Network Computingwww.networkcomputing.com

Hands-On: SonicWall Brings UTM to SMB Wired and Wireless Networks

Posted by Frank Ohlhorst
April 25, 2012

Setting up UTM capabilities, as well as gateway anti-malware and intrusion prevention, follows much the same model. I was able to define policies that enforced which features are applied to the traffic. Those policies proved to be much simpler to define than application policies. A wizard-like guide helped to prevent mistakes.

The gateway anti-malware capabilities work hand-in-hand with the firewall, leveraging packet inspection and reassembly to find malicious code. Intrusion prevention works in much the same way, except it examines the traffic for user identities, origins and so forth to determine if an intrusion is being attempted.

Two features--anti-spam and content filtering--are not commonly found in an SMB edge gateway/firewall appliance, yet SonicWall bundles both of those in to the TZ-215 series. These capabilities are a nice addition and fit well into the UTM process. The anti-spam capabilities are integrated via a service methodology, which uses offsite resources to check email for spam. It is very easy to set up, requiring only some basic email server/account information to start examining email.

The content and URL filtering also works similar to a service. SonicWall maintains a database of websites that are placed into categories. The TZ-215W then uses that database to filter websites, which are either allowed or blocked based on a policy defined by the administrator. All in all, I found it simple to define the policies and set up the controls that make the anti-spam and filtering capabilities work.

Administrators looking to allow remote access and support bring-your-own-device (BYOD) methodologies will appreciate the TZ 215W's ability to validate new clients before admitting access to the network. The device incorporates client anti-malware enforcement: When a new client attaches to the network, the firewall validates that the client has anti-malware technology installed. If it does not, the client can be remediated and granted access to the network, or blocked from accessing the network. That proves to be a valuable capability for networks with a lot of guest traffic and temporary workers who bring their own devices onsite, and proves especially critical for sites offering Wi-Fi access to guests.

The TZ-215Wm includes 802.11 b/g/n connectivity and is controlled by defined policies that allow the device to work both as a public hotspot and a private wireless network. I was able to set up the device to allow guest users to access the Internet, but isolate them from the internal network at the same time. For internal users, I was able to quickly set up a VPN that allowed wireless users (as well as remote users) to access the internal network. The unit features both SSL and IPSec VPN capabilities, and includes a native SSL VPN remote access client for Apple iOS, Google Android, Windows, Mac OS and Linux operating systems.

SonicWall claims that the SPI Firewall offers 500 Mbps of throughput, which should meet the needs of most branch offices. However, it is worth noting that when UTM is enabled, throughput drops down to a reported 60 Mbps. VPN based connections offer 130-Mbps throughput, and the intrusion prevention engine offers 110 Mbps. Simply put, throughput is variable and depends upon the feature mix put in place. That said, performance, which is a combination of UTM/gateway anti-virus/anti-spyware/IPS throughput measured using the Spirent WebAvalanche HTTP performance test and Ixia test tools, is rated at 110 Mbps.

Make the most of your security tools by reading Strategy: Fundamentals of User Activity Monitoring. Free, registration required

Related Reading

---