With nearly one-million SonicWALL security appliances distributed worldwide, it's important that IT professionals understand the fundamentals of working with the SonicWALL OS. In this article, Erik Eckel introduces the different SonicWALL products you may encounter.
SonicWALL routers and firewalls are proving capable and effective devices within small and medium-size offices. Even enterprise organizations are deploying SonicWALL equipment in increasing numbers. However, many information technology administrators and support professionals have concentrated on building their Windows desktop and server skills. When it comes to network security, many of those same IT professionals have familiarized themselves with Cisco equipment or hardware from other manufacturers.
With nearly one-million SonicWALL security appliances distributed worldwide, though, it's important that IT professionals understand the fundamentals of working with the SonicWALL OS. Further, IT pros need to be familiar with SonicWALL's different products lines and models, should the need arise to deploy SonicWALL equipment to connect remote or branch offices, power a small business site, or protect a large network. In this article, we'll take a look at the different SonicWALL products you may encounter.
In this first installment of a series, I will review SonicWALL's product lines and explore the features and capabilities the company's most popular models possess. In future installments, I'll walk through the basic setup of a SonicWALL device, review wireless configuration and explore installation and configuration of SonicWALL VPN connections.
The product lineup
SonicWALL, like most any manufacturer, constantly changes, tweaks, and refreshes its product lineup. The company's product lines can be broken into eight groups:
- UTM / Firewall / VPN
- Endpoint Security
- SSL VPN Secure Remote Access
- E-mail Security
- Content Security Management
- Backup And Recovery
- Centralized Management And Reporting
- Secure Anti-Virus Router
This article series will focus specifically upon the UTM / Firewall / VPN category. It's within this space that most of the hardware devices IT professionals will encounter will likely be found. SonicWALL's popular TZ and PRO series appliances, which provide high-speed deep packet inspection capacities and integrate automated and dynamic security controls, live within the category.
TZ v. PRO
SonicWALL markets its PRO devices to enterprise-level organizations. SonicWALL PRO firewalls provide scalable networking, routing, firewall, wireless, IPSec VPN, and gateway-provided security services. Designed to leverage SonicWALL's deep-packet inspection architecture, the SonicWALL PRO series supports creating virtual LANs, IPSec VPNs and real-time gateway protection for large enterprises. The PRO equipment is usually designed for rack mounting.
The SonicWALL TZ series, meanwhile, is marketed as a potent security solution for home, small, and remote/branch offices. The TZ devices include SonicWALL's deep-packet technology along with firewall, wireless, and gateway-provided security services. In addition, TZ series equipment also supports creating affordable IPSec VPNs. TZ equipment usually can be placed on desktops.
Among the gateway-provided security services that both the TZ and PRO series offer are antivirus, antispyware, intrusion prevention, antispam, and content filtering protections. Both platforms support SonicWALL's Web-based administration interface.
PRO Series Appliances
Currently, six models lead SonicWALL's PRO model lineup. They are:
- PRO 1260
- PRO 2040
- PRO 3060
- PRO 4060
- PRO 4100
- PRO 5600
SonicWALL's PRO 1260 includes a 30-day free trial of SonicWALL's gateway antivirus, antispyware, and intrusion prevention services. The device also provides a 30-day free trial of the company's enforced desktop anti-virus, content filtering, and ViewPoint reporting software.
The PRO 1260, like all PRO series appliances, has no node limitations. It ships with five VPN client licenses (with a max of 50), supports up to 10,000 connections, and boasts 27 Ethernet connections. The model includes a SonicWALL Security Processor that delivers 90 Mbps stateful packet inspection (SPI) firewall performance and 30+ Mbps 3DES and AES VPN throughput.
The PRO 2040 possesses the same features as the PRO 1260, with the exception that the PRO 2040 ships with 10 VPN client licenses (with a max of 100), supports 32,000 connections and boasts three Ethernet interfaces. You can see the PRO 2040 in Figure A.
PRO 2040 performance increases to 200 Mbps SPI firewall capacity and 50 Mbps 3DES and AES VPN throughput.
SonicWALL's PRO 3060 appliances possess the same features as the PRO 2040, with the following upgrades. The PRO 3060 includes 25 VPN client licenses (with a max of 500) and support for 128,000 connections. The PRO 3060's main processor and cryptographic accelerator boost SPI firewall capacity to 300+ Mbps and 3DES and AES VPN throughput to 75 Mbps.
SonicWALL's PRO 4060 model boasts the same features as the PRO 3060, with several important upgrades. In addition to including ViewPoint Reporting Software as a full feature, the PRO 4060 ships with 1,000 VPN client licenses (with a max of 3,000), supports a half-million connections and includes six Ethernet ports. The PRO 4060 also boasts load balancing and WAN ISP failover support. The 4060 also delivers 300+ Mbps firewall capacity, but 3DES and AES VPN throughput is improved to 190 Mbps.
