SonicWALL routers and firewalls are proving capable and
effective devices within small and medium-size offices. Even enterprise
organizations are deploying SonicWALL equipment in increasing numbers. However,
many information technology administrators and support professionals have
concentrated on building their Windows desktop and server skills. When it comes
to network security, many of those same IT professionals have familiarized
themselves with Cisco equipment or hardware from other manufacturers.

With nearly one-million SonicWALL security appliances
distributed worldwide, though, it’s important that IT professionals understand
the fundamentals of working with the SonicWALL OS. Further, IT pros need to be
familiar with SonicWALL’s different products lines and models, should the need
arise to deploy SonicWALL equipment to connect remote or branch offices, power
a small business site, or protect a large network. In this article, we’ll take
a look at the different SonicWALL products you may encounter.

Author’s note

In this first installment of a series, I will review
SonicWALL’s product lines and explore the features and capabilities the company’s
most popular models possess. In future installments, I’ll walk through the
basic setup of a SonicWALL device, review wireless configuration and explore
installation and configuration of SonicWALL VPN connections.

The product lineup

SonicWALL, like most any manufacturer, constantly changes,
tweaks, and refreshes its product lineup. The company’s product lines can be
broken into eight groups:

  • UTM /
    Firewall / VPN
  • Endpoint
    Security
  • SSL
    VPN Secure Remote Access
  • E-mail
    Security
  • Content
    Security Management
  • Backup
    And Recovery
  • Centralized
    Management And Reporting
  • Secure
    Anti-Virus Router

This article series will focus specifically upon the UTM /
Firewall / VPN category. It’s within this space that most of the hardware
devices IT professionals will encounter will likely be found. SonicWALL’s
popular TZ and PRO series appliances, which provide high-speed deep packet
inspection capacities and integrate automated and dynamic security controls,
live within the category.

TZ v. PRO

SonicWALL markets its PRO devices to enterprise-level
organizations. SonicWALL PRO firewalls provide scalable networking, routing,
firewall, wireless, IPSec VPN, and gateway-provided security services. Designed
to leverage SonicWALL’s deep-packet inspection architecture, the SonicWALL PRO
series supports creating virtual LANs, IPSec VPNs and real-time gateway
protection for large enterprises. The PRO equipment is usually designed for
rack mounting.

The SonicWALL TZ series, meanwhile, is marketed as a potent
security solution for home, small, and remote/branch offices. The TZ devices
include SonicWALL’s deep-packet technology along with firewall, wireless, and
gateway-provided security services. In addition, TZ series equipment also
supports creating affordable IPSec VPNs. TZ equipment usually can be placed on
desktops.

Among the gateway-provided security services that both the
TZ and PRO series offer are antivirus, antispyware, intrusion prevention, antispam, and content filtering protections. Both platforms
support SonicWALL’s Web-based administration interface.

PRO Series Appliances

Currently, six models lead SonicWALL’s PRO model lineup.
They are:

  • PRO
    1260
  • PRO
    2040
  • PRO
    3060
  • PRO
    4060
  • PRO
    4100
  • PRO
    5600

SonicWALL’s PRO 1260 includes a
30-day free trial of SonicWALL’s gateway antivirus, antispyware, and intrusion
prevention services. The device also provides a 30-day free trial of the
company’s enforced desktop anti-virus, content filtering, and ViewPoint reporting software.

The PRO 1260, like all PRO series appliances, has no node
limitations. It ships with five VPN client licenses (with a max of 50),
supports up to 10,000 connections, and boasts 27 Ethernet connections. The
model includes a SonicWALL Security Processor that delivers 90 Mbps stateful packet inspection (SPI) firewall performance and
30+ Mbps 3DES and AES VPN throughput.

The PRO 2040 possesses the same features as the PRO 1260,
with the exception that the PRO 2040 ships with 10 VPN client licenses (with a
max of 100), supports 32,000 connections and boasts three Ethernet interfaces.
You can see the PRO 2040 in Figure A.

Figure A

The SonicWALL 2040 includes three Ethernet interfaces (as well as a WAN
port).

PRO 2040 performance increases to 200 Mbps SPI firewall
capacity and 50 Mbps 3DES and AES VPN throughput.

SonicWALL’s PRO 3060 appliances possess the same features as
the PRO 2040, with the following upgrades. The PRO 3060 includes 25 VPN client
licenses (with a max of 500) and support for 128,000 connections. The PRO 3060’s
main processor and cryptographic accelerator boost SPI firewall capacity to
300+ Mbps and 3DES and AES VPN throughput to 75 Mbps.

SonicWALL’s PRO 4060 model boasts the same features as the
PRO 3060, with several important upgrades. In addition to including ViewPoint Reporting Software as a full feature, the PRO
4060 ships with 1,000 VPN client licenses (with a max of 3,000), supports a
half-million connections and includes six Ethernet ports. The PRO 4060 also
boasts load balancing and WAN ISP failover support. The 4060 also delivers 300+
Mbps firewall capacity, but 3DES and AES VPN throughput is improved to 190
Mbps.

