Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

Firewall Features

The TZW uses a Rules and Services firewall programming model, which, thanks to its use on some models of inexpensive consumer routers, may be more familiar than it was a few years ago. Services define the ports and protocols (TCP, UDP, and ICMP can be specified) that will be used to control packet forwarding, and Rules define the data source and destination and IP address(es) that are used to control access to a specified service. The TZW comes with some pre-defined Rules and Services, and you can add 100 more of each.

Together, Rules and Services provide Port Forwarding (the ability to reach LAN-based services from the WAN side of the TZW), and Port Filtering / Access Control (the ability to control the Internet services that users can access) features.

Sonicwall SOHO TZW: Firewall Rules

Figure 5: Firewall Rules
(click on the image for a full-sized view)

Figure 5 shows a portion of the Access Rules screen, which provides an excellent view into the flexibility of the TZW's firewall controls. Temporarily disabling, editing and deleting rules is a snap, and icons are used to indicate important rule features, such as time-of-day enabling, and whether bandwidth control is in use.

The screenshot also shows how "tool tip" types of pop-ups are used to provide details represented by the icons, saving the need to edit the rule in order to view that information. Note that you can also change how long the ports for idle TCP-based services stay open from their 5 minute default timeout and whether fragmented packets are allowed to pass.

Consumer router users considering a step up to the TZW should be aware of two things. The first is that there isn't a "DMZ" function per se. If you want to put a computer outside the TZW's firewall, you'll just need to implement an Access Rule opening all WAN services to a specific LAN machine's IP address. The second issue may put a crimp in the ability to run certain gaming and multimedia applications that dynamically allocate ports since the TZW doesn't support outbound port triggers. It does, however, have special "dynamic port" support for ORACLE, Windows Messenger, and H.323-based conferencing applications such as NetMeeting.

In addition to the Rules and Services firewall functions, the TZW also has other security muscles it can flex via a visit to the Security Services admin page shown in Figure 6.

Sonicwall SOHO TZW: Security Services

Figure 6: Security Services
(click on the image for a full-sized view)

Unfortunately, most of what you see here will cost you extra to keep after their free 30 day trials expire. But it's nice to know that Email and Content filtering and McAfee-based Anti-Virus services are available if you need them.

Content Filtering runs in the TZW, costs over $300 for a one year subscription, and allows you to choose among a Sonicwall Content Filter List, or filtering by N2H2, or Websense. But even if you don't spring for the paid service, you can still enable blocking of Web Proxies, ActiveX, Java, and Cookies and Known Fraudulent Security Certificates to help protect your clients from harm.

The Anti-Virus Service (about $30 per protected client per year) runs anti-virus and email filtering software on each client, but uses the TZW to make sure that an up-to-date anti-virus application with the latest virus data files is running on a client before it allows it Internet access. The service handles the anti-virus application and virus data updating process for all protected clients, too.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I plan to make available a beta version of the next kamoj add-on - if there is enough interest.N.B: Voxel firmware is a pre-requisite, not an option!I...
Hi There,Update 2020/08/06386 rc2-3 firmware is in this link
No matter what I put for upload/download bandwidth on a new RT-AX88U on Merlin 384.18, it will peg the upload speed at my ISP's maximum speed and ping...
Hi to all!I just installed Pyload and Transmission on my RT-AC86U. Now I have a problem. I have to set the router ( to go to Internet thro...
Which one is better?I need to enable VPN in my router and the VPN that I use which is told me that I cannot do it on my TP-Link Archer C5400X ...

Don't Miss These

  • 1
  • 2
  • 3