With more and more small office and branch offices (SOBO) opening around the world, it makes sense that vendors are attempting to add big box features into tiny little appliances. Now while I've not done any real throughput testing (RFC2544 or similar) I can say through experience that you need to be a bit realistic about what you ask such a device to do. Putting it in front of a 100mb/sec pipe and expecting it With more and more small office and branch offices (SOBO) opening around the world, it makes sense that vendors are attempting to add big box features into tiny little appliances. Now while I’ve not done any real throughput testing (RFC2544 or similar) I can say through experience that you need to be a bit realistic about what you ask such a device to do. Putting it in front of a 100mb/sec pipe and expecting it to handle a small server farm might not be a wise choice, but putting it in front of a branch office that might have a dozen workstations, a POS (Point of sale) aggregation server might be more realistic. It’s in the combined services that make this appliance a cost effective choice, but you need to make sure you’re ala carte choices are appropriate. This is after all a company that needs to post a profit and if they discount the base appliance, they’re going to want to make some bucks someplace else. So it’s like buying razor blades…they just about give the handle away for free, but make their profits in the blades. So choose what you really need and take a bit of time to ask yourself some hard questions on what you really need at that small office or branch office.One of the features that came over from a larger SonicWall (the 1260) is the ability to segregate the switch on the back of the TZ180 so that you can create protection zones between ports. Think of it as a way to setup varying levels of trust so that perhaps you can have different rules on what can be sent from the cash register (point of sale) zone to the store management zone, versus the admin zone. Since each segregation point may have a new name, the firewall rules matrix can expand to allow for as much granularity in zone rules as you wish to add.One of the features that came over from a larger SonicWall (the 1260) is the ability to segregate the switch on the back of the TZ180 so that you can create protection zones between ports. Think of it as a way to setup varying levels of trust so that perhaps you can have different rules on what can be sent from the cash register (point of sale) zone to the store management zone, versus the admin zone. Since each segregation point may have a new name, the firewall rules matrix can expand to allow for as much granularity in zone rules as you wish to add.SonicWall has also grouped together various common services together (called service groups) so that you can reduce the chance of missing ports when setting up remote Active Directory Logins or similar.Another cool feature is that SonicWall has implemented a hover field so that hovering will bring up the values buried in each portion of the chart.Another big box feature comes in the form of dashboard reporting, though you need to keep in mind that the statistics can either be for the individual firewall or an aggregate of all the statistics gathered by SonicWall, Inc. from all customers that are allowing their product to report back. To change the scope of the dashboard reporting simply change the radio button from Global to the name of your firewall. (NOTE: the default is the mac address of your firewall but it can be changed) Now in all reality, the IT professional tends to sneer at 100% GUI devices while mumbling about speed, accuracy, offline editing, and a wash list of very valid reasons why a CLI (Command Line Interface) is sooo much better. I don’t disagree (I took my beating with the Interop NOC folks) but counter in that not everyone can afford a 100% FTE (full time employee) to handle their IT. At many a branch office it’s going to be the franchise owner, or some sort of manager that also has to handle HR, branch accounting, inventory, right down to sweeping the floors. Forcing a CLI down their throat is not going to get things done, and for the untrained, even a traditional GUI isn’t going to cut it. So while I have a great amount of respect for some of the other firewall vendors and their amazingly detailed CLI’s, I’d like to say that perhaps the SonicWall folks might be better listeners in this particular market segment. I back this up with the wizards tab…So while the SonicWall is capable of being setup in transparent mode (Thanks to O’Reilly Press for making preview portions of safari searchable) most of us are stuck with just a few IP addresses (if more than one) from our upstream ISP. So I should