Solved

Sonicwall

Posted on 2004-09-07
23
691 Views
Last Modified: 2007-12-19
Howdy,

How do people rate the Sonicwall firewalls, inparticular.........

Sonicwall Pro 2040
    - Intrusion Prevention Service
    - Anti-virus
 
 Sonicwall TZ170
    - Intrusion Prevention Service
    - Anti-virus

Thought and experiences would be much appreciated.

Thanks again

:-)
   
0
Comment
Question by:stevendunne
  • 12
  • 11
23 Comments
 
LVL 5

Expert Comment

by:idyllicsys
ID: 12012049
I am a SonicWall Silver Medallion Partner, so I am little biased but they are both very good. The intrusion prevention service is second to none, especially for the money. It can stop the incoming and outgoing attacks related to IIS exploits, SQL attacks, etc.. as well as Slammer, Backorifice and others. It also can stop IM, P2P and music applications. Very nice.

As for the anti-virus, it's nice, but not perfect. It  is McAfee's ASAP service on the desktop, Viruscan 7.1 and Groupshield for the server. At the firewall level, it can scan for a limited number of virusses as they pass through on POP3 or SMTP. It can also remove unwanted e-mail attachments before they even hit the server.

As with all SonicWalls, you can try these services out before you buy them

As for the differences in the firewalls, if you get a TZ170 Unrestricted (Unlitmited Users) before the end of September and register it, you will get the Enhanced version of the SonicOS free. It you want more ports, get the 2040 but also get the enhanced upgrade. There is so much more you can do with it.

Ted
------------------
MCSE, CSSA
www.idyllicsys.com
0
 

Author Comment

by:stevendunne
ID: 12014737
How does the anti-virus work then ?  Are updates just sent to the box from a mcafee site and then it's able to detect the latest threats\viruses whilst inspecting the packets ?

Are all the services managed through the SonicOS via a web browser ?

What advantages aside from the extra ports does the 2040 have ?  I see the throughput speed of 200mb is a massive difference............
0
 
LVL 5

Expert Comment

by:idyllicsys
ID: 12014959
On the A/V, you can set the risk level that it requires the desktop progam to update automatically. The only updates the box gets are for scanning SMTP and POP3 traffic and that list is limited. It can't san for netsky or bagle. There are too many variants for the memory on the box to hold. It used to be good before the virusses became smarter.

Yes, all the services are managed through the browser. That is one of SonicWall's trademarks.

The 2040 is faster and rack mountable, but with the Standard OS you still only have three active ports, and the thrid has to act like a DMZ or second LAN. With SonicOS Enhanced, the fourth port becomes active and any port can be assigned to any zone. LAN, WAN, WLAN, DMZ or whatever you make up.

Ted
0
 

Author Comment

by:stevendunne
ID: 12015001
So really the AV on the box cannot help us with threats that may come through from browsing the net - http port 80 ?

Is the VPN client good ?

How do you compare this with Checkpoints safe@office 225 u box ? (Sorry for asking this has been recommended to me as well)

Steve
0
 
LVL 5

Expert Comment

by:idyllicsys
ID: 12015098
A/V  is useless on port 80. If you want to scan port 80, I would suggest a box like McAfee's webshield appliance behind the firewall. (Symantec and others have them too). The Intrusion Prevention Service may stop what you are looking for too. Take a look here. I am trying to find the list of over 1800 exploits it stops. http://www.sonicwall.com/products/ips.html

The VPN client is great.  The new Global VPN client is easy to manage and deploy. You can even get the Global Security Client instead, which includes a personal firewall that is controlled through a central policy on the firewall. You can use user level auth if you'd like. A lot of options and not enough space.

I am also a Checkpoint reseller. I became one to offer an option to my clients. Checkpoint, dollar for dollar, cannot match SonicWall anywhere.  The 225U is more expensive, has less features and in general is not as easy to use as the SonicWall. Checkpoint has there name from their VPN-1 product. The Safe@Office line is completely different.

Ted
0
 

Author Comment

by:stevendunne
ID: 12015815
So really the AV option isn't going to be any good as we already have a system in place for AV for SMTP mail ?

Im really looking for a software based solution for protecting us from internet port 80 threats.....Any ideas ? McAfee, Trend Micro ?
0
 
LVL 5

Expert Comment

by:idyllicsys
ID: 12016022
Which threats are you trying to stop? IPS may be able to stop it. http://www.sonicwall.com/services/pdfs/SonicWALL_IPS_FAQ.pdf

If you are looking for a gateway scanning appliance, look at this. http://www.trendmicro.com/en/products/network/nvw/evaluate/overview.htm

I a little partial to Trend right now. McAfee and Norton have caused too many problems for me.

Ted
0
 

Author Comment

by:stevendunne
ID: 12042941
I'm mainly just trying to stop threats\viruses that can be picked up through browsing the net.  We have Websense installed here which filters out many of the dodgy internet catergories and sites that are likely to carry these threats.

I'll probably look a Trend Micro's Web suite security software solution to protect us more from internet threats

http://www.trendmicro.com/en/products/gateway/iwss/evaluate/overview.htm

I'm a little naive when it comes to secure connections, but have there been many instances of these VPN clients being hacked or exposed ?  Is the level of encryption offered sufficent ?

0
 
LVL 5

Expert Comment

by:idyllicsys
ID: 12043160
I haven't seen VPN clients being hacked directly. Normally, the host computer is hacked and that is then used to hack into the corporate network. You can use DES, 3DES, AES-128 or AES-256. AES is the standard that is required for government certification.

to keep the client from being hacked, SonicWall offers the Global Security client. http://www.sonicwall.com/products/globalsecurityclient.html

It uses a series of policies to keep the remote computer protected.

