SonicWall TZ300P review: A multi-site marvel
A competitively priced desktop UTM appliance, with plenty of security and management features
Targeting SMBs and remote offices, the TZ300P is one of SonicWall's most versatile desktop appliances yet. Alongside a stiff set of unified threat management (UTM) security measures, it delivers software defined WAN (SD-WAN) services and wireless AP management - and, for good measure, it even supports PoE.
Recommended for up to 25 users, the TZ300P boasts a raw firewall throughput of 750Mbits/sec, dropping to 235Mbits/sec with UTM services enabled. The compact box offers five Gigabit Ethernet ports, one of which is set aside for WAN duties, while the rest are available for LAN usage. Two of these are PoE-enabled, which is handy - just note that the small 35W power threshold means that it will only drive a single PoE+ device. The other notable connector is a USB port, which can provide WAN redundancy via a 3G or 4G mobile adapter.
The appliance itself costs 720 to buy, rising to 1,085 with a one-year TotalSecure Advanced subscription. This really unlocks the potential of the device, not only entitling you to 24/7 support, but enabling IPS, antivirus and anti-spyware functions. It also activates content filtering, application intelligence and Capture ATP, which watches for files such as Office documents, PDFs and executables, scans them in its cloud sandbox and only releases them if they pass a barrage of malware tests.
The latest SonicOS firmware sports a fresh web console exposing a wealth of information. Graphs and charts show appliance utilisation, security service status, the latest threats, risky apps, bandwidth consumption and the busiest users.
There's also a quick-start wizard, which helped us set up the LAN and WAN ports for internet access and apply a security policy to the default zone. Optionally you can create multiple security zones, each with its own settings, and place selected ports in different zones. Zero-touch provisioning even allows you to send appliances to remote sites, where they will pick up their configuration as soon as they connect to the internet.
The various security features are very flexible. Virus scanning can be enabled for selected zones, using one global configuration for HTTP, FTP, IMAP, POP3, SMTP, CIFS and TCP streams. HTTPS inspection can be easily enabled too, while web filtering uses either the basic SonicWall CFS or the premium WebSense Enterprise hosted service, which costs an extra 179 per year.
The content filtering module is just as configurable: we were easily able to create filtering profile objects using the 64 available URL categories, assign action objects to block access and apply an acceptable use policy to redirect users to a consent web page.
Then there's app control, which you'll find on the console's new Investigate page. From here, you can freely browse the AppFlow logs, and if you spot any suspect apps you can create an instant rule to block or monitor them. Advanced control rules are more complex to create, as they use signature IDs to identify specific activities, but if you've had enough of Facebook in the workplace, you can manage or block any of its services.
On top of all this, you may choose to pay 182 per year for the optional anti-spam module. This handles spam, phishing and suspicious attachments, while the Exchange Junk Store feature allows users to view their personal quarantine areas and delete or release messages. It doesn't offer transparent scanning, though, so you need to set it up with details of your email server.
As a final bonus, if you're using more than one SonicWall appliance, the Capture Security Center service lets you manage them all from one central cloud console, with an impressive collection of analytics and reporting services.
No doubt, the TZ300P delivers a wealth of security measures at a great price. It's comprehensive yet easy to deploy, and with remote management and zero-touch provisioning it will particularly appeal to businesses with multiple offices.
The SonicWall TZ300P delivers a wealth of security measures at a great price. It’s comprehensive yet easy to deploy, and with remote management and zero-touch provisioning it will particularly appeal to businesses with multiple offices.
Desktop appliance 800MHz dual-core CPU 1GB RAM 5 x Gigabit (WAN, 4 x LAN with 2 x PoE or 1 x PoE+) USB 3 RJ-45 serial port Web browser and CSC cloud management External PSU 1yr hardware warranty and support Options: Anti-spam service, £182 per year (exc VAT)