SonicWall TZ 200 Firewall Is More Than a Router

The SonicWall TZ 200 is the middle product between the TZ 100 and the TZ 210, and the smallest and lightest appliance in this test. White and bright and about the size of a CD wallet, it looks more like an Apple product than a firewall.

Prices for SonicWall products are hard to pin down because, while the firewall and router have no client license fees, adding support for security features such as enhanced client anti-virus and anti-spyware, VPN Client Windows, UTM SSL VPNs, and a few other options need user licenses. Figure around the $400 to $450 range to start, depending on whether you add wireless support, and tally up your options from there.

One reason the SonicWall TZ 200 is small is because it has only five ports which can be arranged in a variety of ways. Labeled X0-X4, X0 is defined for a LAN and X1 for a WAN. The other three can be configured as WAN, LAN, or DMZ ports, so it's possible to connect four broadband feeds to this one box if double-double redundancy is important. LAN ports support 10/100 Fast Ethernet only.

Maximum firewall throughput is advertised at 100Mbps, which was confirmed in a recent Network World test by Joel Snyder. The unit supports up to 50 IPSec VPN tunnels along with 50 SSL VPN clients.

The only things in the box were the unit, the power supply and an Ethernet patch cable.

Wizards help with setup, starting with the PortShield interface to set port assignments, configure the firewall to provide public access to internal servers, and to set VPN policies. Nice touch, especially since no manual was included with the product on paper or CD. If dual-WAN connections aren't enough, you can buy two TZ 200's and run them in High Availability mode. You can also connect a 3G modem to the USB port in case you want a backup for both WAN connections.

Installation and configuration

Help is only available online, which seems a bit cheeky when selling a router. The admin screen has a question mark icon in the upper right corner, and the help pages that appear are context-sensitive and well written for the non-tech. Unfortunately, many pages respond with a 404 error. Once we saw a message saying "online help for this SonicWall product has not yet been released." Surely that's a linking error, because this unit has been available for more than a year. When you hover over an icon, you're often rewarded with an information bubble.

The setup wizard appears the first time you connect to the admin screen through your browser, and can be launched any time thereafter. Using a default address range of 192.168.168.x, the TZ200 provides client addresses through its DHCP server. This unit is the only one that recommended a strong password during the setup. You make your port assignments during setup, but we configured the system initially with a single WAN and added the second later.

All the common broadband connection types are available, but the automatic connect feature worked. After we elected to skip registering the unit, we rebooted and our network clients had Internet access.

Resetting the LAN address range to 10.0.0.x for our test network was a matter of clicking the Network menu item on the left, and Interfaces from the expanded list. X0, the port connected to the network switch, is the first listing. We clicked on the Configure icon and changed the IP address. Then we chose DHCP from the left menu and changed the client address range. When we applied the changes, the unit promised to redirect our admin PC to the new settings, reconfigure the PC to the new settings, and resume the page. We did have to restart the admin utility, but otherwise the switchover worked perfectly.

We added the second WAN by plugging into the X2 port and configured it for WAN. Then we went to the Failover & LB screen under Network and chose between balancing options: basic failover, round robin, spillover, and ratio. The best performance for our network came with ratio, and we set the two lines to share traffic 50/50. The Failover & LB screen shows statistics for the two WAN connections, updated in more or less real time.

Operation

Once configured, the router became invisible, as good routers do. Speeds during group connection testing were on the high side of average for the group, and the 50/50 ratio gave the best throughput for a single computer speed test.

The default admin screen shows system information, the last few log alerts, and network interface assignments and status. You can monitor the traffic statistics on the Failover & LB page. The TZ 200 also includes a basic Packet Monitor that allows you to capture traffic and decode most of the packet detail. Logs can be exported or e-mailed on a defined schedule or when full.

SonicWall products tend to fit in the middle between basic devices with little configuration or security options and the high end units too complicated for small and midsize businesses. While the TZ 200 has as much or more firewall and security control than any unit tested, non-techs can install this unit with little effort.

Small businesses looking for all the upgrades may be surprised at the cost if they think of the TZ 200 as just a router. For a small business or branch office, the SonicWall TZ 200, fully loaded with security modules or not, can be all the routing and security needed, no matter how simple or complicated their security policies.

Read more about LAN and WAN in Network World's LAN & WAN section.