MPSS Frequently Asked Questions (FAQs)

Description

General Overview

What is MPSS?

MPSS stands for Managed Protection Security Suite, and it’s the best of SonicWall’s security service bundles available for Generation 7 and newer firewalls. It has everything that Advanced Protection Security Suite (APSS) has, and adds full firewall management provided by the SonicSentry Network Operations Center team.

As part of the service, the SonicSentry team will provide firewall monitoring and management, including alerts of offline devices or local changes, as well as monthly health checks. The team will also handle firmware upgrades and other configuration changes for you, at your convenience.

What firewalls does MPSS support?

MPSS is only for SonicWall firewalls, generation 7 and newer.

Does MPSS include support for non-firewall products (e.g., switches, APs, etc.)?

No, MPSS provides support for Generation 7 and newer firewalls only.

Licensing & Eligibility

I don’t see the MPSS subscription available on the standard price list?

MPSS is currently only available to partners that are members of the SonicWall Service Provider Program (SPP). If you are a partner, please contact your Account Manager to understand how you can join the Service Provider program. If you are a customer, please contact your preferred SonicWall partner for more details.

My customer’s firewall has an APSS license is expiring in 6 months. Can I upgrade them to MPSS now?

Yes, you can purchase an Annual MPSS subscription for 1, 2, or 3 Years and apply it to a firewall with an active APSS license. If there is any remaining valid term on the previous license, it will be prorated and added to the validity of the MPSS subscription to repurpose your investment.

Is MPSS available for Monthly Billing?

Yes, you can edit your products and add/upgrade the licensing for security services to be billed via the Monthly Billing process

Can I license my firewalls for MPSS and have them managed using an on-premise deployment of the NSM software?

No, firewalls licensed for MPSS can only be managed with the SaaS edition of NSM.

Can I have a mix of MPSS firewalls and other SonicWall firewalls in the same tenant?

Yes! As of October 2025, MSW tenants may now contain both MPSS and non-MPSS licensed units.

I would like to offer MPSS to my customers but they need more than 30 Days of data retention for compliance. What options do I have?

MPSS supports the application of add-on NSM data retention licenses to increase data retention from 30 days to 90 days or 365 days.

Is there a Secure Upgrade option I can use to upgrade my customer’s older hardware?

At this time, we are not offering a Secure Upgrade bundle for MPSS.  Instead you can leverage the existing Total Secure bundle and apply additional years of subscription using the standalone MPSS subscription.

Onboarding & Prerequisites

Is remote implementation (or RIS) included with MPSS?

No, RIS is not included with MPSS, and MPSS does not provide support for initial deployment or configuration. Partners need to complete their own initial configurations before onboarding with the SonicSentry NOC team. Please see the Getting Started Guide for more information. for more information.

What are the pre-requisites that need to be completed for onboarding with the SonicSentry team?

The firewall must be powered on, connected to the internet, and have the initial configuration for your specific environment complete, for example, any specific firewall rules, VPN tunnels, or remote users.  

How do I initiate onboarding with the SonicSentry team?

For new firewalls, first you’ll complete the initial registration and configuration of the firewall as noted above. Then, you’ll click the link in the Getting Started Guide to send an email to the team with the firewall name and serial number. See the for more information.

How long will it take the SonicSentry team to complete my onboarding?

We typically respond to onboarding requests the same business day. If you have submitted your request at the end of the business day, you will receive a response the following business day.

If I have multiple firewalls to onboard, do I need to send multiple emails?

Since each firewall will have different requirements and details, please submit a separate request for each serial number. This ensures that all information and updates remain tied to the correct firewall.

Configuration Management

Will the SonicSentry team handle my configuration requests, in addition to the firmware updates and patches?

Yes! Once you’ve been onboarded with the SonicSentry team, they will handle any firewall configuration changes you need, as long as they are to the firewall itself. They will not provide configuration assistance with third party tools.

Do I have to go through the SonicSentry team to make configuration changes? Can I still make changes on my own?

To ensure compliance with security best practices and the requirements for the $200,000 warranty, we strongly recommend that all change requests come through SonicSentry Support and be conducted by the SonicSentry team. However, partners can still make changes on their own if they wish; please note that the SonicSentry team is not liable for changes that they did not make.

What is the SLA for firewall configuration changes performed by the SonicSentry team?

We will start work on configuration changes within 4 business hours of the request being submitted. We cannot guarantee a time of completion for requests as the complexity of each request will vary.

Are there configuration changes that the SonicSentry team will not help with?

The SonicSentry team will not provide changes or help with third party tools. However, if you need to make a change to your firewall to accommodate a third-party tool, we can do the firewall change for you.

Ticketing & Support Access

How do partners or customers set up or access their ConnectWise portal account for ticketing?

MSS ticket portal accounts are automatically created when the partner or customer sends their very first onboarding email. After that, they will immediately be able to login to the ticket portal to submit new and work existing tickets. If there are additional users that should be given portal accounts, you can raise this in your onboarding email or contact MSS Support separately.

Change requests are generally submitted by partners on a customer's behalf but may also be submitted by partner-authorized contacts from end customer companies. In the event of a change request from a customer not currently associated with a partner company, the NOC team will ask for confirmation from an authorized person at the partner company.

Firmware Updates & Notifications

Am I Notified About New Firmware Versions?

Yes, but the type of notification depends on whether the firmware is classified as Normal or Critical.

Normal Firmware

“Normal” firmware includes:

  • Scheduled releases

  • General, Early, or Hotfix builds addressing bugs or feature updates

SonicSentry does not send notifications for new normal firmware releases. These alerts are already provided through MySonicWall.

To ensure you're receiving these updates:

  1. Log in to your MySonicWall account

  2. Go to Settings > My Account

  3. Click Edit under Alert Settings

    1.  

  4. Under the Email & In-App column, enable:

    • New Software and Firmware Upgrades

    • (Optional) Enable any other relevant alerts

  5. Click Confirm

Critical Firmware

Critical firmware is released to address critical vulnerabilities, specifically those with a CVSS score of 9.0 or higher.

When critical firmware is released, SonicSentry will notify affected partners and follow the process defined in the “Critical Firmware Updates” section of the MPSS Service Plan.

Related Articles

  • MSS Managed Firewall Best Practice Configuration
    Read More
  • NDR: Integration Guide
    Read More
  • NDR: Windows Server Agent
    Read More

Categories

Managed Security Services
Firewall Monitoring and Management
not finding your answers?
Ask the Community