Product Reviews

Protecting Mom and Pop

SonicWALL secures smaller networks.

• By James Carrion
• 11/01/2003

Even a seemingly secure network can be vulnerable. For instance, a SOHO firewall is completely bypassed every time an office adds an unsecured wireless access point. SonicWALL’s SOHO TZW, a security appliance that promises to secure it all—the LAN, WAN and Wireless LAN (WLAN)—is designed to solve that problem.

The SOHO TZW is an ICSA certified, stateful (dynamic packet filtering) firewall appliance that also serves as a secure 802.11b wireless access point and Internet gateway.

The SOHO TZW automatically detects and prevents common denial of service attacks such as ping of death and SYN flooding. Through a series of default network access rules, the appliance allows outbound traffic from the LAN/WLAN to the Internet, but can block all inbound traffic from the other direction. You can also create additional access rules that allow inbound traffic to internal company servers, such as your intranet Web server or SQL server.

SonicWALL’s SOHO TZW in Stealth Mode. (Click image to view larger version.)

As a LAN/WLAN Internet gateway, the SOHO TZW has a standard built-in Network Address Translation (NAT) service that can be configured to assign IP addresses to LAN/WLAN DHCP clients. Each appliance can also be configured as a VPN server so that two or more SOHO TZWs can connect to each other securely through a VPN tunnel (PPTP or L2TP) across the Internet.

On the wireless side, the most important security feature that should be configured is “WiFiSec Enforcement,” which mandates the use of IPSec-based VPNs before a wireless user can connect to the access point. Once WiFiSec Enforcement is enabled, all wireless clients must install the SonicWALL Global VPN Client (separately licensed) in order to get access to the LAN/WAN. Don’t try using third-party clients to connect to the access point; when I tried to use the Windows Server 2003 L2TP client, not only did I lose my wireless connection, but it reset the SOHO TZW device itself.

Through defined user accounts you can authenticate and track each wireless user’s access. You can also configure the appliance to not broadcast the access point SSID. If you want an extra layer of security, you can implement Wired Equivalence Privacy (WEP).

Another nice feature built into the appliance is Wireless Guest Services, a policy-based module that allows guest users such as consultants or temporary employees to access wireless services and connect to the Internet, but not to the local LAN.

Using an Internet browser, the appliance is administered through either a standard or SSL-secured, authenticated Web connection. I was pleasantly surprised at the number of management features this product offers—everything from built-in diagnostic tools like Ping, Traceroute and DNS lookup, to SNMP management and e-mail alerts. You can even configure the SOHO TZW to automatically download firmware updates and notify you for installation. There are many options, and some are confusing to configure. An admin who doesn’t want to peruse the 281-page administration manual can use a number of GUI wizards that walk through configuring the TZW, wireless and VPN access, and firewall access rules. Finally, you can export configuration settings to a file for recovery purposes.

I was a little disappointed with the slim reporting capabilities of the SOHO TZW, as I would expect more detailed auditing reports for a product with such a rich security feature set. You’re limited to either manually reviewing the log or viewing three basic reports: Web Site Hits, Bandwidth usage by IP Address, and by Service, none of which are really useful for security auditing purposes. If you want security-related reports, you have to purchase an add-on package from SonicWALL called ViewPoint.

Overall, I’d recommend this product for any Mom and Pop operation that wants a complete solution for protecting its SOHO network.