Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

Firewall Features

The TZW uses a Rules and Services firewall programming model, which, thanks to its use on some models of inexpensive consumer routers, may be more familiar than it was a few years ago. Services define the ports and protocols (TCP, UDP, and ICMP can be specified) that will be used to control packet forwarding, and Rules define the data source and destination and IP address(es) that are used to control access to a specified service. The TZW comes with some pre-defined Rules and Services, and you can add 100 more of each.

Together, Rules and Services provide Port Forwarding (the ability to reach LAN-based services from the WAN side of the TZW), and Port Filtering / Access Control (the ability to control the Internet services that users can access) features.

Sonicwall SOHO TZW: Firewall Rules

Figure 5: Firewall Rules
(click on the image for a full-sized view)

Figure 5 shows a portion of the Access Rules screen, which provides an excellent view into the flexibility of the TZW's firewall controls. Temporarily disabling, editing and deleting rules is a snap, and icons are used to indicate important rule features, such as time-of-day enabling, and whether bandwidth control is in use.

The screenshot also shows how "tool tip" types of pop-ups are used to provide details represented by the icons, saving the need to edit the rule in order to view that information. Note that you can also change how long the ports for idle TCP-based services stay open from their 5 minute default timeout and whether fragmented packets are allowed to pass.

Consumer router users considering a step up to the TZW should be aware of two things. The first is that there isn't a "DMZ" function per se. If you want to put a computer outside the TZW's firewall, you'll just need to implement an Access Rule opening all WAN services to a specific LAN machine's IP address. The second issue may put a crimp in the ability to run certain gaming and multimedia applications that dynamically allocate ports since the TZW doesn't support outbound port triggers. It does, however, have special "dynamic port" support for ORACLE, Windows Messenger, and H.323-based conferencing applications such as NetMeeting.

In addition to the Rules and Services firewall functions, the TZW also has other security muscles it can flex via a visit to the Security Services admin page shown in Figure 6.

Sonicwall SOHO TZW: Security Services

Figure 6: Security Services
(click on the image for a full-sized view)

Unfortunately, most of what you see here will cost you extra to keep after their free 30 day trials expire. But it's nice to know that Email and Content filtering and McAfee-based Anti-Virus services are available if you need them.

Content Filtering runs in the TZW, costs over $300 for a one year subscription, and allows you to choose among a Sonicwall Content Filter List, or filtering by N2H2, or Websense. But even if you don't spring for the paid service, you can still enable blocking of Web Proxies, ActiveX, Java, and Cookies and Known Fraudulent Security Certificates to help protect your clients from harm.

The Anti-Virus Service (about $30 per protected client per year) runs anti-virus and email filtering software on each client, but uses the TZW to make sure that an up-to-date anti-virus application with the latest virus data files is running on a client before it allows it Internet access. The service handles the anti-virus application and virus data updating process for all protected clients, too.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I have had this issue for the past several firmware updates IIRC possibly since Asuswrt-Merlin 384.10_2 when I first started using the firmware, after...
I am experiencing something strange with my new RT-AX88U router.On my work laptop certain applications need a VPN connection but others work both thro...
Hello,I'm a software developer but need now to set up an on-prem testing/staging/deployment network. I have Linux skills and have been managing a simp...
I Got My X4S-R7800 3 Weeks ago and it's been having 2 issues while on WiFi (PC that's wired does not seem to have these issue) 1. Slow WiFi-Right when...
It It worth Getting a Netgear X4S R7800 for $100 (Or Rather Keeping as I Already got it) to upgrade from my Asus 68U?

Don't Miss These

  • 1
  • 2
  • 3