be safe in saying that a great number of Small Offices and Branch Offices (SOBO) are probably using Cable Modems and DSL providers and NAT (Network Address Translation) is a MUST. So with something like NAT you’re faced with several steps when making any of your computer visible on the public Internet: Port forwarding One to one NAT or Symmetric NAT Forwarding rules Address scope So in the case of say something like IPTables under Linux you’d be faced with something like what’s documented in this how-to webpage. So while it works, I’m not sure I’d toss something like this at a fast food branch manager. SonicWall’s wizard selection has grown significantly over the last couple years, but by far my favorite is the public server wizard. Even though I’m fully capable of doing it all by myself, the wizard just does the first couple ports (HTTP, SSL, SSH, etc) in just a couple of clicks. Then I can edit the newly named collection of services (i.e. botany web server services) to add additional services as needed.Another change in the way Small Offices and Branch Offices do business is where VoIP is concerned. It’s happening and it’s happening through VPN’s and it’s happening over public internets. (Check out folks like AGN who even have support for Asterisk along with a good selection of SMB PBX’s) I first met up with the AGN folks when they provided all the VoIP SIP trunking for the entire Interop trade show in both Las Vegas and New York.Remember how I mentioned how you can setup zones on this box? Well other than the user defined zones, the TZ180W also has a handful of factory default zones.In keeping with the Unified theme of this appliance, the developers have given you a way to measure throughput to various devices. Might be nice to use as a double check on those Google Analytics numbers you’ve been getting.In keeping with the Unified theme of this appliance, the developers have given you a way to measure throughput to various devices. Might be nice to use as a double check on those Google Analytics numbers you’ve been getting.In keeping with the Unified theme of this appliance, the developers have given you a way to measure throughput to various devices. Might be nice to use as a double check on those Google Analytics numbers you’ve been getting.So since this is a branch office appliance, that typically means you’ll want to link back to a corporate office. In addition to the IPSec VPN the TZ180 also has L2TP to support Windows VPN’s and can define both users and groups at the local, LDAP or RADIUS or a mix. (i.e. local+RADIUS).So since this is a branch office appliance, that typically means you’ll want to link back to a corporate office. In addition to the IPSec VPN the TZ180 also has L2TP to support Windows VPN’s and can define both users and groups at the local, LDAP or RADIUS or a mix. (i.e. local+RADIUS).So since this is a branch office appliance, that typically means you’ll want to link back to a corporate office. In addition to the IPSec VPN the TZ180 also has L2TP to support Windows VPN’s and can define both users and groups at the local, LDAP or RADIUS or a mix. (i.e. local+RADIUS).One unexpected feature actually makes a lot of sense and that’s a scheduler. When you create rules, those rules can have a schedule associated with it. I’d say use your imagination on just what you might use it for.hmmmm…..now packet capture at the firewall was just….unexpected for a sub $1000 firewall…. So speaking of pricing….it’s a bit ala carte in nature….the base firewall has a whole bunch of cool capabilities, but the “unified” stuff is where gateway antivirus, IDS, etc are added either individually or as a package.Info from the SonicWall folks….Target market: The SonicWALL® TZ Series is the ultimate security platform for small and distributed networks, providing a choice between absolute ease-of-use for basic networks and unsurpassed flexibility for networks with more complex needs. MSRP – $605 – The TZ 180 is only available through our TotalSecure bundling packages, so 1-year subscription to our GAVASIP, CFS and 24×7 Dynamic Support is included. This package also includes our Viewpoint reporting software. This is based on a TotalSecure 10 package. The TotalSecure 25 MSRP is $750. For wireless versions, you’re looking at an MSRP of $700 for TotalSecure 10 Wireless and $845 for TotalSecure 25 Wireless. Cost to go to enhanced SonicOS – MSRP is $500 Cost to get security services enabled: to renew all services after first year, best to buy a 1, 2 or 3 year subscription of our Comprehensive Gateway Security Suite. MSRP is $210, $357 and $504 respectively. Corporate Offices 1143 Borregas Avenue Sunnyvale, CA 94089-1306 USA P +1 888.557.6642 P +1 408.745.9600 F +1 408.745.9300 Technology Industry