Dell SonicWALL ESA 4300 review
Dell SonicWALL’s ESA 4300 may be long in the tooth but it still cuts the mustard for email security
The ESA 4300 represents the middle ground of Dell SonicWALL's family of three email security appliances. Designed to handle up to 5,000 users, it offers the full gamut of anti-spam, anti-phishing and anti-virus services plus optional email compliancy and encryption.
This 1U rack appliance may be four years old now but it stacks up well against the competition for build quality. A 2GHz dual-core CPU is teamed up with 4GB of RAM while internal storage is handled by a pair of mirrored 250GB SFF SATA drives.
Behind the scenes is the Dell SonicWALL Global Reputation Intelligent Defense (GRID) network which uses a range of information sources to classify spam. Along with RBLs and web rating analysis, it collects spam submissions from all ESA appliances globally which in turn, use this information to analyse emails.
Installation is easy enough as the appliance can act as a simple SMTP proxy or a more versatile MTA
Two Gigabit ports are provided but one is blocked off as the appliance is designed to sit between your firewall and mail server. It can act as an SMTP proxy or MTA (mail transfer agent) where the former mode is faster as it only processes messages in memory but can only pass mail to one server.
MTA mode writes messages to the appliance's internal storage and routes them to different domains using MX records or LDAP mapping. If an email server is unavailable, it also stores messages and retries them later.
For testing we introduced the ESA 4300 to the lab network which uses Windows Active Directory and Exchange servers. After registering the appliance, we fired it up and followed the web console's quick start wizard.
Selecting the standard All-In-One mode, we provided details of our Exchange server, chose MTA routing and added a new firewall rule to forward port 25 traffic to the appliance. LDAP integration also made it very easy to import all our AD users and groups to the appliance.
You can modify spam detection settings although we found the defaults were accurate
Email security features
The ESA 4300 comes with predefined email security policies so it was ready to go as soon as it started receiving email. It classes dodgy messages as spam or likely spam and defaults to storing them in the recipient's junk box.
We could have them all deleted, rejected, sent to another email address or tagged in their subject line. These are global actions for all email but you can set different actions on a per-user or group basis.
Anti-spam aggressiveness can be fine-tuned with five settings ranging from mildest to strongest for GRID and Bayesian detection. Message content is graded using the same settings and we could also decide whether to allow users to unjunk spam.
The same set of actions are provided for the anti-phishing and anti-virus services. For both services we could allow users to unjunk suspect messages but for viruses, the appliance will always delete the offending attachment.
Users can log in to the appliance's portal, view spam and unjunk any that they think are safe
Each of our users had a personal junk box on the appliance where they could log on to the web portal with their AD credentials and view its contents. The console opens with a view of all junk messages and selecting one loads more details in a new pane plus an option to unjunk it.
If permitted, users could customize when junk summaries were emailed to them and the report contents. We could also allow them to change the anti-spam aggressiveness for their account.
A personal dashboard provides summary graphs along with a breakdown on junk classifications. There are also hourly, daily and monthly charts providing comparisons on good and bad mail plus a more detailed breakdown of junk types.
The dashboard provides a clear overview of mail activity along with plenty of reports
Performance and compliance
The ESA 4300 was tested in a live environment forcing it to deal with real Internet threats as they appeared. We left the anti-spam settings on their defaults and found the appliance to be effective.
At the end of two weeks, it returned an anti-spam detection rate of nearly 99 per cent. New bank phishing campaigns that emerged during this period were all junked as were a range of emails with infected attachments. If anything, the likely spam aggressiveness setting needed to be dropped down a notch although even on the default setting, we only found a small number of false positives lurking in our user's junk boxes.
The ESA 4300 comes with basic DLP included in the base price. The Standard module allowed us to create policies that filtered messages for keywords or phrases in the content or subject and perform a range of actions on them.
The optional Compliance module applies dictionaries to filters and can send messages to an approval box to await authorisation. If a message triggers a filter you can enforce message encryption or decryption and also use record ID definitions to look for details such as credit card numbers.
The ESA 4300 is expensive when compared to Barracuda's Spam and Virus Firewall 400 as it can cost up to twice as much. However, its anti-spam capabilities are unquestionably good, it supports a large user base and offers an impressive range of user and message management features.
The ESA 4300 packs arsenal of anti-spam measures with high detection rates. User management and reporting are top-notch as well but compared with the likes of Barracuda, it is comparatively costly.