Based on the recently updated SonicOS 2.0 operating system, the Sonicwall Pro 4060 is a highly scalable internet security appliance, as is its cheaper sibling, the Pro 3060.

Both products are aimed at corporates and can handle multiple LAN/WAN connections. They offer firewall and virtual private network (VPN) functionality and include a WAN port, a VPN gateway, and failover for maximum availability. Antivirus and content filtering tools can be added, and the SonicOS 2.0 management interface has been enhanced.

The same base hardware is used to power both the Pro 4060 and Pro 3060. A 1U rack-mount case features a 2GHz Intel processor with 256MB of RAM and 64MB of secure Compact Flash memory to hold the updateable firmware. A separate security Asic (application-specific integrated circuit) is incorporated to offload encryption processing from the main CPU.

The two models differ in the amount of VPN bandwidth each can support, however. Up to 75Mbit/s can be handled on the Pro 3060 using standard 3DES or AES (Advanced Encryption Standard), with support for 25 client connections (client software included) and up to 500 site-to-site policies. For networks with substantially more VPN users, the Pro 4060 increases the bandwidth to 190Mbit/s, with support for 1,000 client sessions and 3,000 site-to-site VPN policies.

Firewall performance at more than 300Mbit/s and 500,000 concurrent connections is the same on both products, depending on configuration. Six auto-sensing Fast Ethernet ports are built in, one being dedicated to LAN connectivity, and another providing a dedicated WAN port. The other four can be configured to provide extra LAN/WAN bandwidth or create custom demilitarised zones (DMZs) for internet-facing servers. Customised LAN zones can be configured for internal security partitioning. Only three ports are activated on the Pro 3060 unless buyers pay £535 + VAT for a software upgrade.

Other features include active/passive failover of paired firewalls, and failover and load balancing of ISP services using the multiple WAN ports. This protects the VPN gateway and there is also flexible policy-based network address translation (NAT) to cope with a wide range of addressing requirements. Extra antivirus scanning and content filtering for web access and email can be added. The cost of these subscription-based services adds to the price, but locating them at the internet gateway eases the processing burden otherwise placed on application servers.

Despite being packed with features, these capable devices are no harder to install and configure than the smallest of Sonicwall firewalls. A serial console port is provided but most users connect the firewall to the WAN and use a remote browser to configure it for management over a private subnet.

The Sonicwall management interface is easy to navigate, the latest version being one of the best we have seen on a security appliance. It has well partitioned feature and option sets, customisable display options and lots of online help. It is also very responsive, allowing administrators to define management objects, such as network definitions, user groups, network services and schedules to help simplify repetitive tasks when defining security policies. Those objects can be modified later and policies that use them can be automatically updated.

The firewall in the appliances is an ICSA-certified stateful inspection implementation. It requires careful setup, but the object-oriented management interface helps. It does not manage multiple appliances too well, but on a large network the Global Management System (GMS) software, available separately, can be used, and Simple Network Management Protocol (SNMP) management is supported.

Price: £3,825 + VAT (4060); £2,140 + VAT (3060)

Contact: Sonicwall 01344 668 090