SonicWall is well-known for its SoHo firewalls, but the company also produces a wide range of enterprise-level security devices as well. One of the newer ones in the range is the Pro 2040.
The unit is a standard-looking 1U rack-mount unit. There are four Ethernet ports on the front panel (one of which is an option, so if you want the traditional internal/external/DMZ arrangement you can save a few quid by not having the fourth port), along with an RS-232 console port and LEDs showing power, self-test and alarm status. The rear panel has the mains inlet, three fan outlets and the on-off switch.
Getting started is the usual process of defining the unit's basic network parameters the addresses of its ports and the default route out onto the Internet. Although you can manage the unit via the text-based console port, you'd usually use the Web-based interface.
The latter is very well laid out. Once you've logged into the unit, the "home" screen gives a summary of the status of the unit, including key system messages (it'll warn you if, for example, you've not changed the admin password from its default, or if you've not yet configured the logging settings) and basic system information such as the software and ROM versions. You also get interface status messages, a list of the last few log messages and a summary of the licences you've purchased. Our unit had an unlimited user licence, unlimited network-to-network VPN users, and 10 dial-up VPN users, though you can add content filtering, email filtering, virus protection and ViewPoint (SonicWall's centralised reporting tool that aggregates log information from a number of firewalls into a consolidated set of reports).
The unit provides all the usual functionality you'd expect. It can act as a DHCP server if desired, and as we've already alluded to, VPN functionality (both IPSec and L2TP) are provided as standard. For some reason an out-of-date version of the VPN client software was shipped on the enclosed CD, but a quick download from the Web site (see later) fixed this. You can use NAT to "hide" your internal network and the unit can be configured to permit forwarding for manager-defined incoming connections, such as requests to your DMZ-based Web or email servers. Access rules are defined based on source/destination address and service type, and if a service type isn't covered by the built-in list of predefined ones, you can add your own in the "custom services" section.
Some functions (notably VPN) require the user of user IDs and passwords, and the only notable downside of the Pro 2040 is that you're only given the option of an internal user list or the use of a RADIUS server. While the latter isn't a big deal these days (RADIUS is much more widely supported by mainstream systems than it used to be) it would have been nice to see at least LDAP thrown into the mix.
Logging uses the normal multi-method approach. There's an internal log, with colour coding to help you spot the adverse stuff among the less interesting informational messages, and you also have the ability to send log information via email and/or Syslog (though we couldnt see a way to customise the syslog facility code in the setup, which makes it awkward to tell the syslog server to segregate firewall-originated messages into their own log file). You can configure which types of log information you're interested in, so it won't bother you with stuff you don't really want to see.
Alongside the unit itself is the "MySonicWall" website, which the company has designed to work in unison with the firewall. This means that when you click the "Help" button in the firewall admin screen, you're actually sent to the MySonicWall site. Because the latter requires you to register each of your firewalls in its database, it knows what systems you have and customises some of the content to match your requirements (so the download page includes only the items that are relevant to your particular products, for instance). It's a nice idea, and although it takes a little while to find your way around the idea works quite well.
All in all, the Pro 2040 is a useful, well implemented firewall. We'd like to see a bit more functionality in the Syslog and user database interaction features, but these are relatively minor points and are more than offset by the favourable usability of the unit.
As usual, the thing to consider when purchasing this type of device is how it's going to integrate with your network, since the relatively limited set of authentication options may mean it's not suited to integration with your particular installation. On the other hand, if this integration doesn't bother you, the simplicity of the setup and admin process may prove more attractive than some other boxes with more features (but which are therefore harder to administer).