Product Reviews

SonicWALL's small-business security appliances have been around longer than most, but they're benefiting from regular updates and a range of additional services. The TZ 170 SP Wireless is a prime example, as this compact appliance now comes with a host of optional features, making it a good candidate for SMBs looking for a one-stop security shop.

Along with a standard SPI firewall and extensive wireless capabilities, you can now add full content security, as SonicWALL's optional Gateway Security Suite bundles together gateway anti-virus, anti-spyware, intrusion prevention and content filtering. This includes the standard content-filtering service, which offers 12 website categories. The premium service extends this to 56 categories, but adds over £500 to the total cost. Another add-on is an upgrade to the SonicOS Enhanced operating system, which adds support for extra WAN failover and port zone features.

You have a quintet of switched Fast Ethernet LAN ports, a WAN port and an extra option port to play with, and the first port is PoE-enabled, allowing the appliance to be powered from a compliant switch. With the standard OS, the option port can be used for basic DMZ services, but adding the OS upgrade allows it to function as a second WAN port for failover and load balancing. The SP suffix

ADVERTISEMENT

indicates that the appliance also has an integrated modem for dial-up WAN backup.

Zones are used to create logical groups of physical ports, and security policies can be assigned at the zone level. You can decide what security type the zone should be, and the appliance will block all traffic from an untrusted zone unless there are rules that specifically allow it to pass to other zones. Usefully, policies may include any combination of the content security features. Note, though, that the LAN ports can't be configured separately, as they're all placed in a single zone, but the option port can be a member of any zone, so it could, for example, be placed in the WAN zone for failover duties.

The gateway anti-virus service can scan HTTP, FTP, IMAP, SMTP and POP3 protocols as they pass through the appliance, while the optional network anti-virus feature extends cover to all workstations on the LAN. The latter uses McAfee's AsaP-hosted service, which requires a scaled-down version of McAfee's VirusScan software to be deployed to each system. The standard OS only enforces a single content-filtering policy, but with the enhanced upgrade you can create different filtering policies and apply them to local users and groups, as well as employ a schedule to activate them at selected times and days.

Wireless features are a cut above the rest, as the Wireless Guest Services protects the wireless-to-WAN connection by authenticating access for wireless users. WiFiSec is another handy tool, as it enforces IPSec VPN encrypted connections to the LAN for wireless users.

It may be a compact appliance, but the TZ 170 SP Wireless certainly packs a punch in the security department. The total cost of upgrades and optional features does increase the asking price substantially, but it will allow a complete content filtering and wireless security system to be implemented easily.