Firewalls: SOHO Lockdown

The CRN Test Center reviewed two firewalls designed for small networks that include wireless and VPN capabilities: the WatchGuard Firebox SOHO 6 and the SonicWall SOHO TZW.

WatchGuard's new Firebox SOHO 6 wireless firewall/VPN appliance includes an 802.11b wireless access point, wired four-port switch and Web-based management capabilities in a very small package, making it one of the most versatile security products for small businesses, remote offices and telecommuters.

The Firebox SOHO 6 offers DES encryption, authentication and IPsec VPN and mobile-user VPN support. International Computer Security Association (ICSA)-certified dynamic stateful packet filtering, desktop antivirus protection and optional Web content filtering are also included. Like most of these appliances, network address translation (NAT) is supported.

Dynamic DNS support allows VPN tunnels to be set up by domain name and eliminates the need for static IP addresses that usually aren't available with cable modems. A meshed VPN topology establishes private, encrypted tunnels between up to seven Firebox SOHO 6 appliances for secure data sharing.

WatchGuard includes a 90-day renewable subscription to its LiveSecurity Service with each Firebox SOHO 6. The service provides software updates, technical support, security broadcasts and access to help and training resources. The Firebox SOHO 6 ships with a 10-seat license.

The Firebox SOHO 6 connects to any 10/100 port and installs between a network and its Internet connection, making setup easy. It features a WAN port that connects to the outside network and four protected 10/100 ports. An additional hub is required if more than four wired computers must be protected. Out of the box, the wireless functionality is enabled for any computer equipped to receive the 802.11b signal. The unit is configured through an intuitive interface accessed via a Web browser pointing to the Firebox SOHO 6's default IP address.

The SonicWall SOHO TZW (Trusted Zone for Wireless) also combines firewall and VPN technologies with an integrated 802.11b access point and Web management interface to provide both wired and wireless security. SonicWall's base configuration supports up to 25 users, 15 more than the WatchGuard unit. The TZW license can be upgraded to support 50 or an unlimited number of users. But the SonicWall unit will support only one wired computer without needing an additional hub or switch.

The SonicWall unit can be configured as a combination firewall, VPN and gateway to support both LAN and WLAN zones. It also can be used as a departmental access point, providing secure access to an existing corporate LAN. Wireless guest services can provide an easily accessible guest zone for Internet connectivity in hot spots, lobbies and conference rooms, while restricting corporate LAN access.

Solution providers can configure the unit's IPsec authentication and encryption between the LAN and the WLAN. The included VPN client establishes a wireless connection from the mobile user to the appliance and automatically downloads the security settings. The enforcement of IPsec 3DES encryption on the wireless LAN provides secure encryption and authentication.

The Tunnel-All mode forces authenticated users to transmit in infrastructure mode to prevent ad hoc wireless networking. Antivirus and content filtering improves network security and can increase worker productivity by preventing unnecessary Web site access. The unit includes 90 days of e-mail, telephone support and software updates. Extended support contracts are available.

Like the Firebox SOHO 6, this unit is configured through a Web interface, which includes a setup wizard. The wizard walks the installer through the setup procedures by first asking for the deployment scenario, with the default scenario being an office gateway. The wizard then lets the installer set passwords and time zones, as well as configure network settings. VPN clients and wireless guest services are also configured from the setup wizard.

Both units are excellent choices for the SOHO market, are easy to use and offer similar functionality. However, WatchGuard's printed documentation is more complete. For solution providers that need to protect up to four wired computers, WatchGuard's unit is the best choice. But for those that need to support 10 to 25 users, the SonicWall unit is more cost-effective.

CHANNEL PROGRAM SNAPSHOTS
>WATCHGUARD FIREBOX SOHO 6
PRICE: $799
MARGIN: 15 to 20 percent
WARRANTY: 1 year
DISTRIBUTORS: Ingram Mico, Synnex, Tech Data, Westcon
TECH RATING: ****
CHANNEL RATING: *****

CHANNEL OVERVIEW: Authorization is not required to sell the Firebox SOHO but is for membership in the WatchGuard Secure Partner program. WSP program members receive free training and certification, access to the partner site as well as access to a live security subscription service, which provides security updates and can be resold to end users. Seattle-based WatchGuard also can notify solution providers when their end users' subscriptions are due to expire. Free 24x7 priority technical support is available to all partners, said Christine Pomeroy, director of channel marketing. ,Michael Gros

Note: Vendors can earn up to five stars for technical merit and five for their channel program. If the average of these two scores is four stars or greater, the product earns CRN Test Center Recommended status.

SONICWALL SOHO TZW
PRICE: $895
MARGIN: 25 percent
WARRANTY: 1 year
DISTRIBUTORS: Bell Micro, Ingram Micro, Tech Data
TECH RATING: ****
CHANNEL RATING: ***

CHANNEL OVERVIEW: Solution providers in SonicWall's three-tier partner program receive varying levels of training, MDFs, technical support and general discounts, based on sales volume. A variety of lead-generation tools including co-branded publicity materials, white papers and flash movies are provided. SonicWall, Sunnyvale, Calif., also offers online sales training and hands-on technical training periodically in major cities. ,Michael Gros

Note: Vendors can earn up to five stars for technical merit and five for their channel program. If the average of these two scores is four stars or greater, the product earns CRN Test Center Recommended status.