Solved

Firewall Appliance

Posted on 2016-10-21
3
57 Views
Last Modified: 2016-10-21
I have had 2 Sonicwall Firewalls over the last 10 years, a TZ170 and my current firewall, a TZ210. I've had them configured per Sonicwall's suggestions but have never used their security suite. How safe are we? I use anti-virus on our computer level and have never been breached. (Knock on wood). The million dollar question is does a Firewall Appliance work without the intrusion prevention? I seems like it does. We are going to open up a second location and plan on buying a TZ300 and looking at just the appliance vs a year comprehensive security suite.

Any articles you can point me to would also be helpful.
0
Comment
Question by:Dan Purcell
3 Comments
 
LVL 7

Assisted Solution

by:J Spoor
J Spoor earned 250 total points
ID: 41854024
The SonicWALL firewalls without security services are just a statfull firewall.

The IPS plugs the holes and exploits of software like java, flash etc. An AV doesn't do that.
Also SonicWALL's GateWay AV keeps out viruses at the edge.
Virus protection is always best done at two levels, 1) gateway, 2) endpoint as last resort.

I strongly suggest you get the Total Secure bundle. Also there's a secure upgrade program, to "swap" your old TZ for a new one and get discount.


See example configurations at http://livedemo.sonicwall.com
0
 
LVL 62

Accepted Solution

by:
btan earned 250 total points
ID: 41854058
If you are looking at mainly internet traffic, then SonicWall Comprehensive Security Suite (CGSS) make sense as it include ICSA-certified gateway anti-virus and anti-spyware protection and more. The suite objective is to help you to stop at network traffic early before it reaches the user's host machine - build up the layer of network defence for attacks deterrence and it helps early detection and alerting cum blocking. It is "comprehensive" GSS as it include 24x7 support. Other key capability besides the AV support are
- It has a  dynamically updated signature database for continuous threat protection
- It does content filtering e.g. control of internal access to inappropriate, unproductive and potentially illegal web content
- It can extend security and productivity by enforcing Internet use policies on endpoint devices located outside the firewall perimeter with the Dell SonicWALL Content Filtering Client
https://www.sonicwall.com/comprehensive-gateway-security-suite/

Since it is ICSA certificate, check out the ICSA website and see their AV monthly testing reports, it has been passing consistently detecting the malware in wild and email list managed by ICSA with the latest threat

https://www.icsalabs.com/product/dell-sonicwall-tz-nsa-e-class-nsa-series

FW in fact is not a NIPS/NIDS as the former does stateful inspection while the latter does more commonly inspection for web application attacks as SQL injection, cross site scripting, remote code execution, shell code payloads and remote procedure calls, as well as protocol anomalies. FW can work as-is w/o the such IPS deep inspection but having too many boxes in the choke points leads to more operational management work hence comes in the UTM or the NGFW that will include such IPS capability or those security module in the FWs.https://www.sonicwall.com/documents/sonicwall-intrusion-prevention-datasheet-68967.pdf

You can still go for one FW and have the CGSS which gives you better and earliest threat coverage. However the part about SSL traffice will not be inspected since it is encrypted. There is another SSL decryption suite - https://www.sonicwall.com/ssl-decryption-and-inspection/
0
 

Author Closing Comment

by:Dan Purcell
ID: 41854155
Thanks for your input
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have the problem that a lot of tasks are stacking up fairly quickly? A good way to reduce your big task list is to apply the 3 minute rule. Its fairly simple: if someone asks you to do a specific task, and you know for a fact that it will …
CSS is a visual language used to classify objects and define rules about how they should be displayed. CSS skills aren’t restricted to developers anymore, there is a big benefit to having a basic understanding of the language, regardless of your occ…
The Bounty Board allows you to request an article or video on any technical topic, or fulfill a bounty request to earn points. Watch this video to learn how to use the Bounty Board to get the content you want, earn points, and browse submitted bount…
Where to go on the main page to find the job listings. How to apply to a job that you are interested in from the list that is featured on our Careers page.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now