SonicWall TZ300P review: A multi-site marvel

A competitively priced desktop UTM appliance, with plenty of security and management features

Editor's Choice
Price
£1,085
  • Great monitoring capabilities; Simple multi-site deployment; Granular configuration options
  • No transparent email scanning

Targeting SMBs and remote offices, the TZ300P is one of SonicWall's most versatile desktop appliances yet. Alongside a stiff set of unified threat management (UTM) security measures, it delivers software defined WAN (SD-WAN) services and wireless AP management - and, for good measure, it even supports PoE.

Recommended for up to 25 users, the TZ300P boasts a raw firewall throughput of 750Mbits/sec, dropping to 235Mbits/sec with UTM services enabled. The compact box offers five Gigabit Ethernet ports, one of which is set aside for WAN duties, while the rest are available for LAN usage. Two of these are PoE-enabled, which is handy - just note that the small 35W power threshold means that it will only drive a single PoE+ device. The other notable connector is a USB port, which can provide WAN redundancy via a 3G or 4G mobile adapter.

The appliance itself costs 720 to buy, rising to 1,085 with a one-year TotalSecure Advanced subscription. This really unlocks the potential of the device, not only entitling you to 24/7 support, but enabling IPS, antivirus and anti-spyware functions. It also activates content filtering, application intelligence and Capture ATP, which watches for files such as Office documents, PDFs and executables, scans them in its cloud sandbox and only releases them if they pass a barrage of malware tests.

The latest SonicOS firmware sports a fresh web console exposing a wealth of information. Graphs and charts show appliance utilisation, security service status, the latest threats, risky apps, bandwidth consumption and the busiest users.

Advertisement
Advertisement - Article continues below

There's also a quick-start wizard, which helped us set up the LAN and WAN ports for internet access and apply a security policy to the default zone. Optionally you can create multiple security zones, each with its own settings, and place selected ports in different zones. Zero-touch provisioning even allows you to send appliances to remote sites, where they will pick up their configuration as soon as they connect to the internet.

The various security features are very flexible. Virus scanning can be enabled for selected zones, using one global configuration for HTTP, FTP, IMAP, POP3, SMTP, CIFS and TCP streams. HTTPS inspection can be easily enabled too, while web filtering uses either the basic SonicWall CFS or the premium WebSense Enterprise hosted service, which costs an extra 179 per year.

The content filtering module is just as configurable: we were easily able to create filtering profile objects using the 64 available URL categories, assign action objects to block access and apply an acceptable use policy to redirect users to a consent web page.

Then there's app control, which you'll find on the console's new Investigate page. From here, you can freely browse the AppFlow logs, and if you spot any suspect apps you can create an instant rule to block or monitor them. Advanced control rules are more complex to create, as they use signature IDs to identify specific activities, but if you've had enough of Facebook in the workplace, you can manage or block any of its services.

On top of all this, you may choose to pay 182 per year for the optional anti-spam module. This handles spam, phishing and suspicious attachments, while the Exchange Junk Store feature allows users to view their personal quarantine areas and delete or release messages. It doesn't offer transparent scanning, though, so you need to set it up with details of your email server.

As a final bonus, if you're using more than one SonicWall appliance, the Capture Security Center service lets you manage them all from one central cloud console, with an impressive collection of analytics and reporting services.

No doubt, the TZ300P delivers a wealth of security measures at a great price. It's comprehensive yet easy to deploy, and with remote management and zero-touch provisioning it will particularly appeal to businesses with multiple offices.

Verdict

The SonicWall TZ300P delivers a wealth of security measures at a great price. It’s comprehensive yet easy to deploy, and with remote management and zero-touch provisioning it will particularly appeal to businesses with multiple offices.

Desktop appliance 800MHz dual-core CPU 1GB RAM 5 x Gigabit (WAN, 4 x LAN with 2 x PoE or 1 x PoE+) USB 3 RJ-45 serial port Web browser and CSC cloud management External PSU 1yr hardware warranty and support Options: Anti-spam service, £182 per year (exc VAT)

Advertisement
Related Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Visit/domain-name-system-dns/34842/microsoft-embraces-dns-over-https-to-secure-the-web
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
Visit/strategy/28115/the-pros-and-cons-of-net-neutrality
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Visit/social-media/34844/can-wikipedia-founders-social-network-really-challenge-facebook
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019