Dell SonicWall TZ600 review

Bursting with security features at a price affordable for SMBs

IT Pro Value
Price
£1,499
  • Good value; Simple deployment; Versatile port zones; Enterprise-level security; Wireless network management
  • Gateway AV performance less than expected; Reporting tools cost extra

Dell's new SonicWall TZ family of network security appliances aims to deliver the security SMBs and remote offices are crying out for at a price they can afford. This sixth generation model claims a big boost in performance over its predecessors and brings sophisticated wireless management into the fold as well.

The flagship TZ600 on review looks up to the job as this compact desktop box has ten Gigabit ports for LAN, WAN, DMZ and WLAN duties. Recommended for up to 70 users, it comes with 1GB of memory while processing power is served up by a quad-core 1.4GHz MIPS64 Octeon processor. 

The appliance costs just over a grand with a one-year TotalSecure subscription increasing this to a still very reasonable 1,499 ex VAT. This enables Dell's Intrusion Prevention System (IPS), gateway anti-virus and anti-spyware, web content filtering and Dell SonicWALL's application intelligence and control.

Anti-spam is optional with a 1-year subscription costing an extra 400. The TZ600 comes with the wireless management feature enabled as standard and can handle up to 24 SonicPoint access points including the latest 802.11ac models.

Port zones makes light work of applying security policies to multiple users

Dell SonicWall TZ600: swift setup

We found deployment simple as the web console's quick start wizard sets up the first LAN port and a WAN port for Internet access and applies a security policy to the default zone. Zoning makes the TZ600 very versatile as you can place selected ports in different zones and apply a single security policy quickly to all the members of a particular zone.

Advertisement
Advertisement - Article continues below

Selecting a security type for each zone also determines what traffic can pass through it. All LAN ports are trusted but the WAN port is untrusted, so no traffic will be allowed to pass from it to another zone unless a firewall rule permits it.

Usefully, as you create zones, the appliance automatically sets up new firewall rules for them. The various security services are applied to zones with a couple of clicks, so we could quickly enable IPS and gateway AV on the WAN zone.

We could keep a close eye on traffic flows with the Real-Time Monitor

Dell SonicWall TZ600: feature details

The TZ600 gets the benefit of Dell SonicWALL's Reassembly-Free Deep Packet Inspection (RFDPI) which is designed to identify and control applications without any significant hits on performance. For web filtering, we enabled the Content Filter Service (CFS) but you can add the optional Websense Enterprise premium cloud service.

We can't see the point in splashing out for Websense Enterprise though, as the CFS performed well with very few web sites slipping past it. We created multiple content filtering profiles from the 60 available URL categories and assigned each policy to different zones.

The TZ600's App Controls are a winner as they manage a wide range of applications such as FTP transfers or HTTP requests and apply actions such as blocking or limiting bandwidth. The Advanced App Controls are even better as these use signature IDs to identify specific activities.

It provides over 1,500 signatures that can spot activities such as Facebook likes, pokes or posts so you can block, log or allow them. Signature action policies can be applied to selected groups of users, IP addresses or even only SonicPoint access points and linked to a daily time schedule.

The TZ600's wireless provisioning features are a cut above the rest

Dell SonicWall TZ600: wireless control

Wireless management features are impressive and we tested these using a SonicPoint ACi dual-band access point. Before connecting it to the TZ600, we created a bunch of wireless provisioning profiles that defined settings for each radio, security and so on.

When we connected the AP, the TZ600 recognised it as an ACi model and automatically applied the correct profile to it. The upshot was we had secure, dual-band wireless services up and available in minutes.

Advertisement
Advertisement - Article continues below

We used a dedicated WLAN port zone so were able to quickly apply custom security policies to it such as web content filtering, IPS and gateway AV. The WLAN zone wireless guest settings include permitting or denying inter-guest communications, redirecting users to an external web site for authentication and blocking wireless traffic deemed to be coming from non-SonicPoint APs.

IxLoad shows performance dropping substantially when we enabled the gateway AV and anti-spyware services

Dell SonicWall TZ600: performance test results

For real world performance testing, we connected the TZ600 to our lab's Ixia Xcellon-Ultra NP load modules via eight of the TZ600's Ethernet ports. Using the IxLoad control software, we created four client/server streams each requesting 1MB web pages.

With no security services enabled on the WAN, we saw IxLoad report a steady HTTP throughput of 1.3Gbits/sec. This was very close to the claimed 1.5Gbits/sec and we're sure with five client/server streams, we'd have achieved this.

With IPS enabled on the WAN zone, throughput dropped to nearly 1Gbits/sec again, very close to the claimed figure. However, we found the gateway AV service very demanding as throughput dropped to 385Mbits/sec and with the anti-spyware enabled as well, speed fell further to a steady 300Mbits/sec 200Mbits/sec less than claimed.

We doubt if we could have achieved any more as the appliance's processor was maxed out during the last test. We could also see from its web console that the TZ600 only uses three of the four processor cores for traffic handling with the other one set aside for management processes.

Dell SonicWall TZ600: conclusions

Apart from the subpar gateway AV performance, our only other moan is that reporting tools aren't included as standard, but as chargeable options. These problems aside, the TZ600 impressed us with its superb range of security measures, top-notch wireless management features and affordable price.

Verdict

For the price, the TZ600 has a superb set of security measures and tops them off with great wireless provisioning tools

Chassis: Desktop

Processor: 1.4GHz quad-core MIPS64 Octeon

Memory: 1GB RAM

Network: 10 x Gigabit Ethernet

Power: External power supply

Ports: 2 x USB, RJ-45 console

Management: Web browser

Options: Anti-spam, £400 per year; Analyzer reporting software, £152 (all ex VAT)

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/hardware/354193/buy-it-to-grow-not-slow-your-business
Sponsored

Buy IT to grow, not slow, your business

25 Nov 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/hardware/34757/how-your-business-can-grab-a-black-friday-tech-bargain
Sponsored

How your business can grab a Black Friday tech bargain

11 Nov 2019

Most Popular

Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019