Performance - more
Directly comparing the DFL-CPG310 to another UTM product with similar features, the SonicWALL TZ190, displays the DFL's relative performance strength. I pulled the numbers from the above charts into a simple table, below, which highlights that the D-Link's throughput is over 50% greater than the SonicWALL’s.
|Throughput - (Mbps)|
|Router||WAN - LAN||LAN - WAN|
Table 2: D-Link DFL-CPG310 vs. SonicWALL TZ190 performance comparison
Good throughput speeds on this router are important, considering the number of possible interfaces that can be running simultaneously. A DFL-CPG310 configured with LAN, Wireless, DMZ, and OfficeMode interfaces could be routing packets between four different private subnets and the public Internet.
We unfortunately were unable to measure VPN tunnel throughput due to the problems we had consistently getting a client to connect. However, given the use of the Brecis / Cavium processor, we’d expect performance similar to that of the SonicWALL TZ 190, i.e. about 1.5 Mbps with 3DES tunnel encryption.
The base DFL-CPG310 provides gateway/router/firewall functionality for up to 10 nodes, a wireless access point, five licenses for the VPN Client and two site-to-site VPN tunnels. Online, a base DFL-CPG310 will run about $335. The base price does not include the Antivirus protection, Web filtering, Dynamic DNS, security reporting, or the PowerPack functionality. Intrusion Protection software updates, Firmware updates and support are also subscription services.
Nodes are essentially devices with IP addresses that need access to the Internet, and the base price only supports 10 nodes. You can tell how many devices are being counted by the DFL-CPG310 as nodes by clicking on the Node Limit button in the Reports-Active Computers menu.
Computers count as nodes. A NAS may not need access to the Internet for web surfing, but if you use a NAS that gets its timing via external NTP functionality, count it as a node. Even devices in the DMZ count as nodes. For an additional $100, you can upgrade the DFL-CPG310 to support 25 nodes, and for an additional $620, you can upgrade the DFL-CPG310 to support unlimited nodes
If you're going to upgrade to unlimited nodes, you should probably consider the D-Link PowerPack option. This upgrade, which runs an additional $499, enables a 50% increase in firewall and VPN throughput. The PowerPack also enables creating a secure wireless Hotspot, additional VPN Client Licenses and Site-to-Site VPN Tunnels, Advanced QoS, VLAN Tagging, and OSPF Routing.
D-Link has a link on its product page that provides a 90-day free trial for some of the subscription based services, including Antivirus, Dynamic DNS, Intrusion Protection software updates, and security reporting.
The DFL-CPG310 menu has a link to a web site with the following subscription pricing options for the 10-node model. $89/year buys Firmware updates, email/web/telephone support, an extended warranty, and Dynamic DNS. $219/year buys all these services plus Intrusion Protection software updates and the Gateway Antivirus service. For an extra $199/year, you can add the Web filtering service. These prices increase as you increase the number of nodes, and D-Link is working to get additional pricing information on the web.
With the D-Link DFL-CPG310 and the previously reviewed SonicWALL TZ190W, comparing pricing on UTM devices can be challenging. An apples to apples comparison of pricing is not completely fair. The D-Link's PowerPack option and the SonicWALL’s eight LAN ports and WWAN support make them different devices. However, if you're in the market for an all-in-one device, it is interesting to look at what you get for the money.
The chart in Table 3 compares online base prices for the D-Link DFL-CPG310 and the SonicWALL TZ190W. Online pricing information makes it easy to assess the cost for a 10 node D-Link and an unlimited node SonicWALL. For an apples to apples unlimited node price comparison, I used pricing information I received from D-Link and calculated the middle column.
|Functionality||D-Link DFL-CPG310 (10 nodes)||D-Link DFL-CPG310 (unlimited nodes)||SonicWALL TZ190W (unlimited nodes)|
|Annual Antivirus / IDS / IPS / Firmware / Support||$219||$449||$295|
|Annual Web Filtering / Antivirus / IDS / IPS / Firmware / Support||$418||$748||$395|
Table 3: Base and annual subscription price comparison
When all is said and done, you'll need to do an inventory of your network and needs to figure out how much a D-Link DFL-CPG310 or SonicWALL TZ190W will set you back, both as a purchase and on an annual basis. On a smaller network, the D-Link looks like a relative bargain. On a larger network, the SonicWALL looks to be the better deal.
UTM devices make a lot of sense on a small network. They provide a single connection point at the network edge for WANs, LANs, and VPNs, which is the logical point for network protection, web filtering, and filtering email.
The DFL-CPG310 UTM offering has some issues. First, I continue to be disappointed in new products that lack gigabit LAN and support for Microsoft Vista. But the bigger problem the DFL-CPG310's Checkpoint VPN Client. As mentioned earlier, it was inconsistent and unreliable in its operation—to the point where I was unable to test VPN Client throughput.
The problems with the VPN Client are unfortunate, since, on the positive side, the Site-to-Site VPN worked well and the DFL's WAN/LAN throughput was good. The D-Link DFL-CPG310 throughput in relation to its most similar competitor we've tested, the SonicWALL TZ190, was significantly superior.
I also liked that the DFL's WAN/LAN stability in real world use was excellent. Users on the LAN never had a problem. I was able to access the DFL-CPG310 remotely via the WAN and site-to-site VPN connections without issue. The DFL-CPG310 ran continuously without a single crash or reset necessary. Further, the menu layout for the D-Link is a plus, making it easier to remember your way through the numerous options a UTM device provides.
In conclusion, the DFL-CPG310 is stable, it's relatively simple for a UTM device, it has a powerful firewall and router, and has solid WAN/LAN performance. It's a shame its VPN Client isn't a good partner to an otherwise strong product.
See the slide show of screen shots for setting up a site-to-site IPsec tunnel between the DFL-CPG310 and Linksys RV042.