Review: SonicWall TZ 200 firewall appliance

The new SonicWALL TZ 200 may look like just another firewall appliance, but it does a lot more than just act as a firewall, hosting a comprehensive set of security services to protect network users against viruses, spyware and other threats at the internet gateway.

Performance and high availability are its selling points, but don't be fooled by the low price, as there are hidden costs involved if you want to take full advantage of what this new member of SonicWALL's TZ family has to offer.

Two models are available: the basic TZ 200 we tested plus a wireless version with a built-in Wireless-N Wi-Fi access point that costs for an extra £57 + VAT. Both sport a set of five 10/100Mbps Ethernet ports able to support a mix of local area network (LAN) and internet connections, plus a USB port for an optional 3G broadband modem.

Load balancing and automatic failover is available across all wide area network (WAN) ports, including the 3G connection where configured. For the really paranoid, it can even failover to another SonicWALL TZ appliance.

For our tests, we used just one WAN interface, connecting to outside world via a broadband router, with a network switch connected on the internal LAN side.

More information on how to cope with this and other configurations would be nice, but armed with the slim getting-started guide plus the setup wizard that ran when we first powered up the device, we blundered through and had our TZ 200 up and running in just under half an hour.

A browser-based interface is used to manage the appliance with a simple and easy-to-follow menu accompanied by plenty of help.

As with most security products, a fair amount of technical knowledge is assumed, but common tasks such as setting up virtual private network (VPN) policies, plus rules to allow traffic through to web, email and FTP servers, can all be performed by wizards.

Other tasks can take a while to get to grips with, and although they should be within the scope of most network managers, those with limited resources would do well to have the appliance configured for them.

We found some of the options quite complex to configure, and a great deal of trial and error was required to get the setup we wanted. But it didn't take too long to get the appliance to trap downloads of test viruses from Eicar and other sources, and also to block access to web sites based on categories we selected.

We particularly liked the ability to apply different policies to our wireless and wired networks as well as control guest users, plus the option to customise the warning message shown when a site is blocked - the default colours made it almost unreadable on our test PCs.

On the downside, you need a licence in order to use just about every security option other than the firewall.We tested using the trial licences included with the device, but thereafter you have to wade through a stack of licensing options in order to stay protected.

One way of avoiding this is to buy the so-called TotalSecure package which includes the hardware and a one-year licence for anti-virus, spyware and intrusion prevention services (IPS), plus a similar year's support and updates for content filtering.

TotalSecure adds £130 to the price, a saving of £30 compared to the cost of buying the licences separately. However, you will need to renew when the year is up, and the cheapest package on offer is a three-year deal at £296 + VAT.

The TZ 200 can also filter spam from SMTP email traffic as it passes through the gateway, but this option isn't included in the TotalSecure package. A single domain licence for 10 users adds another £203 + VAT to the running costs. Plus, if you're a heavy VPN user, you'll need to shell out to extend the meagre two client licences included in the TotalSecure package. A maximum of just 10 is allowed on this model.

While designed to be used to protect small and medium-sized networks, we came nowhere near to stressing the TZ 200. Powered by a 400MHz Mips64 Octeon processor, it is a lot faster than previous members of the TZ family.

Maximum throughput is 100Mbit/s for the stateful inspection firewall, with 50Mbit/s for anti-virus and 35Mbit/s for the unified threat management (UTM) protection - all quite impressive for such a tiny device. It's quite amazing how much SonicWALL has managed to pack into the TZ 200, exceeding the capabilities of other, more expensive, UTM products.

More transparency with regards to the licensing required for all the features would be appreciated, but most customers are likely to buy the device from specialist resellers who can advise on what's needed, and even with all the bells and whistles configured, the TZ 200 is good value and a hard act for rivals to follow.