- How We Tested
- Astaro Security Gateway 110
- Check Point Safe@Office 1000N
- Netgear ProSecure UTM 50
- SonicWall NSA240
- WatchGuard XTM 810
- Testing Results
- Test Analysis
The SonicWall NSA240 is SonicWall’s entry level appliance from its NSA range. The NSA 240 has been designed to suit a small office network (up to 50 users) with a maximum firewall throughput of 600 Mbps.
The NSA240 packs a dual core 500MHz Mips64 Octeon processor, 256MB of RAM and 32MB of flash memory, encapsulated within a 40mm x 272mm x 195mm case. It’s not rack mountable mainly due to the slim-line design and its target audience.
This model features include a console port accessible by a DB9 to RJ45 cable, as well as two USB ports for management tasks. It has nine network ports, three 10/100/1000Mbps interfaces and six 10/100Mbps connections, which is a great specification for a unit in this price range. Two of the faster gigabit interfaces are dedicated to handling LAN and WAN traffic, with the third customisable as either a DMZ or as a secondary LAN/WAN connection. Its six 10/100Mbps interfaces can each be tailored to promote secondary LAN, WAN, and DMZ roles as required. If a secondary WAN zone is configured it is possible to enable the device to load balance web requests between both gigabit WAN ports. Alternatively, the additional WAN network may be used as a failover should the primary WAN connection cut out. It’s a really versatile arrangement.
SonicWall’s NSA240 features an additional, and fairly unique, WAN failover mechanism - an optional 3G cellular modem. If the wired WAN connections all fail, this wireless 3G internet connection will kick in, decreasing the amount of downtime.
The NSA240’s firewall is able to manage inbound/outbound network access for LAN, WAN, DMZ, VPN and SSL VPN roles. The primary firewall uses Stateful Packet Inspection (SPI) with an option to supplement this technology with Deep Packet Inspection (DPI) for more thorough traffic analysis. The device features SYN/RST/FIN flood protection in order to detect related malicious network traffic.
Other optional features include ‘Application Intelligence and Control’, ‘Intrusion Prevention’, ‘Gateway Anti-Virus and Anti-Spyware’, ‘Enforced Client Anti-Virus and Anti-Spyware’, ‘Content and URL Filtering (CFS)’, ‘ViewPoint Reporting’, ‘Comprehensive Anti-Spam Service’, and ‘SSL Inspection (DPI SSL)’ capabilities.
The automated reporting features aren’t really as good, or as easy to set up as some of the other solutions under test. However, the ‘Security Dashboard’ provides an excellent summary of viruses, spyware, intrusions attempts, and IM/P2P traffic statistics. ‘Security Dashboard’ data are exportable to a PDF file, which adds a professional touch to its reporting.
The SonicWall NSA240 has a clear and easy to understand Web GUI, administrators have three methods of viewing its firewall rules; ‘All Rules’, ‘Matrix’, and ‘drop-down boxes’. We gravitated towards the ‘Matrix’ mode because it provides a well organised view of the security rules currently in place.
RRP: $1934 AUS
Warranty: 1 year
positive
• Customisable network ports
• Excellent web GUI
• Multi-WAN failover options to minimise down time
negative
• Automated reporting features aren’t as straight forward as other solutions.
summary
The SonicWall NSA240 provides administrators with a high speed customisable gateway device, which has several optional failover mechanisms designed to significantly reduce downtime.