Dell SonicWALL NSA 2600 review

Offering a big boost in security features and performance, Dell SonicWALL NAS 2600 remains affordable for SMBs.

Price
£2,330
  • Performance improvements; Easy installation; Extensive features; Zone based policies
  • Optional reporting and anti-spam

Replacing the elderly NSA 2400, Dell SonicWALL NSA 2600 delivers a near three-fold performance improvement. Along with a big hike in firewall throughput from 775Mbps to 1.9Gbps, it also doubles full DPI (deep packet inspection) speeds to 300Mbps.

This has been achieved by replacing the 500MHz dual-core MIPS CPU of the NSA 2400 with an 800MHz quad-core MIPS64 Octeon chip and beefing up memory from a miserly 512MB to a healthy 2GB. The port count is increased as well with eight Gigabit data ports plus a dedicated Gigabit management port.

The NSA 2600 can be upgraded to 10GbE speeds using the front expansion slot. A good selection of modules is available and includes dual-port 10Gbase-SR and 10Gbase-LR fibre or dual 10Gbase-T copper.

Prices for the NSA 2600 are reasonable with SonicTek charging 1,468 ex VAT for the base unit. A 1-year TotalSecurity subscription activates gateway anti-virus and anti-spyware, IPS, application controls and URL filtering and pushes the price up to around 2,330 ex VAT.

A quick start wizard gets the appliance up and running in a few minutes

Installation

We had no problems installing the NSA 2600 in the lab. The simple, browser-based quick start wizard secures administrative access, sets up the LAN and WAN ports and applies a security policy to the default port zone.

Only the first LAN port is placed in a zone so you need to decide what to do with the others. You can group them into a single zone so new policies will be automatically applied to all connected systems or create separate zones for selected ports, each with their own security settings. 

Selecting a security type for each zone also determines what traffic can pass across it. All LAN ports are trusted but the appliance's WAN port is untrusted so no traffic will be allowed to pass from it to another zone unless you create a rule permitting this.

Security policies can be applied using the appliance's port zone feature

AV and web filtering

Anti-virus scanning is applied at the gateway and can be enabled on selected zones. It uses a single, global configuration where you can activate scanning on HTTP, FTP, IMAP, POP3, SMTP, CIFS and TCP streams.

Two options are provided for web content filtering as you can use the CFS (content filter service) included with the TotalSecure subscription or pay extra for the WebSense Enterprise hosted service. CFS will be adequate for most businesses as we found very few dodgy web sites slipped past it during testing. 

It provides over 60 URL categories and you can create multiple filtering policies and apply them to different port zones. Each policy can be customised with black and white lists, you can use schedules to determine when they are active and apply AUPs by redirecting users to a consent web page. For even more browsing control you can activate the Geo-IP filter which blocks access to web sites hosted in specific countries.

There are plenty of categories to choose from for URL filtering which performs well

Monitor your apps

The Application Control provides precise management of activities such as web browsing, file transfers and messaging. App Rules are complex but a wizard helps create inspection policies for SMTP, POP3, FTP and HTTP.

You can, for example, create an Application Firewall policy for FTP transfers. This inspects all uploads and downloads through a port zone looking for specific file types and blocks their transfer. Likewise with email, you can create a policy to inspect message subjects, content and attachments and decides whether to permit or deny the transfer.

For even greater control there are advanced app controls which use signature IDs to identify specific activities. These can spot a huge range including Facebook likes, pokes and posts, Exchange address book requests and much more and block or log them.

Rule creation can be streamlined by monitoring the App Flow graphs in the main dashboard. If you see any suspect activities or apps popping up you can create a rule to block, monitor or apply bandwidth restrictions.

Real time graphs show user activity but the optional Analyzer report module costs extra

Anti-spam and reporting 

The appliance comes with basic anti-spam measures using RBLs but we have never found these to be a substitute for the real thing as they let too much through. The Dell SonicWALL hosted anti-spam service is a better bet with a yearly subscription costing an additional 574 ex VAT.

This uses its own GRID network for applying sender IP reputation checks. It the message passes this test it's then subjected to further analyse in the cloud using a unique hash, or GRIDprint', generated using the message contents.

Although the Dashboard screen provides plenty of real time statistics, full reporting costs extra with the Analyzer adding around 220 ex VAT to the asking price. Running from a Windows or VMware host, this Syslog server takes all data from multiple appliances, stores it in a central database and provides an impressive range of report generation tools.

Conclusion

We had no problems installing the NSA 2600 with its zone feature making light work of security policy assignment. You'll need to factor in the extra costs of reporting and anti-spam but it's still reasonable value and offers a substantial speed boost over the NSA 2400.

Verdict

The NSA 2600 is miles than its predecessor and packs more into its 1U chassis. Some features cost extra but this appliance is easy to install and its zone based security makes light work of policy deployment.

Chassis: 1U rack

CPU: 800MHz quad-core MIPS64 Octeon

Memory: 2GB DDR3, 1GB Flash

Network: 8 x Gigabit

Other ports: Gigabit management, 2 x USB, RJ-45 console

Expansion: 1 x module slot, SDHC slot

Management: Web browser

Modules: 10Gbase-SR, £762; 10Gbase-LR, £1,350; 10Gbase-T, £291 (all ex VAT)

Featured Resources

BIOS security: The next frontier for endpoint protection

Today’s threats upend traditional security measures

Download now

The role of modern storage in a multi-cloud future

Research exploring the impact of modern storage in defining cloud success

Download now

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

The total economic impact of Adobe Sign

Cost savings and business benefits enabled by Adobe Sign

Download now

Recommended

Streamline your upgrade cycles with Dell PC as a Service for Small Businesses
Sponsored

Streamline your upgrade cycles with Dell PC as a Service for Small Businesses

21 Aug 2020
Dell XPS 15 2-in-1 review: Best in class
Laptops

Dell XPS 15 2-in-1 review: Best in class

3 Aug 2020
Dell XPS 13 (2020) review: A slipping crown
Laptops

Dell XPS 13 (2020) review: A slipping crown

22 Jul 2020
Dell Inspiron 14 7000 review: Capable, but not uncompromising
Laptops

Dell Inspiron 14 7000 review: Capable, but not uncompromising

18 Jun 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Nokia will replace Huawei as BT's largest 5G equipment provider
5G

Nokia will replace Huawei as BT's largest 5G equipment provider

29 Sep 2020