This article can also be found in the Premium Editorial Download "Information Security magazine: Keeping on top of risk management and data integrity essentials."
Download it now to read this article plus other related content.
Price: Starts at $1,295
|SonicWALL PRO 1260|
In addition to SonicWALL's enterprise-class stateful inspection firewall and IPSec VPN capabilities, the device bundles gateway AV, antispyware (new with SonicWALL's latest OS release), intrusion prevention and content filtering into a 24-port MDIX layer 2 switch, with an optional port for a DMZ.
It's easy to configure and manage, and offers a remarkable level of network security information for an SMB product. It has enough horsepower to support 6,000 concurrent connections.
The proprietary security applications stood up solidly against our testing. The AV modules detected all the infected files, including e-mail attachments attempting to pass through the gateway. Because PRO 1260 is a switch, it picks up worm activity on the internal network as well.
We also tested the content filtering and IPS modules, but the antispyware module wasn't available for review. The IPS stopped backdoor exploits, Trojans and application vulnerabilities, including buffer-overflow, cross-site scripting and DoS attacks. The content filtering module provides granular configuration that allowed us to craft rules based on time of day, keywords, forbidden or trusted domains, active content (Java, ActiveX), cookies and the usual file types--image, movie, audio and document.
Annual subscriptions for the AV, antispyware and IPS ($495 each), and content filtering ($995 annually), are reasonable for consolidated security services and centralized administration. Signature and other updates for all the bundled services are automatically pushed by SonicWALL as they become available.
Security managers can easily set up and administer the appliance from any workstation via the Java-based console. The intuitive interface offers instant access to PRO 1260's features through a hierarchical menu; the main screen provides a snapshot of operational services and a list of the most recent alerts.
The firewall and VPN implementations were a breeze. Using a wizard, we had a site-to-site VPN established with another vendor's VPN in less than an hour. Setting firewall rules was easy through intuitive drop-down menus with a comprehensive listing of all services, as well as advanced settings for detailed scheduling of the rules and limiting bandwidth.
Security managers will appreciate PRO 1260's robust network monitoring features. All user connections can be monitored through the firewall menu according to source and destination IPs and ports, bytes sent and received, as well as by protocol. More detailed information about individual users and specific activities is also available. The system log shows attacks, dropped packets, denied access, blocked actions and sites, and VPN status.
Although logs can be automatically sent through e-mail and to syslog servers, we thought the reporting feature was rather weak, providing only Web site hits and bandwidth usage by IP address or service. Sonic-WALL separately sells its ViewPoint software, which builds dynamic Web-based reports on attacks, inappropriate Web use, system and network errors, and bandwidth usage.
A versatile switch combined with enterprise-caliber security, SonicWALL PRO 1260 hits the sweet spot for SMBs.
-Sandra Kay Miller
This was first published in April 2005