08 February 2011

SonicWALL NSA 2400 – SMB Firewall Appliance

Just started using one of these, thought I'd share my experiences.

So far, we have mostly used ZyXEL’s ZyWALL products to serve our Small Business customers, however the ZyWALL Line wasn’t always very satisfying when moving to the upper end of the Small Business spectrum. Thus, we had a look at SonicWALL – i’ve been using them for quite some time.
There are a few things about SonicWALL that is different about people which are used to the low-end market (like the ZyXEL products).
You’ll need to purchase Software Maintenance in order to be able to download newer Firmware versions
The old SonicWall Hardware Generations (TZ / PRO) have “Standard” and “Enhanced” Firmware images – the Standard versions are stripped down and less flexible – the NSA Models just have “Enhanced”
Registration on MySonicWall is mandatory


One of the things fixed with the release of SonicOS 5.0 was the graphical user interface – the new GUI is completely revamped, and looks like something that belongs to the Year 2008. Other improvements include a completely redesigned hardware, that uses multi-core CPUs to provide real-time traffic analysis.
The NSA Series ship with basic Firewall/VPN features that are licensed as part of the base hardware. Additional features like Anti-Virus Scanning, Content Filtering, Anti-Spam, Intrusion Detection and Prevention all require extra expenses. This model is similar to what other UTM appliances like the ZyWALL 5 UTM uses.
SonicWALL Global VPN Client is a IPsec compatible VPN client, that works pretty well. There is not 64bit Version yet, and it doesn’t work with other VPN Clients running on the same PC. If you do not want to use SonicWALLs GVC, the SonicWALL also offers the ability to use L2TP and your Operating Systems native VPN functionality. While L2TP connections are mostly unrestricted, the number of GVC Licenses can be pretty low (e.G. 10 for the NSA2400).
One of the main advantages over the ZyWALL Line of products is the object-based configuration, and the ability to have multiple, Gigabit interfaces on the hardware – the NSA 2400 offers 6 Gigabit interfaces with the ability to use 802.1q VLANs to create even more logical interfaces. Even the low-end NSA 2400 can offer quite a lot of throughput (I’ve measured up to 30 Megabyte / s), which is important if you have Servers deployed in your DMZ.
Other cool features include the “SonicPoint” Management, which is basically the same as Symbol’s or Cisco’s Lightweight Wireless Access Points. This is a very cool feature in Smaller Businesses that do not want to buy separate Hardware to maintain their Wireless Infrastructure.
You can even access Live Demo of the SonicWALL Web Interface to see for yourself.
Advantages
Very flexible configuration
Streamlined GUI with useful features like Packet Capturing and self updating Log views
Lightweight VPN Client and the ability to use Standard L2TP
Lightweight Access Point Deployment using the NSA as a base
LDAP Integration, preconfigured for Active Directory
6 Gigabit Interfaces
High Performance
Disadvantages
High price of Hardware (List: 2700 CHF)
High price of mandatory service contracts for Firmware updates (List: 1300 CHF for 3Y 7×24 and HW Advance Replacement)
High price of UTM features licenses (List: Starting at 1700 CHF for 3Y AS/AV/IPS)
Incomplete user authentication solution (based on an Agent using WMI to query logged on user instead of using secure Kerberos authentication)
No redundant PSU or Fans to compensate for high hardware price (the NSA 7500 has redundant Fan/PSU)

No comments:

Post a Comment