Big security power in small packages

Even the 425w’s router’s physical capabilities are a bit beyond the norm for the SOBO set. The box’s ability to fail over to a secondary ISP is good, but its ability to do so over either a broadband or modem connection is excellent.

Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft Free IT resource Attend the SOA Executive Forum: Breaking SOA Bottlenecks SOAExecForum.com/may2007 Sponsored by InfoWorld

It can build a VLAN trunk, too -- another feature usually found only on enterprise-class firewalls. VLAN trunking allows multiple VLANs to be configured off the WAN port, each with its own virtual port.

The box’s wireless capabilities are very similar to SonicWall’s, with support for AP or bridge configuration (though not both, which is disappointing), compatibility with WPA security, and Super-G throughput. The 425w, however, lacks the WLAN Guest Services feature that SonicWall provides. Strangely, both boxes support only a single SSID (service set identifier) -- something that’s usually a no-no in business-oriented Wi-Fi products.

Another ding is that the Check Point will only talk to legacy APs if these are placed into a DMZ. This function may not be a huge handicap in its intended working space, but it does limit its flexibility.

The Check Point is definitely the higher priced of our two all-in-one wireless security gateways, but we found its intuitive interface, excellent native feature set, and extensive subscription feature set to be worth the big bucks.

SonicWall TZ170w
SonicWall has taken the effort to make its first SOBO market foray palatable to the branch office environment. Housed in a small two-tone case, the TZ170w bundles five 10/100 switch ports, one WAN port, one console port and two 802.11a/b/g antennas into its physical configuration and still manages to look sleek.

On the software side, the TZ170w packs all the functionality of a deep-inspection firewall, full Internet connection management (including DHCP, NAT, and IPSec VPN capability), and fairly sophisticated wireless connection management.

After passing the setup wizard, administrators are free to enjoy the advanced features of the SonicOS, including policy-based NAT, object-based management, ISP fail-over, and even ISP load balancing through either a second WAN port or an external modem.

The TZ170w’s installation process won’t win any human-computer interface awards, but to make up for it, SonicWall generously sprinkles in setup wizards for all the product’s functions, including gateway (DMZ or LAN servers), firewall, and wireless.

You begin with the familiar Web-based installation utility, including left-pane navigation that allows quick access to specific functions and complete status screens for each function. It’s important to note that those folks running SonicWall’s Global Management System software can count on full compatibility with the TZ170w.

An initial setup wizard configures the firewall and router, including wired DHCP and NAT. Based on the fifth generation of SonicWall’s security software, the firewall can protect against a wide variety of attacks, including zero-day attacks.

Because the firewall is embedded, its protection will work even if your ISP’s feed dies and fellow users on the ISP attack you. That’s handy if your branch office relies on its Web connection to conduct business; it’s also something Check Point doesn’t do.