SonicWALL Technologies' TELE3 and SOHO3 are robust personal firewall and VPN network-security appliances that protect your home or branch office network from attacks and unauthorized use. Although these firewalls are significantly more expensive than their popular broadband-router and personal-firewall competitors, they have passed rigorous International Customer Service Association (ICSA) certification and have feature sets similar to some enterprise-class firewalls.
At the core of these devices is a stateful inspection engine that supports a Web or command-line-interface-based management front end, flexible rule-based network-access controls, IP Security (IPSec) VPN capability, robust logging, content filtering, auto-update, and antivirus protection. You can centrally manage many of these devices by using the SonicWALL Global Management System (GMS). SonicWALL also offers the TELE3 TZ, a variation of the TELE3 that includes two LAN connections: a "homeport" for home machines and a "workport" for corporate machines (think of a multilegged firewall). This design prevents home machines (and any vulnerabilities they might have) from accessing the telecommuter's work machine or corporate network.
Although installation is straightforward, a conceptual knowledge of home networking and IP sharing using Network Address Translation (NAT) is advisable. (Installing any router for the first time can be tricky; throw in advanced security features and less tech-savvy users might want to seek assistance.) SonicWALL has several well-designed Web pages that offer setup and administration information. In addition to the well-written quick-start guide, each device includes a 200-page manual that describes all the firewall features. An optional wizard walks you through the installation, including WAN and LAN interface configuration, whether to use the firewall's DHCP service, and how to configure your internal machines. By default, all outbound LAN traffic is allowed and all inbound WAN traffic is denied. I used the SonicWALL firewall and its included cables to connect my Windows XP laptop to my DSL modem, and I was surfing the Web in less than 15 minutes.
The Network Access Rules control what traffic the firewall will transmit. The rule configuration tool makes it easy to turn on rules for well-known services (such as the Web or FTP) or to create custom services for other applications. Or you can specify a Public LAN Server to make an internal Web server (or other service) available to Internet users.
Most personal firewalls support PPTP pass-through, which lets one user on an internal machine behind the firewall connect to a corporate VPN as a client. In addition to this basic functionality, the SonicWALL products provide a much more powerful feature—acting as an IPSec VPN tunnel endpoint (you need two endpoints to make a tunnel). This feature is useful for branch offices that have few users and need a constant, secure connection with other offices. The VPN tunnel supports Data Encryption Standard (DES) and Triple DES (3DES) encryption, Secure Hash Algorithm-1 (SHA-1) and MD5 authentication, and Remote Authentication Dial-In User Service (RADIUS) or certificate authentication. VPN support for five users is included with the TELE3 and is optional for the SOHO3.
The SonicWALL firewalls' sophisticated logging records system errors, blocked Web sites, user activity, attempted attacks, and dropped packets. Aggregated reports include Web site hits and bandwidth usage by IP address and service. You can view logging directly on the administration Web page or be redirected to a syslog or SNMP service. The intrusion-detection logic is basic, however, and is susceptible to false positives. For example, the firewall correctly identified a basic port scan of the WAN interface but also recorded the activity as four other falsely identified attack attempts. Even so, this network-based intrusion detection is a welcome feature.
The firewalls include filtering that blocks Web pages based on keyword content or domain. As an optional add-on, you can regularly download a blacklist of offending Web sites based on 12 categories of Internet content filtering (such as nudity or violence). You can bypass filtering on a per-user basis.
As you would expect, all these features come at a higher price than most other personal firewalls, and you can purchase additional features to further enhance the product. The SonicWALL license model permits only 5 nodes behind the firewall for the TELE3 and 10 nodes for the SOHO3. Some users who have more than five computers and who typically appreciate higher functionality might be disappointed by these restrictions, but you can purchase more nodes if you need them. You'll need a broadband/WAN Ethernet connection and an internal machine with an Ethernet NIC or hub. The TELE3 costs $495 for 5 users and 5 VPN users. The SOHO3 costs $495 for 10 users and no VPN accessibility or $795 for 10 users and 10 VPN users.
All in all, these small-footprint, appliance-style devices pack surprising power and flexibility and host an abundance of security features with a clean management interface. For more information, contact SonicWALL on the Web at http://www.sonicwall.com or by calling 408-745-9600.
