Mucking Up Malware

The setup of the device took a bit longer than it did with the Sophos appliance. The device was finicky about sharing network space with an intermediary router that also acted as a DHCP server, but after some reconnecting and swapping around cables, it was up and running.

Once the LAN and WAN interfaces were connected, the CP100 effortlessly picked up default network settings; nothing had to be defined.

The CP100 does the ultimate in hand-holding. Instead of opening up to a home page with configuration options, the only initial screen is a wizard to assist in getting started with the device. This nurturing assistance may be more of an annoyance to seasoned pros, but it made setup very easy, and ensured that settings were done with vendor recommendations.

A very useful feature—one that is helpful to even the technologically savviest—is the Help button that accompanies every configuration setting. The Help feature displays detailed information about that setting.

After breezing through the initial configuration, which consists of testing network settings and proxy settings, the interface still is not done ensuring the device is set up correctly. The Interface opens up to a registration page (which can be skipped at this point).

The next screen is a "Getting Started" section that provides a sequence of steps to finish configuration. This is on the device's home page. Besides the sequential list of tasks, there is a section for messages and system notifications. Reviewers went through the configurable modules listed in the "Getting Started" section:

"Group Management" has defined groups already that are associated with predefined policies—default, bypass filter and strict are among them.

The "Time of Day Rule Manager" allows for defining blocks of time policies and when usage takes effect.

In the "Internet Rules Manager" for testing purposes, the Moderate Policy Rule was applied to the Default group. The Moderate policy blocks access to the usual work-inappropriate sites like pornography, gambling, hacking and filter avoidance. Also files that have a greater chance of being piggy-backed with malware are blocked: .bat, .exe, .cmd and .dll files are among some of them. In this section of the interface, those administering the solution may choose to block specific URLs or can add a white list of safe sites.

One configuration option that is particularly useful is the "Shaping Rules" option. "Shaping Rules" is used to define how much bandwidth to allocate to a user group, for example, the maximum amount of data a group can download or upload. These rules can also be set against specific applications or Web content. One way this is effective for management would be in the case in which a group of users had to regularly upload data to a site as part of their job function. An Administrator could allocate a greater amount of bandwidth for this group to the site, while restricting bandwidth on the network for less critical tasks.

Groups can consist of either users or network nodes. The CP100 automatically picked up all nodes on the subnet. While possible to use LDAP, the LDAP integration is a bit lacking; users will come over from a defined LDAP server. However, in the case of Active Directory, specified groups and created AD objects will not import over. Also, there is no auto-synch to AD. A more robust solution to LDAP integration will be released with a very near-term upgrade. The feature will be available as a no-cost upgrade to current customers.

A stellar aspect to the CP100 was its reporting capabilities and real-time interface views. System reports include information on active users, CPU utilization, IP connections, latency, packets per second and RAM usage. The report page, which displayed the network nodes being monitored, showed total amount of nodes, top downloads and top uploads. A link was associated with each node listed showing a drill-down, real-time, beautifully rendered view of information about that particular node. Information for each particular node was very detailed and displayed total traffic, application traffic, Web requests by hosts and by category, infected spyware, IM chat log and any open ports on the node.

Truly, there is a plethora of information accessible from one area of the management interface.

The CP100 is also capable of managing remote subnets and VLANs.

Next: SonicWall NSA 3500