Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

SonicWall's PRO 1260 Enhanced offers flexibility at the low end

By Joel Snyder , Network World , 04/04/2005
  • Share/Email
  • Tweet This
  • Comment
  • Print

SonicWall's new PRO 1260 Enhanced gear combines the brains of its popular TZ-series firewalls with the body of a 25-port managed 10/100M bit/sec switch .

Because the PRO 1260 - released last week - runs an enhanced version of SonicOS software, each port on the firewall can be configured with its own security zone. You can set up an individual firewall for every system in the company's Internet DMZ. This keeps the DMZ from turning into a free-for-all if any one system sitting behind the firewall is cracked because inter-system traffic can be fully controlled.


How we did it
Archive of Network World tests
Subscribe to the Network Product Test Results newsletter


 

In our exclusive Clear Choice test, we found the PRO 1260 lives up to its flexibility promise. However, performance issues indicate this firewall might not be the right fit for inter-LAN traffic or Internet connections faster than 3M to 5M bit/sec.

The PRO 1260 offers the features you expect from an all-in-one firewall, including IPSec VPN, firewall-based anti-virus and content filtering, and in-line intrusion-detection and -prevention capabilities. SonicWall also has included e-mail filtering that can block certain types of attachments. Add to these optional features the traditional stateful packet filtering firewall and network address translation (NAT ) capabilities, and you have a traditional small and midsize business firewall package.

While other firewall vendors have commonly built small Ethernet switches into their products, SonicWall provides the capability to treat each port as a separate security zone with its own security policy, NAT rules and even bandwidth management allotments. Because there are 27 ports all told - 24 for the individualized zones, one for an up-link and two dedicated for optional WAN and DMZ usages - that's a lot of control and flexibility.

SonicWall unplugged

We also tested the PRO 1260 Enhanced with SonicWall’s recently released SonicPoint wireless access point. We found this combination to be a particularly elegant way to manage many wireless access points. We created a profile in the PRO 1260 GUI and then plugged in two SonicPoints. The PRO 1260 Enhanced detected them, upgraded them to the current version of firmware and configured them according to our profile.

Click to see:

The PRO 1260 uses a Web-based administrative GUI (although a command-line interface exists via the serial port). SonicWall has taken great pains to make the set of firewall rules viewable (and editable) in any one of three formats - a zone-by-zone grid; a list picked by zone; or just a long list of all rules.

Although we found the GUI easy to use, managing a long security policy would be tedious because of the inability to reuse rules across zones. For example, if you wanted to put the same rule in 20 different zones, you must enter it 20 times. Worse, if you wanted to change it, you must change it 20 times.

We tested the PRO 1260 by putting it in front of 16 production servers, which creates 16 zones and 16 security policies (See "How we did it" ). SonicWall keeps the vendor-specific jargon during setup to a minimum, which made it easy to configure and use the PRO 1260.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Comments (1)
Login
Forgot your account info?

fellowBy fellow on April 5, 2009, 11:36 pmfellow

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed