SonicWALL NSA 2400MX review

SonicWALL's NSA 2400MX is unusual in that amalgamates a full UTM security appliance with a Layer 2 switch. It's designed to offer SMBs a cost-effective alternative to separates, and allows security policies to be deployed right down to individual ports.

The 2400MX has 16 Fast Ethernet and ten Gigabit ports that can be grouped into zones, each with their own security policy. The base model provides an SPI firewall and support for IPsec VPNs, and you can add IPS, antivirus, antispyware, SonicWALL's application intelligence and URL category filtering.

The £2,529 exc VAT price includes a one-year TotalSecure subscription, which activates all these services. Antispam is an additional option, but compared with SMB appliances such as Netgear's ProSecure UTM5 and the A-Listed Cyberoam CR15wi, it's expensive. It uses SonicWALL's GRID (global response intelligent defense) network to pull in spam information from its global network of appliances and provide a sender reputation service. The appliance works only with internal mail servers, but does integrate with Exchange 2003 and 2007 servers, where it installs a Junk Store folder so users can check their own quarantined messages.

The web interface is well designed, and wizards help secure internet access and configure VPNs, DMZs and the application firewall. SonicWALL's PortShield feature allows you to place selected ports into logical units, each with their own security policies. These policies include firewall settings and QoS profiles, and will apply to any system or user within that logical group.

Switching features are all accessed from the same web interface, and the 2400MX supports a good range of L2 capabilities including port aggregation, mirroring, RSTP and VLAN trunking. The two slots at the rear are for expansion; new modules expected to be released are four-port Gigabit cards, a dual-port Gigabit card with bypass, and single-port WAN modules for ADSL and E1/T1 links.

The application firewall provides extensive controls for managing web browsing, email, attachments and file-transfer activities. Policies can be used to scan emails and files and check message content, subjects, senders and recipients and block file types. Bandwidth controls can be applied to selected activities such as FTP transfers, and the appliance can also prioritise SIP and H.323 traffic and automatically protect VoIP devices.

Different web-filtering policies can be applied to each port zone and you can pick and choose from 56 URL categories. We found these worked well, and with the games and gambling categories blocked, our users were unable to access any of these types of sites. Access controls for social networking sites are a work in progress, however, as SonicWALL has yet to add a category specifically for these sites. During testing, the only way we could stop people using Twitter and Facebook was by blocking the general web communications category.

The NSA 2400MX offers a fine combination of Ethernet switch and UTM appliance that's affordable for SMBs. SonicWALL's deep packet inspection and application firewall adds security, and the ability to apply policies to port zones makes it versatile.

Author: Dave Mitchell