by Joe Gleinser
7. October 2009 17:18
We've long been fans of Sonicwall firewalls at GCS. Advanced features, easy web-based configuration, low failure rates and low cost make it a very compelling option for many clients. With the rollout of the new product lines Sonicwall offers the Enhanced Firmware features (most notably WAN Failover and Load Balancing) as a standard item on every product. My small office clients can now get WAN failover in a device for less than $400. This is a real cloud enabler. For a few grand you get WAN failover plus a High Availability configuration on your firewalls.
Today Avaya released a KB article describing how to configure Sonicwalls to prioritize voice traffic between sites. With the rise in popularity of MPLS and managed routers, we are seeing far more Ethernet handoffs than T1 handoffs these days. The Sonicwall NSA 240 is a great device to terminate that MPLS circuit and appropriately manage the traffic.
by Marquis Calmes
27. August 2009 04:45
SonicWALL has recently refreshed it's successful TZ line of network security devices, aka firewalls, for the small office marked segment. For those unfamiliar with SonicWALL's network security devices, the term firewall is a misnomer. Beyond simple packet inspection and port forwarding these devices are capable of performing realtime anti-virus, anti-spyware and intrusion protection which SonicWALL refers to as Unified Threat Management or UTM.
The new generation is made up of three devices: the TZ100, TZ200 and TZ210. Despite the numerical decrease the entry level TZ100 is a step up from the TZ180 and TZ190, capable of over two times more UTM processing throughput. Beyond performance improvements the new generation is now capable of:
- SSL VPN remote access (more on SSL VPNs in a future post)
- WAN (or Internet Access) and VPN failover standard. (Note: The 5.5 firmware release will support up to 4 WAN connections)
- Hardware failover (TZ200 and TZ210 only)
- Support for 3G mobile broadband USB modems as either the primary or a backup internet connection. (TZ200 and TZ210 only)
- Also, TZ210 offers an application firewall capable of blocking or throttling specific types of network traffic over allowed protocols. For instance, limiting the bandwidth that can be used to view YouTube.
In addition to the functional improvements, SonicWALL has made significant changes to how these devices are sold.
- First, SonicWALL no longer uses licensing to restrict the number of nodes that can pass through the device. All devices will allow an unlimited number of nodes. However, that doesn't mean these devices can actually support an unlimited number of users, they still need to be appropriately sized for the environment. But, this is a great change as the previous version would start to block internet access if the number of nodes exceed the license, such as when guest laptops were using the network.
- Second, The Enhanced SonicOS firmware is now standard in all devices. The "standard" SonicOS, which had limited funcationality, has been eliminated.
Both of these changes greatly simplify the purchasing process and reduce the need for a customer to add licenses to fully utilize the device. Still, some features such as Gateway Anti-Virus and Anti-Spyware still require subscriptions that must be renewed.
Like the TZ180 all the new models are available with or without built-in wireless. However, the wireless versions of these devices support the new wireless N standard capable of up to 300MB/s of wireless traffic, nearly 6 times the throughput of the wireless G standard. Or instead of purchasing the integrated wireless, the new TZ series also support centrally managing between 1 (TZ100) and 16 (TZ210) SonicPoint wireless access points. When combined with power over ethernet, SonicPoint wireless access points can be easily placed in the optimal location based on the layout of your office, rather than being forced to place it in the server closet because it's integrated into your firewall.
Finally, another new feature in the TZ series is called Comprehensive Anti-Spam Service (CAS). CAS is designed to be a hybrid between device and cloud based spam filtering, and is positioned to be an alternative to Postini, MXlogic and Microsoft's cloud email filtering services. Basically, when CAS is enabled and the TZ device receives an email through SMTP it sends the message up to SonicWALLs spam engine "cloud" which performs the spam analysis with the latest possible signatures and then forwards the good messages back down to the TZ. The TZ then sends the message to the email server for final delivery. This process offloads the spam analysis processing from the device and doesn't require storing and updating signatures on the TZ. While I find this to be an interesting new service it doesn't provide all the features provided by the other cloud filtering services. For instance, because the other cloud filtering vendors are the initial point of contact for all external emails they can queue up messages if your email server is down. CAS is also inbound only for the TZ devices which means your IP address could still be blacklisted. Still this is a promising new feature and it will be interesting to see where SonicWALL takes it as it develops further.