Dell SonicWALL TZ300 review

Modest UTM performance, but good value with top security features and wireless management

Reviews
By Dave Mitchell
published

IT Pro Verdict

Even though anti-spam and reporting are extras, the TZ300 still packs plenty of security measures for the price. Its UTM throughput of 100Mbits/sec should satisfy small offices, and it has great wireless network management features.

Pros

  • +

    Great value;

Cons

  • -

    Anti-spam & reporting not included as standard;

Dell SonicWALL's latest TZ D appliances promise a much-needed performance boost over their predecessors without a commensurate price hike.

Targeting small offices of 25 users or fewer, the TZ300 on review here is good value and supports the new SonicPoint 802.11ac access points (APs) for integral wireless network provisioning and management.

Prices start at 400 excluding VAT for the appliance alone, rising to only 648 with a one-year TotalSecure subscription. This enables round-the-clock support, IPS, gateway antivirus, anti-spyware and a content-filtering service (CFS).

Unlike many of its rivals, anti-spam is a bolt-on option. A year's subscription costs 172, and a further 78 will buy you a licence for the Analyzer reporting tool. Wireless management is enabled as standard, allowing the TZ300 to handle up to eight SonicPoint APs.

Installation took five minutes in our tests, as the web console's quick-start wizard set up the first LAN port as well as the WAN port for internet access, and applied a base security policy to the default zone. The latter makes the TZ300 very versatile; we could place selected ports in different zones and quickly apply a single security policy to all members.

Antivirus scanning is applied at the gateway and can be enabled on selected zones. It uses a single, global configuration through which you can activate scanning on HTTP, FTP, IMAP, POP3, SMTP, CIFS and TCP streams.

There are two options for web-content filtering: you can use CFS or pay extra for the Websense Enterprise hosted service. We found CFS to be perfectly adequate, with very few dodgy websites slipping past in our tests. CFS provides more than 60 URL categories, and you can create multiple filtering policies to be applied to different port zones.

Each policy can be customised with blacklists, whitelists and use schedules to determine when they're active. You can also apply acceptable-use policies (AUPs) by redirecting users to a consent web page.

Its application controls provide precise management of activities such as web browsing, file transfers and messaging. The rules are quite complex but wizards helped us create inspection policies for SMTP, POP3, FTP and HTTP.

The advanced app controls, meanwhile, use signature IDs to identify specific activities and provide more granular control of apps. For example, they can be used to log or block various Facebook activities and Exchange address book requests.

You can monitor app activity by watching the App Flow graphs in the main dashboard. If you see any suspect activities or apps popping up, you can create a rule to block, monitor or to apply bandwidth restrictions to that particular element.

We used a SonicPoint ACi dual-band 802.11ac access point to test the wireless management features. The TZ300 has predefined wireless profiles for both radios, which we modified to suit, and when we connected the access point, it was identified and automatically had the correct profile.

All access points are placed in a dedicated WLAN zone, which allowed us to swiftly apply policies such as web filtering, IPS and gateway antivirus. Moreover, provisioning guest access is pain-free, as the WLAN zone has options for client isolation and redirecting users to an external website for authentication.

The anti-spam service can't transparently scan mail traffic and requires details of your mail server to work. It provides options for handling spam, phishing and infected messages, while installing the Junk Store feature on an Exchange Server allows users to view their personal quarantine areas and delete or release messages.

Even though anti-spam and reporting are extras, the TZ300 still packs plenty of security measures for the price. Its UTM throughput of 100Mbits/sec should satisfy small offices, and it has great wireless network management features.

Verdict

Even though anti-spam and reporting are extras, the TZ300 still packs plenty of security measures for the price. Its UTM throughput of 100Mbits/sec should satisfy small offices, and it has great wireless network management features.

Desktop chassis

800MHz dual-core Octeon MIPS64

1GB RAM

5 x Gigabit Ethernet

USB 3

RJ45 serial

External PSU

Web browser management

Options: appliance and TotalSecure/3yr, £884; comprehensive anti-spam/1yr, £173 (all exc VAT)

Dave Mitchell
Dave Mitchell

Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.

Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.