By Steven J. Vaughan-Nichols

June 16, 2003

What more could you ask than a winning combination of firewall, VPN, and access point, all in one box?? Considering the times, more than 802.11b and WEP would be nice.

SonicWALL latest security device, the SOHO TZW is an odd mix of some of the best new features I've ever seen on a Wi-Fi security device while running some of the weaker, older Wi-Fi basics like WEP and 802.11b. All-in-all, it's a winning combat ion of firewall, virtual private network server and access point, but it's not for everyone.

Let's start with the good stuff. You'll be able to control the box from any Web browser using either an ordinary HTTP connection or a more secure HTTPS link. In either case, the only thing that will slow down your setup of the TZW is an embarrassment of set-up riches. Fortunately, if you're a network administrator in a hurry, the setup wizard lets you get a secure Wi-Fi network up and running in a hurry.

One of the things I found most impressive about the TZW is that you get very fine control over your wireless network's security. For example, I can set extra restrictions on a single IP address or a range of them.

Like most APs, you can also set the TZW to act as a Dynamic Host Configuration Protocol server. By default, though this functionality is turned off. I, for one, appreciate it since I've gotten tired of turning it off every time I install a new access point into an existing Wi-Fi network.

The TZW also has outstanding logging functionality. Logging is an often overlooked feature in most network devices, but many problems can only be properly fixed if you have a good view of a network's long term behavior.

You can set the TZW to send log results, and alerts, to your e-mail account on the schedule of your choosing or work with it online. The logs themselves are much more readable than most and don't require you to keep a listing of TCP ports and the like by your side to make sense of the results.

The firewall itself uses what's becoming an industry standard of a simple to use Web interfaces that enables you to set rules for both ports and services. So, for example, you can set the system with the IP address of to not have access to port 80 or the http service to prevent them from accessing the Web.

Of course, since the TZW, with yet another unexpected Wi-Fi device feature, also lets you set up basic traffic management you don't need to use the firewall. You could, for example, set the device to restrict Web traffic to no more than 50Kbps to let users use get decent Web access, but not gobble up all the available bandwidth at the same time.

For authentication and security, instead of using Cisco's LEAP or Protected Extensible Authentication Protocol (PEAP) the SOHO TZW uses IP Security . By sidestepping the LEAP or EAP question, SonicWALL lets users mix and match Wi-Fi network interface cards and use IPSec to create secure VPN tunnels without worrying about LEAP/PEAP compatibility issues.

Just because the TZW supports IPSec doesn't mean you can't use other VPNs. You can use your company's VPN of choice since it also supports Point-to-Point Tunneling Protocol , IPSec and Layer 2 Tunneling Protocol VPN clients. For example I was able to use the Cisco VPN client running on a Windows 2000 desktop through the TZA.

The TZW only has two real problems. It's really a top of the line Wi-Fi device -- for 2002. For 2003, you expect support for Wi-Fi Protected Access (WPA) (admittedly this is probably hampered by the chip vendor) and dual 802.11a and 802.11b radios -- let alone better support for 802.11g.

802.11g, although available in the marketplace, was just ratifed last week. The first generation chipsets wouldn't work and play well with each other and we see proof positive of that with the TZW. 802.11g NICs should be backwards compatible with 802.11b devices, but the TZW's Intersil-based 802.11b chipset can't work with early model NetGear and Linksys 802.11g NICs. So, while you are able to use the TZW in an 802.11g environment, albeit only at 802.11b speeds, you should test to be certain before installing a TZW-based WLAN.

Overall performance was little droopy compared to run of the mill 802.11b access points. On the other hand, the TZW isn't just another wireless VW Bug, it's an armored car. In a business environment, I'll gladly give up half a megabit a second of speed for superior manageability and security.

Like an armored car, though, the TZW doesn't come cheap. The list price is $895, and even the street price hovers around $700. This is no home device. But, then it never pretended to be. It's a quality choice if you have a small business or a department that needs wireless security, but you're either sticking with 802.11b for now or you're upgrading to Intel Centrino laptops.

Personally, I'm waiting for the next generation SonicWALL device that supports 802.11a and 802.11g for networking and 802.1x and 802.11i for authentication and security, but if that's too much security to late, the TZW is hands down the Wi-Fi all-in-one security device for your office, right now.

Originally published on .

Comment and Contribute
(Maximum characters: 1200). You have
characters left.