The PRO 4100 increases the free trial period for the gateway
antivirus, antispyware and intrusion prevention services to one year (from 30
days on lower models), boosts client VPN licenses to 1,500 (with a max of
5,000) and supports up to 600,000 connections. Also notable on the PRO 4100 is
its interface configuration. The appliance includes 10 gigabit Ethernet ports.
The 4100’s firewall stateful inspection capacity
increases to 700 Mbps, while its 3DES and AES VPN throughput improve to 350
Mbps.

The PRO 5060 includes the same feature set as the PRO 4100, with
the following improvements: support connections increase to 750,000, and the
unit ships with 2,000 VPN client licenses. The PRO 5060 also includes six
gigabit interfaces.

Targeted at demanding enterprise
environments, the 5060 delivers 2.4+ Gbps SPI
firewall capacity and 700 Mbps 3DES and AES VPN throughput.

TZ series appliances

Five TZ models lead SonicWALL’s TZ lineup:

  • TZ 150
  • TZ 170
  • TZ
    170SP
  • TZ 180
  • TZ 190

The SonicWALL TZ 150 ships with a 30-day free trial of the
gateway security ser vices, support for 10 nodes, five Ethernet ports, secure
802.11 b/g WPA wireless (on the model’s wireless version) and support for 2,000
connections. The TZ 150, however, ships without VPN client licenses (although
client VPN connections are supported through an optional upgrade). The TZ 150’s
firewall performance is rated at 30+ Mbps, while its 3DES and AES VPN
throughput is rated at 10+ Mbps.

The next model up, the TZ 170, includes the same features as
the TZ 150, while increasing the number of nodes to 10, 25, or more (depending
upon the specific SKU/model purchased). The TZ 170 also kicks up the number of
supported connections to 6,000, while boosting the number of Ethernet ports to
7. You can see this unit in Figure B.

Figure B

The SonicWALL TZ 170 can be placed on a desktop.

The TZ 170 SP includes an integrated analog modem, but
otherwise boasts the same specifications as its TZ 170 brethren. Both TZ 170
models boast 90 Mbps SPI firewall capacity, while 3DES and AES VPN throughput
measures 30+ Mbps.

The TZ 180 possesses the same performance ratings and
supports 10 or 25 nodes (depending upon which series model is purchased). The
10-node model can be upgraded to support up to 10 client VPN connections, while
the 25-node device includes one VPN client license (with a max of 25). Also notable
is the fact the TZ 180 increases the term of the gateway antivirus,
antispyware, intrusion prevention and content filtering services to one year
(from 30 days on lesser models). The TZ 180 also includes ViewPoint
Reporting Software that provides real-time and historical views of critical
network security information, while boosting wireless security to WPA2.

SonicWALL’s TZ 190 Series devices deliver 30 days of gateway
services, but have no node limitations. The TZ 190 ships with two VPN client
licenses, supports 6,000 connections, boasts 10 Ethernet ports, and adds load
balancing and WAN ISP failover services to the mix, as well as WPA2 and 3G
wireless support.

The device is notable for its design, which enables
delivering secure network connectivity even in locations where fixed broadband
connections are not available. The TZ 190 supports both GSM and CDMA 2G/3G
networks. The device includes a port for inserting one of approximately 20
wireless PC cards (from such service providers as Cingular, Sprint, and Verizon
Wireless), while continuing to provide the services and features supported by
other TZ Series devices.

Purchasing and support costs

SonicWALL devices aren’t typically purchased off store
shelves. Instead, TZ and PRO models must be purchased from authorized
resellers. Authorized resellers abound on the Internet, and online purchases
are typically easy to complete.

Support contracts, too, are available online, as are gateway
security subscriptions. When working with proprietary software, I always
recommend clients purchase support contracts. When trouble arises, and issues
inevitably arise (particularly when it comes to network appliances and
routing), clients and organizations almost always end up saving money as a
result of having support contracts in place.

While not inexpensive, these contracts absolutely assist in
accelerating repairs and shortening outages. For example, one advertised price
places one-year, 24/7 support for the PRO 2040 at $378.

Support contracts for the TZ models are more affordable. A
one-year contract for 24/7 support for the TZ 170 device (10 or 25 node) can be
had for $113.

VPN licenses are also relatively inexpensive. Ten Global VPN
Client For Windows licenses run $287 (street), while
one-year licenses for PRO 2040 gateway antivirus, antispyware and intrusion
prevention services run about $578 (street).

Those costs, again, are more affordable for the TZ series.
When working with the TZ 170, one-year of comprehensive gateway services run
$175 (street). One-year of 24/7 support for the TZ 170 costs $113 (street). Client
VPN licenses, meanwhile, tend to run the same for the TZ series as with the PRO
series.