Dell SonicWall TZ600 review

Bursting with security features at a price affordable for SMBs

IT Pro Value
Price
£1,499
  • Good value; Simple deployment; Versatile port zones; Enterprise-level security; Wireless network management
  • Gateway AV performance less than expected; Reporting tools cost extra

Dell's new SonicWall TZ family of network security appliances aims to deliver the security SMBs and remote offices are crying out for at a price they can afford. This sixth generation model claims a big boost in performance over its predecessors and brings sophisticated wireless management into the fold as well.

The flagship TZ600 on review looks up to the job as this compact desktop box has ten Gigabit ports for LAN, WAN, DMZ and WLAN duties. Recommended for up to 70 users, it comes with 1GB of memory while processing power is served up by a quad-core 1.4GHz MIPS64 Octeon processor. 

The appliance costs just over a grand with a one-year TotalSecure subscription increasing this to a still very reasonable 1,499 ex VAT. This enables Dell's Intrusion Prevention System (IPS), gateway anti-virus and anti-spyware, web content filtering and Dell SonicWALL's application intelligence and control.

Anti-spam is optional with a 1-year subscription costing an extra 400. The TZ600 comes with the wireless management feature enabled as standard and can handle up to 24 SonicPoint access points including the latest 802.11ac models.

Port zones makes light work of applying security policies to multiple users

Dell SonicWall TZ600: swift setup

We found deployment simple as the web console's quick start wizard sets up the first LAN port and a WAN port for Internet access and applies a security policy to the default zone. Zoning makes the TZ600 very versatile as you can place selected ports in different zones and apply a single security policy quickly to all the members of a particular zone.

Advertisement
Advertisement - Article continues below

Selecting a security type for each zone also determines what traffic can pass through it. All LAN ports are trusted but the WAN port is untrusted, so no traffic will be allowed to pass from it to another zone unless a firewall rule permits it.

Usefully, as you create zones, the appliance automatically sets up new firewall rules for them. The various security services are applied to zones with a couple of clicks, so we could quickly enable IPS and gateway AV on the WAN zone.

We could keep a close eye on traffic flows with the Real-Time Monitor

Dell SonicWall TZ600: feature details

The TZ600 gets the benefit of Dell SonicWALL's Reassembly-Free Deep Packet Inspection (RFDPI) which is designed to identify and control applications without any significant hits on performance. For web filtering, we enabled the Content Filter Service (CFS) but you can add the optional Websense Enterprise premium cloud service.

We can't see the point in splashing out for Websense Enterprise though, as the CFS performed well with very few web sites slipping past it. We created multiple content filtering profiles from the 60 available URL categories and assigned each policy to different zones.

The TZ600's App Controls are a winner as they manage a wide range of applications such as FTP transfers or HTTP requests and apply actions such as blocking or limiting bandwidth. The Advanced App Controls are even better as these use signature IDs to identify specific activities.

It provides over 1,500 signatures that can spot activities such as Facebook likes, pokes or posts so you can block, log or allow them. Signature action policies can be applied to selected groups of users, IP addresses or even only SonicPoint access points and linked to a daily time schedule.

The TZ600's wireless provisioning features are a cut above the rest

Dell SonicWall TZ600: wireless control

Wireless management features are impressive and we tested these using a SonicPoint ACi dual-band access point. Before connecting it to the TZ600, we created a bunch of wireless provisioning profiles that defined settings for each radio, security and so on.

When we connected the AP, the TZ600 recognised it as an ACi model and automatically applied the correct profile to it. The upshot was we had secure, dual-band wireless services up and available in minutes.

We used a dedicated WLAN port zone so were able to quickly apply custom security policies to it such as web content filtering, IPS and gateway AV. The WLAN zone wireless guest settings include permitting or denying inter-guest communications, redirecting users to an external web site for authentication and blocking wireless traffic deemed to be coming from non-SonicPoint APs.

IxLoad shows performance dropping substantially when we enabled the gateway AV and anti-spyware services

Dell SonicWall TZ600: performance test results

For real world performance testing, we connected the TZ600 to our lab's Ixia Xcellon-Ultra NP load modules via eight of the TZ600's Ethernet ports. Using the IxLoad control software, we created four client/server streams each requesting 1MB web pages.

With no security services enabled on the WAN, we saw IxLoad report a steady HTTP throughput of 1.3Gbits/sec. This was very close to the claimed 1.5Gbits/sec and we're sure with five client/server streams, we'd have achieved this.

With IPS enabled on the WAN zone, throughput dropped to nearly 1Gbits/sec again, very close to the claimed figure. However, we found the gateway AV service very demanding as throughput dropped to 385Mbits/sec and with the anti-spyware enabled as well, speed fell further to a steady 300Mbits/sec 200Mbits/sec less than claimed.

We doubt if we could have achieved any more as the appliance's processor was maxed out during the last test. We could also see from its web console that the TZ600 only uses three of the four processor cores for traffic handling with the other one set aside for management processes.

Dell SonicWall TZ600: conclusions

Apart from the subpar gateway AV performance, our only other moan is that reporting tools aren't included as standard, but as chargeable options. These problems aside, the TZ600 impressed us with its superb range of security measures, top-notch wireless management features and affordable price.

Verdict

For the price, the TZ600 has a superb set of security measures and tops them off with great wireless provisioning tools

Advertisement
Advertisement - Article continues below

Chassis: Desktop

Processor: 1.4GHz quad-core MIPS64 Octeon

Memory: 1GB RAM

Network: 10 x Gigabit Ethernet

Power: External power supply

Ports: 2 x USB, RJ-45 console

Management: Web browser

Options: Anti-spam, £400 per year; Analyzer reporting software, £152 (all ex VAT)

Advertisement
Related Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Recommended

Visit/it-infrastructure/34302/enterprise-pc-growth-indicates-that-it-s-not-all-over-for-the-humble-desktop
IT infrastructure

Enterprise PC growth indicates that it’s not all over for PC

30 Aug 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/hardware/34757/how-your-business-can-grab-a-black-friday-tech-bargain
Sponsored

How your business can grab a Black Friday tech bargain

11 Nov 2019
Visit/laptops/34333/dell-latitude-5500-review-going-off-key
Laptops

Dell Latitude 5500 review: Going off key

6 Sep 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Visit/domain-name-system-dns/34842/microsoft-embraces-dns-over-https-to-secure-the-web
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
Visit/strategy/28115/the-pros-and-cons-of-net-neutrality
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Visit/social-media/34844/can-wikipedia-founders-social-network-really-challenge-facebook
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019