Snyder, a Network World Test Alliance partner, is a senior partner at Opus One in Tucson, Ariz. He can be reached at
SonicWALL recently started shipping six new firewalls to replace the low-end of their product line. The new firewalls are the TZ100, TZ200, and TZ210, each also available with 802.11n wireless integration. This product release completes SonicWALL's transition to the Cavium Networks' Octeon processor line, putting all of their firewalls on the same code base and with a similar feature set.
In our testing of the SonicWALL TZ200 and TZ210 systems, we discovered a significant performance impact when UTM features were enabled on typical Internet traffic.
Cisco is shipping what it claims is the first intrusion prevention system (IPS) to correlate IP reputation filtering with signature-based intrusion prevention sensors.
We installed a Cisco 4260 IPS appliance in a production network with approximately 700 Web sites generating approximately 25Mbps traffic to the Internet. Our goal in this testing was to focus on the reputation services aspect of the 7.0 software, so we did not do specific performance or IPS coverage testing.
Understanding exactly how SensorBase will affect an event¿s Risk Rating when Global Correlation Inspection is turned on is somewhat complicated. You have to pick a system-wide level, ranging from ¿permissive¿ to ¿standard¿ to ¿aggressive.¿ Then, every time an event occurs where the IP address involved has a bad reputation, the Risk Rating will be bumped up by some amount.
The traditional way of querying a reputation service database, by DNS queries, wouldn¿t work in an IPS environment. Instead, IPS 7.0 downloads the entire reputation service database and keeps it frequently updated. No additional license is required to use reputation filtering, but you must have an active license and Cisco support agreement to turn on downloading.
The Leader in Network Knowledge