King of the small business security market, SonicWall recently added six new models to its popular TZ range of UTM (Unified Threat Management) appliances, delivering a mix of enhanced functionality and improved performance. Designed to serve the one-man-band upwards, the new range is topped out by the TZ 210 which, as we discovered, neatly bridges the gap between SME and enterprise products — and at a price that the competition will find hard to match.
The USB ports at the front of the TZ 210 can be used to add a 3G wireless dongle or an analog modem. At the back, the TZ 210 has two gigabit Ethernet and five Fast Ethernet interfaces. (Credit: CBS Interactive)
Available with or without an integrated Wireless-N (802.11n) access point, the TZ 210 has two gigabit Ethernet interfaces at the back, labelled WAN and LAN, for internet and local network attachment, respectively. Alongside are five other network ports which can be used for a variety of purposes including additional LAN/WAN connectivity with built-in load balancing and failover support, although these are all 10/100Mbps only, rather than gigabit enabled. At the front, you also get two USB ports for a 3G wireless dongle and/or to connect to an analog modem to further boost WAN bandwidth and protect against service failures.
In terms of performance, the firewall in the TZ 210 can inspect traffic at up to 100Mbps. With the UTM services applied this halves to 50Mbps, but that's still an impressive figure for a device in this price bracket. Indeed it's good enough to protect the WAN links of even quite large organisations and more than adequate where the appliance is used to secure connections to distributed branch offices.
Wizards help with initial deployment of the TZ 210. (Credit: CBS Interactive)
Installation on our (more modest) test network took just a few minutes, following the instructions in the comprehensive getting-started guide, which includes lots of useful examples showing how to cope with different network deployments. Most of the initial work is done by set-up wizards, which certainly helped us — especially with the VPN configuration. However, these can't do everything so, once the basic set-up is complete, it's down to the usual web-based interface for more detailed configuration or, on large networks, SonicWall's GMS (Global Management System) software.
Website browsing can be managed via a categorised list. (Credit: CBS Interactive)
We used a browser for our tests and found the interface very easy to navigate. On the downside, a degree of technical knowledge is assumed and some of the options took a while to work out. However, that's par for the course on this type of appliance, and it took us just under an hour to get the key firewall and antivirus services up and running and to use the content filtering service to stop users browsing sites we wanted to block. We also found it easy to zone our network and apply different policies to each — and even scan and filter traffic passing between zones.
Different services and policies can be applied to each network zone. (Credit: CBS Interactive)
There was no option to inspect SSL-encrypted traffic for threats, but you can scan compressed files and enforce local antivirus protection on network PCs. Plus there's a useful guest services option for wireless users, to allow visitors, for example, to connect to the internet but not snoop around the corporate LAN. You can even use the TZ 210 to manage security on other wireless access points, although only where SonicWall hardware is employed.
Comprehensive gateway antivirus protection is a key feature of the TZ 210. (Credit: CBS Interactive)
One other point to note is that most of the services have to be licensed before they can be used. Go for the bare appliance and you get the usual free trials. However, we'd recommend the Total Secure package, which includes licences for the gateway antivirus, spyware, content filtering and intrusion prevention services. This adds to the price of the TZ 210, but is cheaper than buying the licences separately. Plus you're immediately good to go with a full year of updates and support, after which there are several ways of extending your protection — one of the cheapest being a three-year Comprehensive Gateway Security Suite licence.
The ability to enforce and update McAfee-based client antivirus protection is an optional feature. (Credit: CBS Interactive)
Depending on your network, other costs may also be incurred. Spam filtering, for example, isn't included in the Total Secure package. Likewise, if you want the TZ 210 to enforce and update McAfee antivirus protection on local PCs you'll need yet another licence. Additional VPN licences may also be required, as just two IPSec and two SSL VPN licences are included as standard.
Conclusion
The TZ 210 is an impressive UTM appliance, delivering enterprise-class security and throughput to match similar products from competitors like Cisco and Juniper. Moreover, we found it relatively easy to manage and much more affordable.
Via ZDNet UK
2%
4%
"and at a price that the competition will find hard to match"
yet specs says "Price: TBA"
Go on..... tell 'em the price son
Way to go - build case around the price and then have no indication on even a range of what that price may be. Kinda makes ANY reference to price kind of moot.... no?