Product Information

SonicWall Pro 5060

starstarstar

June 30, 2005
Website:

http://www.sonicwall.com

Price

$11,994

RATING BREAKDOWN

  • Features:
    starstarstarstar
  • Ease of Use:
    starstarstar
  • Performance:
    starstarstar
  • Documentation:
    starstarstarstar
  • Support:
    starstarstarstar
  • Value for Money:
    starstarstarstar
  • Overall Rating:
    starstarstar

QUICK READ

  • Strengths:

    Excellent all-in-one protection.

  • Weaknesses:

    No network baseline mode.

  • Verdict:

    The extra protection is great for the firewall, but there isn't as much protection as a full IPS, so it's best used in conjunction with other products.

This is part of SonicWall's security platform appliance range. It's the top-of-the-line model, featuring six Gigabit Ethernet ports and an Intel Xeon processor. Technically, it's not actually an IPS appliance, but more of a firewall with IPS abilities. That said, you can turn the main firewall off and operate it in-line with another firewall.

While management is through a web browser, SonicWall also has a Global Management System, so you can manage many of its appliances centrally. You can also delegate management tasks.

We stuck to the web-based management console, which is easy to use and looks good. Our first task was to enable the IPS, which is located in the middle of the Security Services menu.

The IPS requires a separate subscription, but if you register, the box downloads the latest attack signatures, which it uses to detect and block attacks.

Split neatly into three categories of risk, you can select to block or allow each category, or monitor it in IDS mode. For more control, you can view individual attack signatures and choose how to respond to them individually.

The Pro 5060 uses deep packet inspection, so can examine all seven network layers and filter out malformed packets. It can also reassemble IP traffic, and examine whole packets, not just fragments.

These features can all be turned on and operated in conjunction with the firewall, which makes it a powerful network edge device.

But the problem is that it's not a dedicated IPS. Mostly, you have to rely on the quality of the attack signature database, as it does not have the advanced features of other products. It has no learning mode, so it can't monitor traffic, create a baseline and filter out any anomaly traffic to protect against zero-day attacks. We also couldn't find any way to define our own attack signatures, so it's hard to filter out network-specific attacks or respond quickly to a threat.

But to be too harsh would be unfair, as the Pro 5060 is not a dedicated IPS appliance. As a firewall, it offers a superb range of protection and is simple to use. For smaller networks, the all-in-one functionality is attractive, but larger networks should opt for dedicated protection as well.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US