IT Pro Verdict
The NSA 250M Wireless-N delivers an impressive range of security measures which can be toughened up further with SonicWALL’s deep packet inspection option. It’s a good choice as an all-in-one wired and wireless security appliance for SMBs. Although we found it can be challenging to configure and each option will increase costs significantly.
Taking over from Dell SonicWALL's ageing NSA 240, the 250M offers a boost in performance and a modular approach which allows it to be customised.
We reviewed the Wireless-N model which adds 2.4GHz b/g/n or 5GHz a/n wireless operations to the mix.
The appliance starts with an SPI firewall to which a range of optional extras can be added. You can beef the firewall up with SonicWALL's Reassembly-Free Deep Packet Inspection (RFDPI) technology which identifies and controls applications without any significant hits on performance.
Other options include IPS, gateway anti-virus, anti-spam and URL filtering. Prices start at 995 ex VAT but this only provides a three-month support warranty so you're better off going for the TotalSecure package. This includes AV, IPS, URL filtering plus a full support warranty and one-year subscription which costs a shade under 1,500.
Anti-spam adds a further 362 ex VAT for a one-year subscription and then you have the Analyzer web traffic reporting tool and SSL inspection modules. Add in the gateway AV client enforcement options for Kasperksy and McAfee and you'll be facing an initial bill of over 2,000.
Along with five Gigabit ports, the expansion slot alongside accepts a range of modules including quad-port Gigabit, E1/T1 interfaces and ADSL
Deployment
Installation is helped along nicely by a bunch of wizards which assist in securing Internet access and setting up VPNs, DMZs and the application firewall. A wizard is also provided for the PortShield feature which groups physical ports into logical units, or zones.
Policies are applied to PortShield zones and will affect any system that's physically connected to a member port. You can also apply a security type to a zone where, for example, traffic from an untrusted zone will not be allowed to pass to another zone unless your access rules specifically permit it.
The content filtering service offers 64 URL categories to block or allow. Filtering policies are applied to port zones and you can add custom black and white lists, schedules and redirection to a consent web page for enforcing AUPs. We found this service worked very well during testing with very little slipping past its net.
Physical ports and wireless VLANs can be grouped into zones where each has their own set of security policies
Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.
Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.