SonicWall's PRO 1260 Enhanced offers flexibility at the low end

SonicWall's new PRO 1260 Enhanced gear combines the brains of its popular TZ-series firewalls with the body of a 25-port managed 10/100M bit/sec switch .

Because the PRO 1260 - released last week - runs an enhanced version of SonicOS software, each port on the firewall can be configured with its own security zone. You can set up an individual firewall for every system in the company's Internet DMZ. This keeps the DMZ from turning into a free-for-all if any one system sitting behind the firewall is cracked because inter-system traffic can be fully controlled.

In our exclusive Clear Choice test, we found the PRO 1260 lives up to its flexibility promise. However, performance issues indicate this firewall might not be the right fit for inter-LAN traffic or Internet connections faster than 3M to 5M bit/sec.

The PRO 1260 offers the features you expect from an all-in-one firewall, including IPSec VPN, firewall-based anti-virus and content filtering, and in-line intrusion-detection and -prevention capabilities. SonicWall also has included e-mail filtering that can block certain types of attachments. Add to these optional features the traditional stateful packet filtering firewall and network address translation (NAT ) capabilities, and you have a traditional small and midsize business firewall package.

While other firewall vendors have commonly built small Ethernet switches into their products, SonicWall provides the capability to treat each port as a separate security zone with its own security policy, NAT rules and even bandwidth management allotments. Because there are 27 ports all told - 24 for the individualized zones, one for an up-link and two dedicated for optional WAN and DMZ usages - that's a lot of control and flexibility.

The PRO 1260 uses a Web-based administrative GUI (although a command-line interface exists via the serial port). SonicWall has taken great pains to make the set of firewall rules viewable (and editable) in any one of three formats - a zone-by-zone grid; a list picked by zone; or just a long list of all rules.

Although we found the GUI easy to use, managing a long security policy would be tedious because of the inability to reuse rules across zones. For example, if you wanted to put the same rule in 20 different zones, you must enter it 20 times. Worse, if you wanted to change it, you must change it 20 times.

We tested the PRO 1260 by putting it in front of 16 production servers, which creates 16 zones and 16 security policies (See "How we did it" ). SonicWall keeps the vendor-specific jargon during setup to a minimum, which made it easy to configure and use the PRO 1260.