• Recommend:
• 0 Comments

Big Firewall for Small Business

SonicWall provides affordable protection and content filtering for LANs.

By Robert Lauriston, PCWorld   

Your small-business network is exposed to just as many Web-borne evils as the big corporate networks are. The difference is, the big companies can afford the best in firewall technology, and they have the IS departments to deploy, update, and manage their security systems. You don't. So how can you protect your network from hackers, let all your employees share a single Internet connection, and keep them from wasting time at sites of dubious repute--without breaking the bank?

No worries. Sonic Systems has designed a firewall device that does all of this for much less than it would cost to implement these features individually. The SonicWall is a little blue box with a base price of about $375 for ten nodes. Sonic Systems calls it an Internet security appliance. But that's a rather modest designation for a product that not only secures your local area network from intruders but also configures your workstations' TCP/IP settings automatically for Internet sharing, includes the ability to intelligently filter content, and enables incremental upgrades.

Just Plug It In

Despite its sophisticated feature set, the SonicWall's "appliance" designation does hold true in terms of physical setup. You just connect the unit between your Internet router's ethernet port and the LAN--whether you have a Digital Subscriber Line, cable modem, or any other connection. Then, from any workstation on the LAN, you can use any Java-capable Web browser to run the SonicWall's built-in administration program. While configuration is actually quite simple, the documentation is very confusing, so this step may require help from the company's tech support.

Configuring all the clients on your network to share a single IP address is also a snap. When you enable the SonicWall's DHCP server, you can set the TCP/IP properties on your workstations to obtain IP addresses automatically. The SonicWall will then automatically configure all workstations to share the Internet connection. In my tests, this worked equally well on Windows 98, Windows NT 4.0, and Mac OS 8.6. And I didn't need to configure any proxy settings in my browsers or related Internet software.

Out of the box, the SonicWall is set up to allow HTTP and DNS Web browsing, POP3 and SMTP e-mail, FTP, and Usenet news through the firewall. You can add support for additional services, including FileMaker, IRC chat, Lotus Notes, RealAudio, syslog, telnet, and Timbuktu simply by choosing them from a list.

If the service you want is not on the list, however, you may run into difficulties. I tried to enable QuickTime 4 manually, but I couldn't figure out how to make it work. And NetMeeting's H.323-compliant conferencing is not supported. To add VPN support for secure telecommuting over the Internet, you'll have to pay extra.

Filter That Content

The SonicWall's optional content filter proved effective, and it was accurate most of the time. You can configure the filter to allow or deny access to sites containing a dozen content categories--partial nudity, full nudity, satanic/cult, drug culture, and so on. You can also define your own criteria based on keywords or URLs, or allow selected users unrestricted access.

When I tested the filter by deliberately steering toward porn and white-power sites, I would see a message that access was being blocked by the SonicWall; otherwise, I rarely knew the filter was there. During the weeks I used the SonicWall, the filter denied me access to only two sites it shouldn't have: a newspaper's real estate classifieds were blocked for containing "sexual acts," and an online magazine article about musical postmodernism in Britain was blocked for "violence/profanity."

Easy Upgrading

Sonic Systems is constantly upgrading the SonicWall's firmware--you can download these updates easily. An update released while I was testing the unit added the useful ability to set activity time periods for the content filter; for example, you could set the filter to operate from 9 a.m. to 5 p.m. on weekdays and allow employees to surf freely outside of working hours.

You can also expand the SonicWall's port capacity. The SonicWall/10 can be upgraded to support 50 nodes for $785. For even greater functionality, try the SonicWall DMZ ($1360), which allows unlimited users and has an additional port that enables Internet users access to your in-house servers without compromising the security of the LAN. The $2350 SonicWall Pro is like the DMZ, but with dual-speed 10/100Mbps ports and VPN support included. Note that we found these approximate street prices with an Internet search--the list prices are much higher.

While you could match SonicWall's basic network sharing and firewall features for less money by running WinGate (about $230 for the 12-user Standard version), the SonicWall is easier to use and has a much broader set of features. Also, with the SonicWall, you don't have to worry that potential problems on the WinGate server will take your entire LAN off the Internet. Overall, the little blue box provides a more solid, more sophisticated security solution while remaining in a price range that small businesses can actually afford.