Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 113
  • Last Modified:

Firewall Appliance

I have had 2 Sonicwall Firewalls over the last 10 years, a TZ170 and my current firewall, a TZ210. I've had them configured per Sonicwall's suggestions but have never used their security suite. How safe are we? I use anti-virus on our computer level and have never been breached. (Knock on wood). The million dollar question is does a Firewall Appliance work without the intrusion prevention? I seems like it does. We are going to open up a second location and plan on buying a TZ300 and looking at just the appliance vs a year comprehensive security suite.

Any articles you can point me to would also be helpful.
0
Dan Purcell
Asked:
Dan Purcell
2 Solutions
 
J SpoorTMECommented:
The SonicWALL firewalls without security services are just a statfull firewall.

The IPS plugs the holes and exploits of software like java, flash etc. An AV doesn't do that.
Also SonicWALL's GateWay AV keeps out viruses at the edge.
Virus protection is always best done at two levels, 1) gateway, 2) endpoint as last resort.

I strongly suggest you get the Total Secure bundle. Also there's a secure upgrade program, to "swap" your old TZ for a new one and get discount.


See example configurations at http://livedemo.sonicwall.com
0
 
btanExec ConsultantCommented:
If you are looking at mainly internet traffic, then SonicWall Comprehensive Security Suite (CGSS) make sense as it include ICSA-certified gateway anti-virus and anti-spyware protection and more. The suite objective is to help you to stop at network traffic early before it reaches the user's host machine - build up the layer of network defence for attacks deterrence and it helps early detection and alerting cum blocking. It is "comprehensive" GSS as it include 24x7 support. Other key capability besides the AV support are
- It has a  dynamically updated signature database for continuous threat protection
- It does content filtering e.g. control of internal access to inappropriate, unproductive and potentially illegal web content
- It can extend security and productivity by enforcing Internet use policies on endpoint devices located outside the firewall perimeter with the Dell SonicWALL Content Filtering Client
https://www.sonicwall.com/comprehensive-gateway-security-suite/

Since it is ICSA certificate, check out the ICSA website and see their AV monthly testing reports, it has been passing consistently detecting the malware in wild and email list managed by ICSA with the latest threat

https://www.icsalabs.com/product/dell-sonicwall-tz-nsa-e-class-nsa-series

FW in fact is not a NIPS/NIDS as the former does stateful inspection while the latter does more commonly inspection for web application attacks as SQL injection, cross site scripting, remote code execution, shell code payloads and remote procedure calls, as well as protocol anomalies. FW can work as-is w/o the such IPS deep inspection but having too many boxes in the choke points leads to more operational management work hence comes in the UTM or the NGFW that will include such IPS capability or those security module in the FWs.https://www.sonicwall.com/documents/sonicwall-intrusion-prevention-datasheet-68967.pdf

You can still go for one FW and have the CGSS which gives you better and earliest threat coverage. However the part about SSL traffice will not be inspected since it is encrypted. There is another SSL decryption suite - https://www.sonicwall.com/ssl-decryption-and-inspection/
0
 
Dan PurcellManagerAuthor Commented:
Thanks for your input
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now