowed to talk to what, under what conditions, and with which data. Someone has to enforce that decision at the edge of each environment. I still believe the next-generation firewall is the most practical place to do it.

My Take: The Firewall Becomes a Distributed Enforcement Layer

My positioning is simple. In an AI-era network, I see the firewall moving from a gatekeeper at the office door to a distributed enforcement layer wrapped around every environment that matters, including the AI workloads themselves.

This has nothing to do with nostalgia for hardware. What I believe organizations need is a consistent, high-performance point of control, with many of them working together as one. That is the architecture I advocate for.

Managing the Network Around the Firewall Is the Hard Part Now

Here is the operational reality I see constantly. A growing enterprise or MSP is not running a single firewall. They are running dozens or hundreds, alongside switches, access points, secure access, and endpoints. Each device generates logs, alerts, and configuration drift. The teams I talk to are almost always smaller than the problem they face.

I do not believe you can solve that with more dashboards. In my view, you solve it with an AI-native control plane built from the ground up.

SonicWall Unified Management: Cloud-Native and AI-Powered

That thinking is what drove us to build SonicWall Unified Management, our cloud-native console. What I wanted to give customers was a single location to manage their entire SonicWall deployment, with administrative tasks streamlined through:

• Multi-tenant design with role-based access for secure team management
• Zero-touch deployment and license management
• Active monitoring of firewalls, network gear, and endpoints
• Unified visibility that replaces scattered point tools

What makes it AI-native rather than AI-flavored is SAMI (SonicWall AI for Monitoring and Insight), which I had built directly into the platform. SAMI is conversational. An administrator can ask in plain language:

• Which firewalls are still on an older firmware build?
• What is driving a traffic spike on a particular tenant?
• Which devices need attention right now?

They get an answer without clicking through six screens. SAMI pulls firewall and traffic analytics, surfaces the signal under the noise, and can perform routine work such as firmware upgrades on request.

For me, the point of that is not novelty. It is alert fatigue. When I look at small teams responsible for large fleets, the scarce resource is attention. An AI assistant that answers questions in context and handles repetitive work returns that attention to where it belongs. That is the difference I want our customers to experience: managing a network rather than constantly reacting to one.

SAMI Capabilities: What AI-Native Management Looks Like in Practice

To make that contrast concrete, the table below shows how SAMI changes the day-to-day experience of managing a large firewall fleet, comparing each capability against the traditional approach it replaces.

Network Security Manager (NSM): The Firewall Foundation I Rely On for Cloud-Delivered Security

All of that depends on a strong foundation underneath. For the firewall fleet, that foundation is SonicWall Network Security Manager (NSM), part of Unified Management. NSM is where I believe cloud-delivered management, reporting, analytics, and forensics come together most effectively.

From a single console, I can provision and configure firewalls and push consistent policy across every environment. One capability I particularly value is the ability to compare configurations before committing them, so that human error does not quietly become an outage or an exposure.

On the reporting side, NSM correlates logs across the entire fleet, turning raw telemetry into usable information for investigators. When something goes wrong, that correlated, auditable record serves as the forensic trail, and it doubles as the compliance evidence most teams are constantly asked to produce.

Secure by Design: My Belief That Security Should Be the Default State

I am a strong believer that security should not be a configuration project that customers have to get exactly right under pressure. It should be the default state of the product from day one. That is a principle I have pushed hard internally.

SonicWall signed CISA's Secure by Design pledge, and our recent releases for SonicOS and NSM are where that commitment shows up in shipping code, not just in slides. Concretely, that means:

• Secure configurations out of the box
• Elimination of default passwords
• Broader multi-factor authentication enforcement
• Automatic updates so the fleet stays current without an administrator chasing patches
• NSM cross-referencing settings against best practice and flagging exposure early
• Machine learning and memory-safe development applied to remove vulnerability classes before they ship

I think of Secure by Design as the engineering discipline. Secure by Default is what the customer experiences on day one. Both are now the baseline for what I expect from a next-generation firewall, and neither should be a premium add-on.

Key Takeaways: Why the Firewall Remains Essential in the AI Era

Having covered the threat landscape, the management challenge, and the platform we have built to address both, the table below distills the core themes of this post into practical implications for your organization.

Figure 1 below illustrates the four interconnected pillars that define SonicWall's defense-in-depth approach in an AI-era network. Threat Prevention covers the inspection layer, where the firewall decrypts, analyzes, and blocks AI-generated malware and polymorphic threats before they reach the network. Network Enforcement represents the distributed NGFW layer that applies consistent policy across data centers, multiple clouds, branch offices, and AI workloads. AI-Native Management is where SAMI and NSM operate, giving administrators conversational control over the entire fleet and replacing reactive dashboard monitoring with proactive, AI-driven insight. Secure by Design anchors the stack from below, ensuring that every device in the fleet ships with hardened defaults and stays current automatically. Together, these four pillars describe why I believe the firewall is not a legacy component to be retired, but the central control point around which a modern, AI-aware security architecture is built.

Conclusion

My view is straightforward: the firewall is not fading. It is evolving into an intelligent, distributed enforcement layer that anchors the AI-era security stack. With SAMI's conversational AI, NSM's unified visibility, and a Secure by Design foundation, I believe we have built a platform that lets organizations maintain strong enforcement at every edge without overwhelming the teams responsible for it.

The organizations that invest in AI-native firewall management today will be better positioned to absorb tomorrow's threats without expanding their operational burden. That is the outcome I am building toward.

Please check out the Q&A below for more information. 

Frequently Asked Questions

Is the firewall still relevant in an AI-driven network?

Yes. AI expands the number of environments and workloads that require enforcement, thereby increasing the firewall's role rather than diminishing it. The form factor evolves from a single perimeter device to a distributed enforcement layer across clouds, branches, and AI workloads.

What is SAMI, and what does it do?

SAMI (SonicWall AI for Monitoring and Insight) is an AI assistant embedded in the SonicWall Unified Management platform. It answers plain-language queries about fleet status, traffic anomalies, and device health, and it can perform routine tasks such as firmware upgrades on request.

What is SonicWall NSM?

SonicWall Network Security Manager (NSM) is a cloud-native console for centralized firewall provisioning, policy management, analytics, and compliance reporting across the entire fleet.

What does Secure by Design mean for SonicWall customers?

SonicWall signed CISA's Secure by Design pledge, meaning firewalls ship with secure default configurations, no default passwords, MFA support, and automatic update capabilities. Customers receive a secure state on day one rather than needing to configure their way into it.

How does SonicWall address alert fatigue for small security teams?

SAMI surfaces relevant signals from raw telemetry and handles repetitive operational tasks conversationally, allowing small teams to focus attention on genuine incidents rather than routine checks.