The SonicWall NSA 2400 UTM  firewall packs an amazing punch for such an affordable device. SonicWall, longtime provider of firewall devices for small and medium-size businesses, makes a strong play for the enterprise with this all-in-one appliance that seems to do everything — and do it remarkably well. Whether you’re a small business replacing a SOHO router or you’re running a complex midsize network, the NSA 2400 will likely earn your praise.
I last used a SonicWall device more than five years ago, and the web-based interface is just as easy to navigate as I remembered, although it offers much more flexibility than before. Even first-time users can configure basic connectivity in minutes.
The interface is simple and easy to use, and the flexibility provided in the configuration tools is impressive. Six physical ports allow for a wide array of configurations, while virtual LAN tagging supports dozens of additional security zones. The NSA 2400 UTM sports a comprehensive array of management tools that help create address objects (with user-friendly names), groups and rule sets.
One favorite, the “Matrix View,” provides quick access to rules affecting data moving from one network zone to another. Rather than wade through hundreds of unrelated rules, users can quickly zero in on those that are relevant. The troubleshooting tools are deep, allowing quick discovery of which rules are blocking which traffic. The event log tracks failed access attempts, while the packet sniffer checks and displays every packet moving through the appliance.
I was most impressed by the redundancy features available in the NSA 2400, unmatched in this price class. In very little time I was able to cluster two firewalls for failover. The appliance supports multiple WAN links with failover and a variety of monitoring options to keep traffic alive. Combining an inexpensive second WAN link, such as DSL with a low-cost DNS host (easyDNS, for example), keeps both outbound and inbound traffic flowing in the event of a hardware or service provider failure. Finally, the NSA 2400 includes a bare-bones, inbound load balancing feature. While it doesn’t provide traffic shaping and application-aware load distribution, the NSA 2400 can support a highly available web farm, with inbound traffic spread somewhat evenly across multiple servers. IP or service monitoring will remove failed servers from the farm in seconds.
The interface includes integrated management for SonicWall’s SonicPoint Wi-Fi access points , and multiple virtual service set identifiers support separate wireless security zones. Routing all traffic through the firewall engine ensures all traffic is secure, even between Wi-Fi clients.
Integrated capabilities for gateway antivirus, intrusion prevention and content filtering provide a single management interface for all network security needs. The NSA 2400 can enforce client-based antivirus (provided by McAfee), further simplifying security management.
There’s not much to dislike about the SonicWall NSA 2400; however, it is frustrating that individual rule changes are applied immediately. Checkpoint, on the other hand, smartly allows you to build a new configuration in whole, then test and deploy a set of changes at once. With SonicWall, if you have to make a dozen rule changes to migrate an old web server to a new machine, you may have a longer maintenance window as you scramble to push out all your rule and object changes one at a time. SonicWall also doesn’t automatically version your changes, so operators must save their configuration before starting any new work.
Some of the more advanced high-availability features (such as inbound load balancing) are poorly documented and not well supported. While surprisingly easy to implement once understood, I found it challenging to find help getting started.
Overall, however, the SonicWall NSA 2400 UTM proves a very capable device at a great price. Even organizations with specialized needs will find this solution able to handle almost any configuration thrown at it.