Problem solve Get help with specific problems with your technologies, process and projects.

SonicWall: Solid as a rock

In this edition of David Strom's Security Tool Shed, David analyzes firewall appliance SonicWall.

SonicWall: Solid as a rock
By David Strom

Category: Firewall appliance
Name of tool: SonicWall Tele2
Company name: SonicWall Inc.
Price: $495
Platforms supported: Windows (VPN client only), Mac and Unix for most other features

**** = Very cool, very useful

Key features: 
Firewall appliance that is small and packed with features

Easy to set up and use
Simple user interface
Plenty of protection features to satisfy the most demanding security administrator

VPN set up obscure, to say the least
Options pricing somewhat complex
Documentation will require downloading various manuals in PDF format
Only supports five PC networks and is NOT upgradeable. If you need more than five, you'll have to buy a more expensive device from Sonic.

If you have one or more branch offices and want to provide Internet access with the same level of firewall protection that you offer at headquarters, then the best product for the job is the SonicWall Tele2. It is by far the most protection you can purchase for your money, the easiest unit to set up and manage and as solid as a rock.

I've used various SonicWall security appliances to protect my own networks for years, and they keep getting better and better. The company continues to add features and improve the performance of their products. And while close to $500 may seem like a lot of dough, I haven't found anything else that comes close in terms of the features, flexibility and protection that the SonicWalls provide.

SonicWall is competing with dozens of security appliance vendors these days. Closest are Watchguard's Soho and Crosspoint's Pivio devices, which offer some of the security features, but no where near the level of features. And for those concerned about price, there are numerous ?firewall-like? router/hub devices on the market today for less than $200. You can purchase them from companies like Farallon, SMC, 2Wire, Netgear and Linksys, just to name a few. None of these really does much in the way of firewall protection; most just offer Network Address Translation and a few packet filters here and there. They really are intended for the casual home user who wants something on the cheap. The only advantage they offer is a bunch of 10/100BaseT network ports built in. The Tele2 has just a port for your internal network and one for your external network -- this means you'll need to buy a hub, as well.

Everything is configured (like its competitors) via a Web browser interface and can be done in literally a few minutes. While there are dozens of configuration screens for the more advanced users, getting the initial setup can easily be done with a supplied browser-based wizard that will walk you through the process. Once you get it running, you can set up various filtering rules, expose various PCs to the outside for particular services or IP ports and block internal users' access just like with your regular enterprise-class firewalls. SonicWall is truly industrial-strength.

Having used various SonicWalls over the years, I have tracked the increasing functionality as the company has upgraded its firmware on the units. This is a critical feature for any enterprise firewall: You want to be able to stay ahead of the bad guys and improve your protection as new loopholes or attack methods are discovered. Making it easy to upgrade the firewall firmware is one of the other benefits of the SonicWall; it also tells you when a new version has been released. The latest firmware update includes support for NAT over PPPoE, which is useful for users on those misguided DSL providers that make use of this messed-up protocol.

Another thing I like about SonicWalls is that you can go to the company's Web site and take a look at what the user interface is all about. More vendors should do this, and it is a good way to see what you buy beforehand. Another useful feature is its ability to send out e-mail alerts when under attack or when it encounters an unusual situation. You can also obtain periodic copies of its log files via e-mail.

One of the big advantages of the SonicWall is that you can establish a VPN connection with either IPsec or its own Windows-only software client. The instructions for doing so are more complex than the actual operations, which took about an hour once I understood what I had to do and got some help from the company's technical support. This means that anyone outside of the SonicWall's network can connect to computers inside, provided they get the security certificates configured properly.

Another drawback is the company's complex pricing scheme. Once you buy the box itself, there are a number of software upgrades. Antivirus software is extra, and VPN client licenses are also extra. Each of these options comes with its own manual, and there are also firmware updates to the manual that are separate files. Keeping on top of the documentation is therefore somewhat difficult. The Tele2 only supports five PCs: If you have a bigger network, you'll need to buy a different box, as it isn't upgradable.

Sonic makes a variety of Internet security access devices. The Tele2 is its entry-level product, but there are more capable and enterprise-level products as well. The company has an interactive product analyzer on its Web site that can help you choose the most appropriate match. But if you need protection for smaller-sized networks, this is the product to buy.

Strom-meter key: 
**** = Very cool, very useful.
*** = Hey, not bad. One notch below very cool.
** = A tad shaky to install and use but has some value.
* = Don't waste your time. Minimal real value.

About the author
David Strom is president of his own consulting firm in Port Washington, NY. He has tested hundreds of computer products over the past two decades working as a computer journalist, consultant and corporate IT manager. Since 1995 he has written a weekly series of essays on Web technologies and marketing called Web Informant. You can send him e-mail at [email protected]

Talk Back! Do you have a comment about this review? If so, go to our Sound Off forum.

Related book

Firewalls: A complete guide
Author: Marcus Goncalves
Publisher: McGraw-Hill
ISBN/CODE: 0071356398
Cover Type: Soft Cover
Pages: 708
Published: Nov. 1999
This book contains all the information a network administrator needs to know about choosing, administering and deploying a firewall. The resource sections cover major firewall technologies and brands, their advantages and disadvantages, what to watch for, what to avoid, as well as what to look for in a firewall product. In addition to covering the major firewall products on the market, and the latest security threats and countermeasures, there is complete information on Virtual Private Networks; the latest encryption technologies; and the "cyberwall" for new Web-based firewalls.

This was last published in August 2001

Dig Deeper on Network device security: Appliances, firewalls and switches