The PRO 4100 increases the free trial period for the gateway antivirus, antispyware and intrusion prevention services to one year (from 30 days on lower models), boosts client VPN licenses to 1,500 (with a max of 5,000) and supports up to 600,000 connections. Also notable on the PRO 4100 is its interface configuration. The appliance includes 10 gigabit Ethernet ports. The 4100's firewall stateful inspection capacity increases to 700 Mbps, while its 3DES and AES VPN throughput improve to 350 Mbps.
The PRO 5060 includes the same feature set as the PRO 4100, with the following improvements: support connections increase to 750,000, and the unit ships with 2,000 VPN client licenses. The PRO 5060 also includes six gigabit interfaces.
Targeted at demanding enterprise environments, the 5060 delivers 2.4+ Gbps SPI firewall capacity and 700 Mbps 3DES and AES VPN throughput.
TZ series appliances
Five TZ models lead SonicWALL's TZ lineup:
- TZ 150
- TZ 170
- TZ 170SP
- TZ 180
- TZ 190
The SonicWALL TZ 150 ships with a 30-day free trial of the gateway security ser vices, support for 10 nodes, five Ethernet ports, secure 802.11 b/g WPA wireless (on the model's wireless version) and support for 2,000 connections. The TZ 150, however, ships without VPN client licenses (although client VPN connections are supported through an optional upgrade). The TZ 150's firewall performance is rated at 30+ Mbps, while its 3DES and AES VPN throughput is rated at 10+ Mbps.
The next model up, the TZ 170, includes the same features as the TZ 150, while increasing the number of nodes to 10, 25, or more (depending upon the specific SKU/model purchased). The TZ 170 also kicks up the number of supported connections to 6,000, while boosting the number of Ethernet ports to 7. You can see this unit in Figure B.
The TZ 170 SP includes an integrated analog modem, but otherwise boasts the same specifications as its TZ 170 brethren. Both TZ 170 models boast 90 Mbps SPI firewall capacity, while 3DES and AES VPN throughput measures 30+ Mbps.
The TZ 180 possesses the same performance ratings and supports 10 or 25 nodes (depending upon which series model is purchased). The 10-node model can be upgraded to support up to 10 client VPN connections, while the 25-node device includes one VPN client license (with a max of 25). Also notable is the fact the TZ 180 increases the term of the gateway antivirus, antispyware, intrusion prevention and content filtering services to one year (from 30 days on lesser models). The TZ 180 also includes ViewPoint Reporting Software that provides real-time and historical views of critical network security information, while boosting wireless security to WPA2.
SonicWALL's TZ 190 Series devices deliver 30 days of gateway services, but have no node limitations. The TZ 190 ships with two VPN client licenses, supports 6,000 connections, boasts 10 Ethernet ports, and adds load balancing and WAN ISP failover services to the mix, as well as WPA2 and 3G wireless support.
The device is notable for its design, which enables delivering secure network connectivity even in locations where fixed broadband connections are not available. The TZ 190 supports both GSM and CDMA 2G/3G networks. The device includes a port for inserting one of approximately 20 wireless PC cards (from such service providers as Cingular, Sprint, and Verizon Wireless), while continuing to provide the services and features supported by other TZ Series devices.
Purchasing and support costs
SonicWALL devices aren't typically purchased off store shelves. Instead, TZ and PRO models must be purchased from authorized resellers. Authorized resellers abound on the Internet, and online purchases are typically easy to complete.
Support contracts, too, are available online, as are gateway security subscriptions. When working with proprietary software, I always recommend clients purchase support contracts. When trouble arises, and issues inevitably arise (particularly when it comes to network appliances and routing), clients and organizations almost always end up saving money as a result of having support contracts in place.
While not inexpensive, these contracts absolutely assist in accelerating repairs and shortening outages. For example, one advertised price places one-year, 24/7 support for the PRO 2040 at $378.
Support contracts for the TZ models are more affordable. A one-year contract for 24/7 support for the TZ 170 device (10 or 25 node) can be had for $113.
VPN licenses are also relatively inexpensive. Ten Global VPN Client For Windows licenses run $287 (street), while one-year licenses for PRO 2040 gateway antivirus, antispyware and intrusion prevention services run about $578 (street).
Those costs, again, are more affordable for the TZ series. When working with the TZ 170, one-year of comprehensive gateway services run $175 (street). One-year of 24/7 support for the TZ 170 costs $113 (street). Client VPN licenses, meanwhile, tend to run the same for the TZ series as with the PRO series.