Hands-On: SonicWALL Brings UTM To SMB Wired And Wireless Network
April 25, 2012
Security vendor SonicWALL, which was acquired in March by Dell, is aiming to provide an appliance that makes protection and authorized access easy for the IT pro. Case in point is the TZ 215 series of security appliances in late march of 2012 and is positioning the device as the mother of all unified threat management (UTM) firewalls for small businesses and branch offices.
Available as two different models, the TZ 215, which is for wired networks and the TZ 215W, which bundles in an integrated radio for Wireless-N connectivity, offer identical feature sets (save for integrated wireless) and retail for $845.00 and $995.00 respectively.
I recently put a TZ 215W UTM device through its paces and I found that the device does a decent job of meeting the security needs of a small business, while providing a few extras, such as VPN access and support for a multitude of wireless devices.
A closer look at the TZ 215W
The SonicWALL TZ215 Wireless-N Firewall offers several features and capabilities. First and foremost, the device works as a Stateful Packet Inspection (SPI) firewall and incorporates a full suite of UTM (unified threat management) capabilities, as well as 802.11a/b/g/n secure wireless, and offers both IPSec and SSL VPN capabilities. The UTM suite includes intrusion prevention, gateway anti-virus/anti-spyware, Content/URL filtering, enforced client anti-malware and application control.
Of course, SonicWall is not the only player in the SMB security appliance space, Cisco, Fortinet, NetGear, WatchGuard, and many others offer security appliances for branch offices and small networks. While it is a crowded market, SonicWALL has incorporated a few features that help to make the product competitive and in some cases, a class leader.
Installation and setup of the TZ 215W is wizard driven and is accomplished with the help of a quick start guide (which is the only printed documentation included). After plugging the device in, one of the first steps that you must do is register with SonicWall which is a critical step because all of the licenses for the product and associated software are registered and activated via SonicWall’s website. After registration, I downloaded and installed the latest firmware and software for the TZ215W and then actually get started with deploying the device.
The TZ 215W is feature rich, meaning you will need to plan your deployment and navigate through several setup scenarios. It is not difficult to do, just time consuming and takes a decent amount of networking knowledge to do it correctly.
First on the agenda is setting up the firewall itself, which consists of creating policies that direct/block/examine the traffic coming from the edge of the network. Policy definition is wizard based, meaning that defining basic policies takes only a few mouse clicks to accomplish. Nevertheless, it takes more than basic policies to protect todays networks, and that is where security can become rather complex.
SonicWALL tackles those issues with application intelligence, control and visualization â€“ a set of capabilities integrated into the firewall engine. Simply put, the firewall is aware of what applications are running across the network, and in what context those applications are used. The industry already has a name for that technology â€“ Next Generation Firewall. The integrated firewall is ICSA certified and can scan over 50 protocols with deep packet inspection capabilities.
With the TZ 215 series, I was able to define complex policies that can manage applications at the edge of the network. In other words, if I wanted to block access to Skype or Facebook Games, I could create a policy to do so. What’s more, I was able to define the granularity of that policy â€“ which means I could grant individuals or groups access to those applications and even control what time of the day those applications could be used and how much bandwidth those applications could consume.
That level of application control proves beneficial for businesses looking to prevent data leakage, meet compliance needs and offer scalable control and access as needed to applications. The traffic shaping/management capabilities also ensure that social media traffic won’t capitalize network bandwidth, protecting key business processes from failure due to traffic congestion.