The Trend Micro product looks good, espcially since you are already running a proxy.

Ted
0
 

Author Comment

by:stevendunne
ID: 12043282
Does the VPN client just need a username & password to authenticate ?  Or are there other ways like installing a certificate on the remote users machines, so that to access the network using the client you require a certificate installed & a username & password ?

Thanks for all your help, do you mind if I leave this open for a little while longer incase I have a few more questions ?  I'll raise the points value when I go to accept & close the question, if i can.

:-)
Steve
0
 
LVL 5

Expert Comment

by:idyllicsys
ID: 12043324
The VPN client can use all of those.  I haven't tried using the certificate and username and password, but i am sure it would work.

No problem. Leave it open. And when you're ready to buy, call me. I can probably meet or beat anybody's price.

Ted
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:stevendunne
ID: 12044310
For a 25 user organisation like ours, Internet activity as well as SMTP mail and with around 9-10 customers placing orders on our webserver a few times a day, will the 90mb throughput speed of the TZ170 be sufficent ?

I would have thought so as the firewall can hold around 6,000 concurrent connections.......

0
 
LVL 5

Expert Comment

by:idyllicsys
ID: 12044457
You won't even notice. The only issue will be the Internet connection speed. How fast your pipe is.
0
 

Author Comment

by:stevendunne
ID: 12053144
Will we require the SonicOS enhanced upgrade to allow us to configure the extras on the Tz170 ?  Looking at the datasheet the enhanced upgrade gives us Policy-based NAT & Object based management.....

Also can things like the DMZ be setup using within the Standard SonicOS ?  I'm not sure whether the free upgrade to the enhanced SonicOS will apply to us, as we are a company based in the UK...........

I'm a newbie with firewalls, so many little things to take on board and find out !  

:-)

Steve
0
 
LVL 5

Accepted Solution

by:
idyllicsys earned 350 total points
ID: 12053202
The enhanced is required for the following:

Wireless Access Points
Many to Many NAT
Port Redirection (Changing port numbers as they pass through the firewall)
Second WAN Port
WAN Load Balacing


Yes, a DMZ can be setup. It is just called the optional port in the SonicOS.

Ted
0
 

Author Comment

by:stevendunne
ID: 12224775
When managinging the firewall through the browser, is it recommended to setup a certificate so you'd manage the firewall through https:// ?

Or not as traffic isn't go out over the internet ?

0
 
LVL 5

Expert Comment

by:idyllicsys
ID: 12226004
I wouldnt worry about a certificate, especially if you are managing it from the internal interface only.
0
 

Author Comment

by:stevendunne
ID: 12226052
Ok, thanks. I'm just in the process of configuring the new box, and will be putting into the live environment next week.  Can I ask a few more questions....?

Is Viewpoint a useful tool for graphical viewing of IP's bandwith usage ?

Also using the SonicOS standard, does the log viewer give you detailed reports of attacks ?  Or is Viewpoint the tool for this ?

Should I use the default settings for Phase 1 & Phase 2 of the remote users VPN connections using the vpn client ?

How do you setup the Intrusion detection service ?  Do you just register the activation code through mysonicwall.com, and the rest takes care of itself ?
0
 
LVL 5

Expert Comment

by:idyllicsys
ID: 12226098
Viewpoint is perfect for that.

The log is good for getting an alert of an attack. It will also give you some of the basics. The nice part about Viewpoint is that you have access to the syslog data which is more confusing, but much more detailed.

I don't remember the default settings. Your best bet is to use AES and/or SHA1 whenever possible. If you don't have any older VPN clients out there, just use AES.

For IPS, register the activation code. Then it will synchronize with the unit. Once you do that, there will be a menu of options with High, Medium and Low Attacks, as well as IM and P2P. You can detect and/or block any. The default is to detect all and block High and Medium. I also recommend blocking IM and P2P. Then go in and manually adjust a few others. Go into the multimedia category and disable itunes, musicmatch and the others.

If you need to use IM of some kind, you can enable by unchecking the unblock for that specific service.
0
 

Author Comment

by:stevendunne
ID: 12227552
You don't need MS desktop SQL for Viewpoint do you ?  Syslog takes cares of the data.......

In terms of the firewalls rules, I take it only the traffic you state in here is allowed in and out of your network ?

Does the following rule take care of any other services outside of the rules, and will therefore be dropped ?

*        LAN            Any                 Deny  
0
 
LVL 5

Expert Comment

by:idyllicsys
ID: 12233179
It does use MSDE for storing the data. It gets the syslog data from the syslog collector and passes it to the database for reporting.

Yes, you are correct about the rules.

The final rule is the default inbound rule. If you were to not have any other rules, no data will come back through except the obviuous responses to normal outbound traffic.
0
 

Author Comment

by:stevendunne
ID: 12235637
I'm logged into SonicOS standard management console, and under System>Licenses it shows the IPS as licensed till Nov 2005.
However I cannot find the menu options for the IPS ?

I opened up an account and registered the activation codes on my PC.  I later setup the firewall, configured it and the box synchronised with all the security services when I connected it to the Internet.    

Could this have affected it ?

Also how do you change the priority on the access rules ?





0
 

Author Comment

by:stevendunne
ID: 12247047
I've got my head round this now

Thanks for all your help
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now