Tactical Advice

All-in-One Threat Protection

SonicWall NSA 2400 UTM is easy to use and can handle almost any configuration.

The SonicWall NSA 2400 UTM firewall packs an amazing punch for such an affordable device. SonicWall, longtime provider of firewall devices for small and medium-size businesses, makes a strong play for the enterprise with this all-in-one appliance that seems to do everything — and do it remarkably well. Whether you’re a small business replacing a SOHO router or you’re running a complex midsize network, the NSA 2400 will likely earn your praise.

End-User Advantages

I last used a SonicWall device more than five years ago, and the web-based interface is just as easy to navigate as I remembered, although it offers much more flexibility than before. Even first-time users can configure basic connectivity in minutes.

The interface is simple and easy to use, and the flexibility provided in the configuration tools is impressive. Six physical ports allow for a wide array of configurations, while virtual LAN tagging supports dozens of additional security zones. The NSA 2400 UTM sports a comprehensive array of management tools that help create address objects (with user-friendly names), groups and rule sets.

One favorite, the “Matrix View,” provides quick access to rules affecting data moving from one network zone to another. Rather than wade through hundreds of unrelated rules, users can quickly zero in on those that are relevant. The troubleshooting tools are deep, allowing quick discovery of which rules are blocking which traffic. The event log tracks failed access attempts, while the packet sniffer checks and displays every packet moving through the appliance.

Why It Works for IT

I was most impressed by the redundancy features available in the NSA 2400, unmatched in this price class. In very little time I was able to cluster two firewalls for failover. The appliance supports multiple WAN links with failover and a variety of monitoring options to keep traffic alive. Combining an inexpensive second WAN link, such as DSL with a low-cost DNS host (easyDNS, for example), keeps both outbound and inbound traffic flowing in the event of a hardware or service provider failure. Finally, the NSA 2400 includes a bare-bones, inbound load balancing feature. While it doesn’t provide traffic shaping and application-aware load distribution, the NSA 2400 can support a highly available web farm, with inbound traffic spread somewhat evenly across multiple servers. IP or service monitoring will remove failed servers from the farm in seconds.

The interface includes integrated management for SonicWall’s SonicPoint Wi-Fi access points, and multiple virtual service set identifiers support separate wireless security zones. Routing all traffic through the firewall engine ensures all traffic is secure, even between Wi-Fi clients.

Integrated capabilities for gateway antivirus, intrusion prevention and content filtering provide a single management interface for all network security needs. The NSA 2400 can enforce client-based antivirus (provided by McAfee), further simplifying security management.

Disadvantages

There’s not much to dislike about the SonicWall NSA 2400; however, it is frustrating that individual rule changes are applied immediately. Checkpoint, on the other hand, smartly allows you to build a new configuration in whole, then test and deploy a set of changes at once. With SonicWall, if you have to make a dozen rule changes to migrate an old web server to a new machine, you may have a longer maintenance window as you scramble to push out all your rule and object changes one at a time. SonicWall also doesn’t automatically version your changes, so operators must save their configuration before starting any new work.

Some of the more advanced high-availability features (such as inbound load balancing) are poorly documented and not well supported. While surprisingly easy to implement once understood, I found it challenging to find help getting started.

Overall, however, the SonicWall NSA 2400 UTM proves a very capable device at a great price. Even organizations with specialized needs will find this solution able to handle almost any configuration thrown at it.

 

Ryan Suydam is director of operations at DesignFacilitator, creator of the web-based Client Feedback Tool, located in Raleigh, N.C.
Sign up for our e-newsletter

About the Author

Ryan Suydam

Ryan Suydam is director of operations at Design Facilitator, creator of the web-based Client Feedback Tool, located in Raleigh, N.C.

Security

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
Tools to Maintain Mobile Sec... |
Far-flung devices pose serious challenges, but a variety of technologies can help protect...
Edward Snowden Personifies t... |
The NSA leak shows critical areas where organizations can better protect their data.

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

The Value of Converged Infra... |
Improvements in security, management and efficiency are just a few of the benefits CI can...
Curse Builds a Private Cloud... |
One of the top resources in online gaming builds out a robust infrastructure that can...
SDN at the Forefront of HP’s... |
Computing giant kicks off Interop 2014 with a series of announcements aimed at turning...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Hardware & Software

Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
The Tools That Power Busines... |
Ever-evolving analytic software can greatly improve financial institutions’ decision-...
XP-iration Date: Today Is th... |
It’s officially lights out for Windows XP as an operating system. Here’s how the world is...