SonicWALL E-Class NSA E8500 review

SonicWALL has firewall and Unified Threat Management appliances to suit the smallest of businesses all the way up to large corporate customers. The company's E-Class products sit at the top of that range, and we recently took a look at the NSA E8500, a highly scalable next-generation firewall capable of processing up to 8Gbit of network traffic per second.

NSA stands for Network Security Appliance, indicating that what you get is a lot more than just a stateful inspection firewall. Indeed, one of the key selling points is what SonicWALL calls its Reassembly-Free Deep Packet Inspection technology.

This, in essence, allows administrators to intercept and identify traffic across all available ports from a list of thousands of applications, including those using SSL encryption, which it does without introducing any significant extra latency.

A 16-core processor supported by 4GB of memory helps to make this possible, with one core dedicated to management while the others drive the security features.

From the outside the NSA E8500 is a conventional 1U rack-mountable device, but it's clearly designed with the enterprise network in mind, with hot-swappable power supplies and cooling fans as standard.

These simply slide in at the rear of the unit while, for customers looking for even greater redundancy, there's the option of a second E8500 to act as a backup with a dedicated High Availability (HA) interface to link the two together.

Naturally there's a cost involved, and adding a second might seem an expensive luxury at just under £40,000 for the main unit. However, a high availability pair can share the same software licences to help minimise the cost, and it's not that big an outlay for companies looking for the ultimate in availability.

The interfaces are arranged across the front panel, with four more Gigabit UTP ports for LAN/WAN attachment as well as the Gigabit Ethernet HA port, plus another four sockets to take SFP transceivers to add four more UTP ports or allow for fibre optic connectivity.

The interfaces can be flexibly assigned to LAN or WAN duties with the usual option of a Demilitarized Zone, plus there's a pair of USB ports to take a 3G dongle for failover.

You also get a console port and a small LCD display with associated control buttons, although these local controls are rarely required as there's a much simpler web interface for day-to-day management.

We say simpler, but there's a lot of functionality packed into the SonicOS software driving the appliance and a fair amount of technical knowledge is assumed. A wizard helps with initial configuration and, once complete, you will have a reasonably secure setup.

However, after we'd gone through this procedure we found some of the more advanced options quite complex to manage. There's also quite a lot to get to grips with and we'd strongly recommend getting specialist help with deployment as well as training for those charged with maintenance. Some may even prefer to outsource the whole deal.