- Review Price: £887.00
The multi-function security appliance is fast becoming the most popular method for home users and small businesses to secure their Internet connection against all manner of inbound nasties and SonicWALL has traditionally offered a wide range of cost-effective products. We were impressed with the TZ 150 Wireless when we looked at it a few months ago and now we move up the ladder to the TZ 170 SP Wireless which aims to offer larger offices and businesses an equally strong range of features and a few new ones into the bargain.
The TZ 170 family comprises four members allowing you to pick from a choice selection of features that best suit your requirements. The TZ 170 SP Wireless on review sits at the top of the pile and brings together the complete gamut of security measures including anti-virus, anti-spyware, true content filtering and email filtering and ties them together with 802.11b/g wireless operations. The SP designated models also add WAN failover features to the mix as they offer an integrated V.92 modem that can be used to automatically create a dial-up connection should the main WAN link go down. Connection options are in abundance as you get five switched Fast Ethernet ports for general LAN connections plus a separate Ethernet port for WAN links. We opted for an intelligent Actiontec modem which worked fine with the appliance.
The first LAN port is PoE (Power over Ethernet) enabled which means the appliance can be powered from a PoE compliant switch rather than its external power supply. A separate option Ethernet port is also provided and its use will depend entirely on which version of the SonicOS software is installed. If you have the Standard version then the option port can function as a DMZ allowing servers to be connected and presented to the Internet. However, for £350 you can upgrade to the Enhanced version which brings a number of extra features into play. The option port can now become a second WAN port allowing you to create load-balanced or failover Internet connections.
A valuable feature that’s activated in the upgrade is SonicWALL’s zones, which represent a logical grouping of physical ports. These allow you to apply a security policy to a group of ports rather than individually. Security types can also be applied at the zone level so traffic from a zone classed as untrusted will not be allowed to pass to another zone unless you create access rules that specifically permit it. Furthermore, the policy can contain a combination of measures such as a content filtering, anti-virus measures and so on, which can be applied to the zone. Unlike SonicWALL’s larger security appliances, there are some port-related limitations. As the Ethernet switch in the appliance is not manageable, the LAN ports cannot be separated out and are preconfigured as a single zone. Only the optional port can be placed in any zone although this does allow you to add groups of devices such as servers or workstations and place them in a custom zone.
Installation is a simple affair as on first contact with the appliance’s web interface a wizard takes you through the initial setup. There are plenty more wizards to hand that’ll help you set up a variety of wireless access schemes and wireless security. This is where SonicWALL’s strengths shine though as along with 64/128-bit WEP and WPA the appliance offers a feature called WiFiSec, which enforces IPSec VPN encrypted connections to the LAN for wireless users. Another is Wireless Guest Services which protects the wireless to WAN connection by allowing mobile users to have authenticated Internet access. If the appliance spots a wireless client loading a web browser it prompts them for a username and password before creating a HTTPS session for them.
SonicWALL’s Gateway Security Suite looks good value as it bundles together the gateway anti-virus, anti-spyware, intrusion prevention and content filtering for a yearly subscription fee of £139. This includes the standard content filtering service which offers twelve web site categories. The premium service extends this to 56 categories but will add over £500 to the asking price. However, with the enhanced OS in place you can create a variety of filtering policies, apply them to different local groups of users and use a range of time schedules to determine when they are active.
The gateway anti-virus is self-explanatory as the appliance can scan HTTP, FTP, IMAP, SMTP and POP3 protocols as they pass through the appliance. If you want to protect systems on the LAN from internally introduced viruses you’ll need the network anti-virus option which is essentially a subscription to McAfee’s ASaP service. This delivers simple virus scanning to desktops and requires a scaled down version of McAfee’s VirusScan software to be deployed to each system.
The TZ 170 SP Wireless certainly packs in the features and backs them up with some tough security measures which include an excellent content filtering service. The Gateway Security Suite upgrade bundle looks good value although smaller businesses will find the complete package with the enhanced OS overkill for their needs.
The home page provides plenty of status information about the appliance and installed features.
There are plenty of detailed logging facilities and all virus activity can be tied to alert emails.
The premium content filtering service covers most objectionable material and different policies can be applied to user groups.
The wireless guest service enforces user authentication and HTTPS encryption.
The email filtering service is basic but does allow specific attachment types to be blocked.