Hands-On: SonicWall Brings UTM to SMB Wired and Wireless Networks
April 25, 2012
Security vendor SonicWall, which was acquired in March by Dell, is aiming to provide an appliance that makes protection and authorized access easy for the IT pro. Case in point is the TZ-215 series of security appliances, which SonicWall is positioning the device as the mother of all unified threat management (UTM) firewalls for small businesses and branch offices.
The TZ-215 is intended for wired networks, and the TZ-215W bundles in an integrated radio for wireless 802.11n connectivity. Otherwise, the two appliances offer identical feature sets and retail for $845 and $995, respectively.
- Agile Service Desk: Keeping Pace or Getting out Paced by New Technology?
- COBOL in the Big Data Era: A Guide
White PapersMore >>
- Research: Federal Government Cloud Computing Survey
- SaaS 2011: Adoption Soars, Yet Deployment Concerns Linger
I recently put a TZ-215W UTM device through its paces, and I found that the device does a decent job of meeting the security needs of a small business while providing a few extras, such as VPN access and support for a multitude of wireless devices.
A closer look at the TZ-215W
The SonicWall TZ-215W Wireless-N Firewall offers several features and capabilities. First and foremost, the device works as a stateful packet inspection (SPI) firewall and incorporates a full suite of UTM capabilities, 802.11a/b/g/n secure wireless, and both IPSec and SSL VPN capabilities. The UTM suite includes intrusion prevention, gateway anti-virus/anti-spyware, content/URL filtering, enforced client anti-malware and application control.
Of course, SonicWall is not the only player in the SMB security appliance space. Cisco, Fortinet, NetGear, WatchGuard and many others offer security appliances for branch offices and small networks. While it is a crowded market, SonicWall has incorporated a few features that help to make the product competitive and, in some cases, a class leader.
Installation and setup of the TZ-215W is wizard-driven and is accomplished with the help of a quick-start guide (which is the only printed documentation included). After plugging the device in, one of the first steps that you must do is register with SonicWall. This is a critical step because all of the licenses for the product and associated software are registered and activated via SonicWall's website. After registration, I downloaded and installed the latest firmware and software for the TZ-215W, and then actually got started with deploying the device.
The TZ-215W is feature-rich, meaning you will need to plan your deployment and navigate through several setup scenarios. It is not difficult to do, just time-consuming. And it takes a decent amount of networking knowledge to do it correctly.
First on the agenda is setting up the firewall itself, which consists of creating policies that direct/block/examine the traffic coming from the edge of the network. Policy definition is wizard-based, meaning that defining basic policies takes only a few mouse clicks to accomplish. Nevertheless, it takes more than basic policies to protect today's networks, and that is where security can become rather complex.
SonicWall tackles those issues with application intelligence, control and visualization--a set of capabilities integrated into the firewall engine. Simply put, the firewall is aware of what applications are running across the network and in what context those applications are used. The industry already has a name for that technology: next-generation firewall. The integrated firewall is ICSA-certified and can scan more than 50 protocols with deep packet inspection capabilities.
With the TZ-215 series, I was able to define complex policies that could manage applications at the edge of the network. For example, if I wanted to block access to Skype or Facebook games, I could create a policy to do so. What's more, I was able to define the granularity of that policy. For example, I could grant individuals or groups access to those applications, and even control what time of the day those applications could be used and how much bandwidth those applications could consume.
That level of application control will prove beneficial for businesses looking to prevent data leakage, meet compliance needs, and offer scalable control and access as needed to applications. The traffic shaping/management capabilities also ensure that social media traffic won't capitalize network bandwidth, protecting key business processes from failure due to traffic congestion.