SonicWall NSA: Death to malware

Bottom Line

SonicWall NSA E7500 is one of the rare products that combines an easy-to-use interface with enough power to meet needs well above the user class to which it’s marketed. Throughput is sufficient for the high end of a midsize business or perhaps even the low end of a large corporation. The unit’s 96 percent success rate at blocking attacks was best in the test by far.

The SonicWall NSA E7500 is a breeze to configure, an excellent performer, and the truest unified threat manager (UTM) we tested, blocking an impressive 96 percent of the attacks we threw at it. The SonicWall didn’t quite match the WatchGuard’s throughput, but did provide six times the throughput of the Astaro and ZyXel units, and far better attack protection than all three. The SonicWall may be the only truly effective UTM in the group, but it’s also startlingly more expensive than the other products.

SonicWall provides gateway anti-virus services across a range of protocols: HTTP, FTP, IMAP, SMTP, POP3, CIFS/NetBIOS, and TCP streaming protocols, either inbound or outbound. It also provides rich IDS/IPS functionality, anti-spyware protection (with an incredibly rich set of signatures available to check packets against), a real-time black list, and Web content filter that can restrict ActiveX, Java, cookies, or HTTP proxy services, as well as use white and black lists for access. It should be pointed out that rules could be applied by schedule, to perhaps allow gaming after hours.

Optional software is available to allow the SonicWall to provide NAC-like services such as enforcing the use of anti-virus software on clients. SonicWall also offers a central management system that allows you to manage all of your SonicWall devices from a single console.

Test Center Scorecard
	15%	15%	15%	15%	15%	15%	10%
SonicWall NSA E7500	9	9	8	8	8	9	6	8.3 Very Good

Wizard power

SonicWall beats the competition on ease of initial setup. You get a series of wizards to set up an Internet firewall or an application firewall, or to provide public access to an internal server, or to set up VPNs (either site to site or from a SonicWall Global VPN client). Going through the setup wizard, you’re prompted to change your password and time zone, set up the WAN interface, set up the LAN, establish your DHCP settings, then wrap everything up. You have to know how you want things set up, but the wizard makes sure you proceed in a nice logical order, and you don’t forget anything.

The wizards can even have a pleasant sense of humor, such as when suggesting that you make your admin password something that’s “easy to remember but difficult to guess, such as k3ch33s3.” We know we’ll always keep that in mind.

Setting up VPN tunnels is straightforward, although the sheer number of policy options makes it less simple than it might be. If you’re not comfortable with all the options, the wizard is there to help. But with or without the wizard, the SonicWall lets you create VPN tunnels for almost any purpose you can imagine.

SonicWall includes SSL VPN as part of the bundle, supporting Windows (32- and 64-bit), Mac, and Linux users through either an SSL Web portal or a downloadable client that can tunnel all or part of the network traffic of the remote device. The portal allows you to add in your own HTML code and bookmarks for RDP, Telnet, HTML/SSL, SSH, file shares (CIFS), and Citrix. The NetExtender client allows routes to be pushed to the remote client to force certain traffic through the SSL VPN. A cool option will remove the NetExtender software upon logout, leaving behind minimal footprints on that Internet café machine you just used.

Rule matrix

One of our favorite features is the rules matrix to logically group rules by zone and direction. Zones can be applied to either physical or virtual interfaces (VLANs) using plain vanilla 802.1p tagging. Overall setup can be NAT, transparent (bridged), or routed (RIP or OSPF), with route policies making use of the same address object naming conventions used throughout the firewall.

[ Read more about InfoWorld’s UTM acid test and the test tools: “How to stress a UTM” | “Ixia IxLoad’s multithreaded testing” | “Mu’s Internet attacks in a can.” ]

In the latest generation of SonicOS, SonicWall added a Security Dashboard with both local and global views. The local view shows attacks against the firewall itself, while the global view, based on data collected by SonicWalls around the world, aims to alert you to attacks happening elsewhere that may be heading your way. This is information is best provided to your management in small doses, but can be very useful to distribute when a bonehead questions the need for all those “extra” UTM functions.

Sporting a 16-core Cavium processor, the SonicWall NSA E7500 has the legs to cross into what would normally be called medium to large enterprise. Its easy, wizard-driven setup interface doesn’t mean you can safely remain ignorant of security principles, and the power doesn’t mean it’s a fit for every company, but the combination does make the E7500 suitable for a wide variety of organizations and security needs. It should be pointed out that if you’re considering an HA pair, make sure you buy them together as a package. The company offers huge discounts on both the hardware and features licenses.