SonicWALL Pro 4100
Getting started is simple. Apply power, connect to the WAN, and connect to a laptop or PC using an Ethernet cable or via the serial cable console port and turn on. The 4100 takes around 90 seconds to boot and will assign a DHCP address to the laptop if connected via a network cable. If you are using the serial cable you will need to configure your terminal emulation application which should take mere seconds.
For some strange reason, SonicWALL has decided that of the ports on the front, X0 will relate to your LAN, X1 to the WAN and X2-9 are user definable. It would have been more intuitive to make X0 the WAN.
Once you are connected to the 4100, the first thing to do is set its address on your network, save and restart. Once you are logged back in, you only need to run the wizard to configure the 4100. One of the nice things about the 4100 is that it is so easy to get a basic secure setup. From box to completing the wizard and rebooting to ensure settings are properly applied took just under six minutes.
Now that you have a basic level of security in place, the fun begins. SonicWALL, like all security vendors, is very focused on Unified Threat Management (UTM). What this means to the rest of us is that if something can cause a threat, the appliance needs to be able to deal with it. This is where the 4100 is very powerful and very confusing.
The first thing to do is register your 4100. SonicWALL only allows access to firmware updates to registered customers. Registration also gives you the option of downloading and unlocking some of the extra features for 30 days to see what they do. This includes features such as Intrusion Prevention Service, GateWay Anti-Virus, Anti-Spyware, Network Anti-Virus and Premium Content Filtering Service.
SonicWALL has kept its old menu structure and this was very helpful in beginning to navigate such a complex product. I was able to quickly get to the settings that I knew I wanted access to such as VPN, DHCP and log files and ensure that they were configured as needed.
One of the first things I noticed is that SonicWALL has fixed the problem of being able to send log files. Older generations did not support the use of email login to a server in order to send files with the result that you often didn't get logs, alerts or any information at all. The only way to know what was going on was to manually connect to the device and read the log. Not very useful.
One of the features of all SonicWALL devices is that it can be used as a DHCP server if required, taking the load off of the normal network servers. By default, this is turned on and you have to manually disable if you don't want it clashing with your other DHCP servers. One reason for leaving it on is that the 4100 supports the provision of DHCP to remote clients.
The 4100 uses Digital Certificates to control some access and feature sets. This is extremely useful if you want to allow people to login through the firewall rather than use the VPN client. For Windows Server administrators, SonicWALL has provided support for the Microsoft certificate allowing the 4100 to talk directly to Active Directory for user login.
What makes the 4100 ideal for use at the heart of your network is the support for eight user defined ports (X2-X9). Each of these could be a single server or it could be a link to a branch office or internal department. You can apply IP address ranges to each port and create zones around them such as trusted and untrusted.
This gives you the ability to partition your network up through the 4100. With the increasing use of managed office spaces, this allows the building owner to put in very high speed SDSL circuits and partition them using the 4100. The advantage of this is that you can ensure that traffic passing between each port is subject to a range of security checks such as packet inspection and security rules that you create.
Among the all the features were three that really stood out. The first was support for working times through security policies. You can create access policies based on working day, evening and weekend. This allows you to turn ports on/off and even disable access through the SonicWALL if necessary.
The second was support for SonicWALL's SonicPoint range of wireless access points. You can configure and control these from the 4100 through policies and make them subject to policies set inside the 4100. For example, many organisations have struggled with securing their wireless networks especially when out of normal working hours. By allocating the SonicPoints to one or more of the user defined ports on the 4100, you can allow those embedded in the heart of the building or in certain departments to work 24x7. Others located near the building walls or in common areas such as reception can be turned off outside of normal business hours. It makes for a very elegant and controllable solution.
SonicPoint support goes further in that you can detect and disable access for unsupported wireless access points inside your building. This stops unauthorised use of wireless and reduces your risk of attack further.
The third area was the improvements to the VPN support. It's still not as simple to setup as it needs to be but there is a wizard. You can also supply DHCP addresses to users connecting through the VPN. One of the biggest problems with a mobile workforce is supporting them when they cannot get access to resources inside the network. IP address clashes with the hotel/broadband supplier that they are using and your internal address scheme is a common problem. In one go you can remove this.
SonicWALL has done much to improve the features inside their devices and this is the fourth generation of their operating system. It's much improved on the previous version and they are doing their best to offer good deals to get customers to upgrade. If you don't you will lose support for the older devices. If you do, then you stand to gain from the anti-malware features.
One of the disappointments here was the complexity of the menu system. This is as much about the wealth of features as it is the poor support in the documentation and the lack of wizards for common tasks. The user manual is a general guide to all of SonicWALL's product lines and this gets confusing when you are looking for a feature that isn't in the 4100.
It's a well engineered and solid solution but SonicWALL needs to revisit the menus, add some more wizards, create some decent tutorials and come up with a vastly improved user manual.
Users: Unlimited Firewall Speed: 200Mbps - 1Gbps VPN Speed: 50Mbps - 500Mbps