SonicWall's latest unified threat management (UTM) appliance offers enhanced networking capabilities for small businesses and branch offices, with the highest port density in the security vendor's line, along with advanced features for greater flexibility. It provides stateful firewall, deep packet inspection intrusion prevention, gateway anti-virus and anti-spyware. It includes 26 network ports--16 10/100Gb and 10 10/100/1000Gb ports--plus two interfaces for plug-in modules.
The port density lets SMBs decrease potential hardware on the network by collapsing infrastructure back onto the box, which has some switching capabilities and advanced switching features such as VLAN trunking, port-level security, Link Layer 2 discovery and link aggregation. The NSA 2400MX falls in the middle of SonicWall's NSA appliances for throughput, new connections per second, total UTM connections, site-to-site VPN tunnels and VPN client support.
"The product will be successful in smaller branch offices of larger organizations that want to decrease the number of appliances set up on network," said Matt Dieckman, SonicWall product line manager for network security. "It also suits businesses with a couple of hundred people who need some advanced switching capability such as VLAN tagging and trunking, where they want to set up multiple switches and also set up security between the VLANs."
The two module interfaces accommodate different plug-ins for network flexibility. For example, a company could add two four-port modules to add eight additional ports, or add a module with two SFP ports. Alternatively, the box accommodates two single-interface module plug-ins for load-balancing across two ADSL or T1/E1 connections for failover or load-balancing across traffic from two providers. The load-balancing capability would, for example, let SMBs take full advantage of SLAs from their Internet providers by bringing in a fast DSL for lower-priority traffic, such as Internet surfing, while opening up the T1 pipe for business-critical traffic.
Further, the 2400MX's application control allows granular bandwidth management, by throttling or even closing down, for example, instant messaging and P2P apps. Administrators can use the appliance to improve security via network segmentation, in which critical data, such as credit card information for PCI DSS compliance, can be segregated from segments carrying less-sensitive information. In addition, its Layer 2 discovery capability shows exactly what devices are connected, enhancing port-level security by letting administrators control access rules for each device.