The SonicWall NSA E7500 is a breeze to configure, an excellent performer, and the truest unified threat manager (UTM) we tested, blocking an impressive 96 percent of the attacks we threw at it.
SonicWall provides gateway anti-virus services across a range of protocols: HTTP, FTP, IMAP, SMTP, POP3, CIFS/NetBIOS, and TCP streaming protocols, either inbound or outbound. It also provides rich IDS/IPS functionality, anti-spyware protection (with an incredibly rich set of signatures available to check packets against), a real-time black list, and Web content filter that can restrict ActiveX, Java, cookies, or HTTP proxy services, as well as use white and black lists for access. It should be pointed out that rules could be applied by schedule, to perhaps allow gaming after hours.
Optional software is available to allow the SonicWall to provide NAC-like services such as enforcing the use of anti-virus software on clients. SonicWall also offers a central management system that allows you to manage all of your SonicWall devices from a single console.
Test Center Scorecard
- Attack blocking (15%): 9
- Ease of setup (15%): 9
- Features (15%): 8
- Management (15%): 8
- Scalability (15%): 8
- Throughput (15%): 9
- Value (10%): 6
- Overall score: 8.3 (very good)
Wizard power
SonicWall beats the competition on ease of initial setup. You get a series of wizards to set up an Internet firewall or an application firewall, or to provide public access to an internal server, or to set up VPNs (either site to site or from a SonicWall Global VPN client). Going through the setup wizard, you’re prompted to change your password and time zone, set up the WAN interface, set up the LAN, establish your DHCP settings, then wrap everything up. You have to know how you want things set up, but the wizard makes sure you proceed in a nice logical order, and you don’t forget anything.
The wizards can even have a pleasant sense of humor, such as when suggesting that you make your admin password something that’s "easy to remember but difficult to guess, such as k3ch33s3." We know we’ll always keep that in mind.
Setting up VPN tunnels is straightforward, although the sheer number of policy options makes it less simple than it might be. If you’re not comfortable with all the options, the wizard is there to help. But with or without the wizard, the SonicWall lets you create VPN tunnels for almost any purpose you can imagine.
SonicWall includes SSL VPN as part of the bundle, supporting Windows (32- and 64-bit), Mac, and Linux users through either an SSL Web portal or a downloadable client that can tunnel all or part of the network traffic of the remote device. The portal allows you to add in your own HTML code and bookmarks for RDP, Telnet, HTML/SSL, SSH, file shares (CIFS), and Citrix. The NetExtender client allows routes to be pushed to the remote client to force certain traffic through the SSL VPN. A cool option will remove the NetExtender software upon logout, leaving behind minimal footprints on that Internet café machine you just used.
In the latest generation of SonicOS, SonicWall added a Security Dashboard with both local and global views. The local view shows attacks against the firewall itself, while the global view, based on data collected by SonicWalls around the world, aims to alert you to attacks happening elsewhere that may be heading your way. This is information is best provided to your management in small doses, but can be very useful to distribute when a bonehead questions the need for all those "extra" UTM functions.
Sporting a 16-core Cavium processor, the SonicWall NSA E7500 has the legs to cross into what would normally be called medium to large enterprise. Its easy, wizard-driven setup interface doesn’t mean you can safely remain ignorant of security principles, and the power doesn’t mean it’s a fit for every company, but the combination does make the E7500 suitable for a wide variety of organizations and security needs. It should be pointed out that if you’re considering an HA pair, make sure you buy them together as a package. The company offers huge discounts on both the hardware and features licenses.
Pros: High throughput even when under attack. Dedicated management core ensures responsiveness of management system. Great set of wizards for configuring firewall roles. Excellent protection against vulnerability-based Internet attacks, with the best attack-blocking performance in our test.
Cons: Expensive.
Platforms: 16-core Cavium-based 1U appliance with 4 Copper Gigabit ports, 4 SFT ports, 1 Copper HA port, firewall, VPN, anti-malware, IDS/IPS, Web content filtering, and spam blocking. SSL-VPN feature was tested with Windows, Mac, and Linux.
Bottom Line: SonicWall NSA E7500 is one of the rare products that combines an easy-to-use interface with enough power to meet needs well above the user class to which it’s marketed. Throughput is sufficient for the high end of a midsize business or perhaps even the low end of a large corporation. The unit’s 96 percent success rate at blocking attacks was best in the test by far.
SonicWall’s NSA E7500 combines smooth setup, high performance, and real protection against Internet malware
