Big security power in small packages

You can also flesh out your protective services with SonicWall’s online services, including anti-virus, anti-spyware, advanced content filtering, and IDS. These are all add-on services priced by subscription, but the combination makes for an effective defense for the average small office. The online options are less pricey than Check Point’s add-on services, but SonicWall offers fewer services in total.

Free IT resource Virtualization Insights from Top Experts - Learn how virtualization gets real! Sponsored by Dell Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft

After the firewall is configured, you may move to the wireless wizard. The TZ170w supports Wi-Fi Protected Access (including Temporal Key Integrity Protocol) but SonicWall adds its own security option by suggesting that full wireless users adopt the company’s Global VPN Client, and even provides a download link and configuration wizard.

The useful WGS (Wireless Guest Services), which manages connections by non-full time users (such as company guests), can be outfitted with an HTML log-in page (captive portal) to ensure authentication.

WGS is based largely on DAT (Dynamic Address Translation); it allows wireless users to authenticate and associate, and obtain IP addressing via DHCP. DAT ensures that if a user has a static IP address incompatible with the TZ170w, that user is prevented from connecting to the network until his settings change to compatible values.

Quibbles and Queries
Even though the TZ170w is aimed at the branch-office market, it (like Check Point) supports only a single SSID, a fact we found puzzling.

SonicWall’s opinion is that its VPN client has the ability to limit access through the firewall on a role basis, so separate SSIDs aren’t necessary. We tend to disagree with that view, as even branch offices occasionally have need for role separation -- meaning they will need more than one SSID.

Another quibble is that the TZ170w can’t act as a bridge and AP simultaneously. Given that the device demonstrated the usual range limitations when confronted with office walls and floors, this dual capability could have proven useful. However, you can optionally configure one of the ports to link up to eight additional APs, providing additional coverage without sacrificing wireless security or services.

Overall, we found the SonicWall TZ170w to be a highly useful machine -- as long as it gets to play the primary routing and wireless role in a branch office network. The device will work with legacy APs, but you lose advanced features such as rogue detection at each AP if you’re not using SonicWall’s own SonicPoint APs.

Although the lack of multiple SSID support is just as disappointing as with Check Point’s 425w, SonicWall’s VPN approach is an interesting solution for forcing all your wireless traffic through the deep inspection firewall engine. It does sport an attractive price, and unless you have some serious need for specialized services, the TZ170w will suit your SOBO just fine.