Review: Next Generation Security - Sonic Wall's NSA 2400


Printer-friendly version Email this CRN article

SonicWall touts their latest UTM as "the next generation security" appliance.

The Network Security Appliance 2400 is a very good appliance and it efficiently does the job as an all-in-one network security solution. It is also a step-up performance- and configuration-wise, from the previously reviewed NSA 3500. While the main security components are not vastly different from what other security vendors in the same league as SonicWall offer, the granular control, flexible dashboard views and some really top-notch customer support gives this product an edge over the competition.

Setting up the WAN and LAN interfaces was intuitive and easy to navigate with the management GUI. Network changes, such as changing the device's IP from the vendor's hard-coded one, to one on the test subnet were made instantaneously and without any drama whatsoever from the appliance.

An irritating problem of connected clients on the subnet not seeing the device was resolved with the assistance of a very patient and knowledgeable Help Desk staff. (Although vendors are more than willing to provide a tech guru for assistance with any glitches in reviews, a better gauge of how a company will provide technical support to VARS and solution providers is to cold call support.) The issue, by the way was a forgotten-about extraneous router in the test network topology that was blocking client access to the NSA 2400, and not a problem with the SonicWall device itself.

The dashboard feature in the management interface really stands out. The page can report threat statistics on a global scale. It can consolidate all threats being reported by devices reporting back to Sonic Wall's network, or can just report on the local NSA2400 alone. The dashboard gives numbers on "Top Viruses Blocked", "Top Intrusions Prevented" and other threats. There is also the ability to create an on-the-fly PDF file of either the global or local dashboard.

There is a left-hand menu in the interface that gives quick access to configuration options and maintenance tasks. From the "Status" option the interface reports some specs on the device -- its outfitted with 2x 500 MHz Mips64 Octeon processors and has 512 MB RAM with 512 Mb Flash. There is also a running counter on the appliance's CPU utilization -- during testing utilization maintained between 10 percent and 17 percent.

The NSA2400 has a useful packet capture feature. The tool gives detailed information on packets traversing the network. When a trace was started and ran for five minutes there was a negligible amount of overhead placed on the device's CPU according to the utilization counter, even with fifteen client connections to the device. Once the capture is finished, the data is exportable as a libcap file (useful if using an analyzer like WireShark) or as an HTML or text file.

The appliance has robust, in-the-box reporting capabilities. Reports can be generated on device status, active connections, DNS information and a host of other categories. The reports not only can be saved locally, but can be uploaded to Sonic Wall's tech support. A minor complaint: after uploading a diagnostics report, the system confirmed that the report was successfully sent, but there was no readily discernible way to verify the exact data sent and to whom it was sent.

Other features are ones that are pretty much standard with mid-market UTMs. The NSA2400 supports load balancing and WAN failover -- a user assigned interface can be designated as a secondary backup WAN interface. 802.11n is supported. There are the usual components of a typical UTM; content filtering, anti-virus, Intrusion detection, real time black list filtering and firewall. Yet, the NSA2400's firewall stands out as providing remarkably granular configuration that is not a headache to setup; there are a multitude of native services that firewall rules can be configured for from Citrix to Zeb Telnet.

Of course, custom services can be added as well. Firewall policies can also be setup at the application level. Quality of Service (QoS) allows an administrator to set class of service for a variety of traffic including voice and video.

The NSA2400 supports IPSec and SSL VPN (a number of UTMs seen in the Test Center, give the option of one or the other). It's these seemingly small extras like flexible VPN, innovative dashboard, detailed firewall control and great support that makes this product a winner.

Printer-friendly version Email this CRN article