SonicWall Pro 5060
June 30, 2005
- Ease of Use:
- Value for Money:
- Overall Rating:
Excellent all-in-one protection.
No network baseline mode.
The extra protection is great for the firewall, but there isn't as much protection as a full IPS, so it's best used in conjunction with other products.
This is part of SonicWall's security platform appliance range. It's the top-of-the-line model, featuring six Gigabit Ethernet ports and an Intel Xeon processor. Technically, it's not actually an IPS appliance, but more of a firewall with IPS abilities. That said, you can turn the main firewall off and operate it in-line with another firewall.
While management is through a web browser, SonicWall also has a Global Management System, so you can manage many of its appliances centrally. You can also delegate management tasks.
We stuck to the web-based management console, which is easy to use and looks good. Our first task was to enable the IPS, which is located in the middle of the Security Services menu.
The IPS requires a separate subscription, but if you register, the box downloads the latest attack signatures, which it uses to detect and block attacks.
Split neatly into three categories of risk, you can select to block or allow each category, or monitor it in IDS mode. For more control, you can view individual attack signatures and choose how to respond to them individually.
The Pro 5060 uses deep packet inspection, so can examine all seven network layers and filter out malformed packets. It can also reassemble IP traffic, and examine whole packets, not just fragments.
These features can all be turned on and operated in conjunction with the firewall, which makes it a powerful network edge device.
But the problem is that it's not a dedicated IPS. Mostly, you have to rely on the quality of the attack signature database, as it does not have the advanced features of other products. It has no learning mode, so it can't monitor traffic, create a baseline and filter out any anomaly traffic to protect against zero-day attacks. We also couldn't find any way to define our own attack signatures, so it's hard to filter out network-specific attacks or respond quickly to a threat.
But to be too harsh would be unfair, as the Pro 5060 is not a dedicated IPS appliance. As a firewall, it offers a superb range of protection and is simple to use. For smaller networks, the all-in-one functionality is attractive, but larger networks should opt for dedicated protection as well.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Microsoft update left Azure Linux virtual machines open to hacking
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry