A valuable feature that’s activated in the upgrade is SonicWALL’s zones, which represent a logical grouping of physical ports. These allow you to apply a security policy to a group of ports rather than individually. Security types can also be applied at the zone level so traffic from a zone classed as untrusted will not be allowed to pass to another zone unless you create access rules that specifically permit it. Furthermore, the policy can contain a combination of measures such as a content filtering, anti-virus measures and so on, which can be applied to the zone. Unlike SonicWALL’s larger security appliances, there are some port-related limitations. As the Ethernet switch in the appliance is not manageable, the LAN ports cannot be separated out and are preconfigured as a single zone. Only the optional port can be placed in any zone although this does allow you to add groups of devices such as servers or workstations and place them in a custom zone.
Installation is a simple affair as on first contact with the appliance’s web interface a wizard takes you through the initial setup. There are plenty more wizards to hand that’ll help you set up a variety of wireless access schemes and wireless security. This is where SonicWALL’s strengths shine though as along with 64/128-bit WEP and WPA the appliance offers a feature called WiFiSec, which enforces IPSec VPN encrypted connections to the LAN for wireless users. Another is Wireless Guest Services which protects the wireless to WAN connection by allowing mobile users to have authenticated Internet access. If the appliance spots a wireless client loading a web browser it prompts them for a username and password before creating a HTTPS session for them.
SonicWALL’s Gateway Security Suite looks good value as it bundles together the gateway anti-virus, anti-spyware, intrusion prevention and content filtering for a yearly subscription fee of £139. This includes the standard content filtering service which offers twelve web site categories. The premium service extends this to 56 categories but will add over £500 to the asking price. However, with the enhanced OS in place you can create a variety of filtering policies, apply them to different local groups of users and use a range of time schedules to determine when they are active.
The gateway anti-virus is self-explanatory as the appliance can scan HTTP, FTP, IMAP, SMTP and POP3 protocols as they pass through the appliance. If you want to protect systems on the LAN from internally introduced viruses you’ll need the network anti-virus option which is essentially a subscription to McAfee’s ASaP service. This delivers simple virus scanning to desktops and requires a scaled down version of McAfee’s VirusScan software to be deployed to each system.
The TZ 170 SP Wireless certainly packs in the features and backs them up with some tough security measures which include an excellent content filtering service. The Gateway Security Suite upgrade bundle looks good value although smaller businesses will find the complete package with the enhanced OS overkill for their needs.