SonicWALL TZ205 Security Appliance
The SonicWALL TZ205 is a small form factor firewall/security appliance targeted for a number of uses including the SMB, branch office, retail store, and home office. With a size and port density comparable to a home router or small firewall, this device may look like just a five port switch or cable router. However, good things come in small packages, and the SonicWALL TZ205 packs a number of surprises into such a small chassis, including firewall, VPN, IPS, WAN acceleration, unified threat management, and more.
Features:
The SonicWALL TZ205 really does come with a number of security features, baked in that you would not expect to find in a single device, unless you purchase a high-priced security appliance with add-on modules. The TZ205 can enable you to provide WAN acceleration, remote access, intrusion prevention, anti-x, packet inspection and more into even your smallest remote offices or work from home users’ networks. Here’s a more complete list of the features that come with the TZ205 or are available as licensed add-on services.
- ICSA certified, stateful packet inspection firewall with 5 GigE ports
- Each port can be individually set for internal, WAN, DMZ, etc.
- Optional deep packet inspection
- Failover/failback capabilities including wired ISP, Wi-Fi, cellular
- Optional gateway anti-malware
- Optional intrusion prevention
- Optional content & URL filtering
- Optional comprehensive Anti-Spam Service
- 10 site-to-site VPN tunnels supported
- Up to 10 client VPN sessions supported, including SSL VPN
- Policy based routing
Ease of Use:
Like any piece of network hardware, once it is setup and deployed, you don’t use it so much as you rely upon it to perform quietly in the background with a minimum of care and feeding. The SonicWALL TZ205 can be administered through a serial cable or web browser interface. The CLI is adequate for basic setup, but you will quickly move to the web based console, and you can even start your configuration with that by setting your Ethernet ip.addr to be on the same network as the default configuration on the TZ205.
Once in the web browser based admin console, you have a fairly straightforward navigation pane on the left, information or configuration options on the right.
It’s easy to navigate through, quick to respond, and doesn’t use Flash or other plugins. There are also pop up tips available to help you with any settings you might not be familiar with.
That can be a real help when you are first setting something up and don’t want to refer to the online documentation or log a support ticket. The pop-ups work when you mouse over a selection box and pause, and disappear when you move off, so they are helpful without being obnoxious.
If you have ever administered any sort of firewall or VPN appliance, you will quickly get the hang of setting up rules, routes, etc.
Needs improvement:
Frankly, there’s almost too much in the web console to wrap your head around, and while the administrative console is well laid out, it took some time to get used to. I also wish that the client VPN connections would support the client built-in to Microsoft operating systems. IPSEC and PPTP are pretty standard, and I don’t want to install yet another client software piece if I don’t have to. And while the unit is very small and runs cool, I wish it was built so that you could order a rail kit for it. Even in the smallest remote offices, it would be nice to be able to mount this into a locking rack rather than having to put it on a shelf. Finally, the administrative web console could use a mobile update to make it easier to admin from a smartphone.
Pricing:
The SonicWALL TZ205 lists for $545 dollars, which seems very inexpensive until you start adding in the optional features that you want. There are package deals (it will feel like you’re building a car) and additional support options. I spec’d out a unit with the full security suite package for a year, a year of 24×7 support, a year of anti-spam to protect the on-premise mail server, a year of analyzer reporting and a year of SSL VPN licenses for 5, and came in just under $1600.
Value for Money:
That’s almost $1000 more than the default package, but when you consider you are getting gateway anti-malware, antispam, 24×7 support, analysis and 5 SSL VPN licenses, suddenly you realize that you’re getting quite a lot for the money. Compare that to an ASA 5505 and you can probably afford to equip four offices with a TZ205 for the price of one 5505 with the comparable bells and whistles. And of course, if you don’t need all of that, you don’t have to pay for it. You certainly won’t need anti-spam for a remote office if you have central or cloud based email, and you won’t need SSL VPN connections for home or small remote offices (you get two VPN connections with the base unit which are great for remote admin needs.) On the whole, when I compare this to other products on the market, it’s a tremendous value for the money.
Verdict:
The icing on the cake for me is that they have a VPN client for iOS devices. Mobile Connect for iOS enables iPhone and iPad users to connect to the TZ205’s SSL VPN service, and that sold me on it as much as anything else. Give me an iPhone, Rove’s admin suite, and a TZ205 in every site, and I could do 95% of my job from the beach, the pool, or the links. This is a great security appliance that is inexpensive enough for wide deployment, powerful enough to handle high volume traffic, and flexible enough to offer full featured security where you need it.
Comments