By Joel Snyder
Information Security, October, 2007
Original Article on Network World Web Site
REVIEW: SonicWALL TZ 180W firewall
Price: AU$1050 RRP for 10-user version with standard O/S
SonicWALL has been a major player in the SME firewall market for as long as there has been a market, helping to define what SME firewalls should look like, cost and do. The SonicWALL TZ 180W UTM continues SonicWALL's tradition of products designed and sized for the small business.
Ease of Use: A-
Small-office firewalls are often difficult to use, as developers jam more and more features into poorly designed user interfaces. The TZ 180W, from opening the box to final deployment, has a sophisticated and refined feel. Although we ran into a bug in the initial deployment wizard and some misdirected online help, every other part of the system was easy to use.
The TZ 180W with SonicWALL's SonicOS Standard is stripped down from an enterprise firewall, which means that some features, such as NAT, come as "one size fits all." However, SonicWALL has chosen an excellent subset of features--more than most network managers will need--for the small office version.
Security Features: B
SonicWALL has set a very attractive price for its Comprehensive Gateway Security Suite, a UTM add-on service for the TZ 180W that includes software support along with content filtering, antivirus, antispyware and intrusion prevention subscription services. Consider this service a must-have for any TZ 180W, as it unlocks the full potential of the product.
We found content filtering, antivirus and antispyware effective. Intrusion prevention was less effective. SonicWALL has loaded what looks like a subset of Snort's signatures into the IPS, but not all the intelligence. For example, the TZ 180W alerted on a possible port scan, which was actually the box communicating with SonicWALL's own Web servers. It missed all but one of our outbound attacks.
Having all those IPS signatures configured to protect against inbound attacks against servers on a device primarily designed to protect end users doesn't make a lot of sense. A better approach is signatures focused on end-users, such as malware protection or browser-focused overflow attacks.
The TZ 180W provides significantly greater performance than the earlier TZ series. Because we had a 10-user unit, we were unable to push the firewall to its advertised limit of 90 Mbps using typical Internet traffic mix. Our system ran out of CPU at about 27 Mbps. When we turned on all the TZ 180W's security services, goodput was about 9.7 Mbps, close to SonicWALL's advertised speed of 10 Mbps.
It should keep up with DSL and cable modem connections, but don't be tempted to run LAN backups or file sharing through it with security services turned on.
The TZ 180W has a built-in, dual-antenna 802.11b/g wireless access point. Although this only adds US$95 to the price, it was disappointing that we couldn't get 802.11a or 802.11n on a new system. Wireless security is limited, but we were impressed that we were able to set up WPA2 with RADIUS authentication in seconds.
However, you can't easily set up the wireless so that insiders and guests can use it, so it's best to pick one set of users. With a cool set of features aimed specifically at guest users, it will probably fit best to give guests secure temporary Internet access without allowing them access to your internal network.
The TZ 180W is an outstanding small-office and home-office UTM firewall, offering good value and a broad suite of gateway security services.