Remember when 10-Mbps Ethernet seemed fast? Today you can get multimegabit Ethernet at home, and business LANs often reach 100 or 1,000 Mbps. Alas, affordable enterprise-class firewalls usually support only 10-Mbps networks. Sonic Systems’ SonicWall Pro breaks the 10-Mbps barrier, with three 100-Mbps Ethernet ports, a high-speed RISC processor, and a rack-mountable enclosure.
Like its smaller siblings, the SonicWall Pro is a dedicated, Web-administered network appliance for connecting private LANs to the Internet. It supports Dynamic Host Configuration Protocol (DHCP), network-address translation, stateful filtering and tunneling, remote telecommuting, and optional content filtering. In addition to 100-Mbps Ethernet ports, this version sports a 233MHz StrongArm RISC processor, a PCI slot for future expansion, and Virtual Private Networking (VPN) support.
You connect the unit to your Ethernet backbone and Internet router, using the supplied DMZ port to attach any servers you want the public to have full access to. If you choose not to make servers completely public on the DMZ port, you can open protocol-specific tunnels in the firewall for individual servers on your LAN. If you follow the instructions in the well-written user guide, configuration takes just minutes with any Web browser. The SonicWall Pro automatically e-mails you when it detects an attempted intrusion, a denial-of-service attack, or IP-address spoofing.
The unit can block all Usenet news access and disable Java and ActiveX applets, remote proxies, and HTTP cookies to prevent security breaches by unfriendly Web sites. An optional self-updating content-filtering feature ($695 for a one-year subscription) lets you monitor or block access to 12 predefined content categories. The filter combines the CyberNot content-filtering list, which blocks IP addresses and URLs known to be inappropriate for children, with phrase matching and a custom URL list.
Built-in VPN support provides secure private networking between two SonicWallsor between the SonicWall and any other IPsec-compatible firewallacross the Internet. VPN creates encrypted tunnels for passing data safely, using either the fast, 56-bit ARCFour or the slower 56-bit DES or 168-bit Triple-DES methods. Supporting as many as 100 tunnels between endpoints, the SonicWall Pro can handle VPN traffic for up to 64 individually protected users per tunnel. You can optionally configure unencrypted tunnels to transport unsupported protocols between LANs.
A supplied single-user client license for Windows supports secure remote management, but the SonicWall offers no client VPN software for the Mac. Also missing is Internet Key Exchange support, which would simplify VPN administration of multiple SonicWalls across the Internet. Sonic says a free update, which should be available by the time you read this, will add this feature.
We tested Sonic’s claim of 100-Mbps throughput, using multiple Mac clients and a 450MHz Power Mac G3 server on a 100BaseT switched-Ethernet LAN. The SonicWall Pro had no problem achieving 60-Mbps aggregate throughput, which is about the maximum for 100BaseT. A VPN performance test across a 10-Mbps Internet connection showed that the SonicWall Pro can sustain about 3 Mbps when encrypting traffic with the strongest encryption method.
Macworld’s Buying Advice
The SonicWall Pro delivers the performance today’s business LANs demand of their firewalls. Its VPN support and rack-ready packaging make it a great choice for high-speed security.