SonicWALL PRO 4060
One of the best management interfaces we have seen on a product of this type.
Lots of optional extras might add to the price.
A hugely impressive security appliance, whose quality management and excellent encryption throughput rates makes it one of the best products on test.
As SonicWALL's bigger brother in their popular Internet Security Appliance family, the PRO 4060 is aimed at large corporate networks and provides firewall, VPN, intrusion-prevention technologies as well as anti-virus and content-filtering functionality.
It is built around the SonicOS Enhanced operating system, which has been beefed up to introduce better user management. Access to the management console is through a standard web browser.
Hardware is based on an Intel 2GHz processor with 256MB of RAM, although encryption is handled by a separate Asic, offloading a processor intensive task from the main engine. This, together with LAN, WAN and four other network ports all fits into a compact 1U rack-mountable unit and makes the 4060 extremely flexible.
A differentiator for this device is its custom Asic, which performs encryption directly in silicon, rather than burdening the main processor with software-based encryption. The 4060 can encrypt at more than 190Mbps using the 3DES or AES algorithms.
SonicWALL claims its intrusion prevention engine delivers a more powerful security solution by using parallel searching algorithms, which provide more comprehensive searching capabilities than those offered by more traditional stateful inspection engines.
The 4060 also offers active or passive failover of paired firewalls and failover and load balancing of ISP services – capabilities that would prove invaluable in the event of a failure.
The management interface is extremely good. Logically set out and intuitive, the management console belies the depth of functions the product offers and the complexity of the problems it addresses.
It can also be managed using the company's Global Management System, which allows the administrator to configure, manage and enforce security policies from a central location.