The TZ100W is a multi-function device, with a tremendous number of configurable options. The SonicWall Operating System (OS) has 12 main menus, each with 2-15 submenus, for a total of 82 different configuration pages! The menus are all available via a Web GUI and are relatively intuitive. To help understand the configurable options, there is a 1085 page manual available on SonicWall's website.
I like SonicWall's use of Address Objects, which can be single IP addresses, ranges of IP addresses, subnets, MAC addresses and Domain names. With Address Objects, you assign names to each address, which makes network management easier. Further, Address Objects are reusable throughout the SonicWall configuration pages, providing useful configuration flexibility.
For example, to control wireless access by MAC address, you create an Address Object for each allowed client MAC addresses. Then, you create an Address Group which includes all the Address Objects you created. Last, you configure wireless MAC security to point to your Address Group.
In Figure 3, I created an Address Group called Allowed MACs which contains the Address Objects Doug Laptop and Doug Laptop2. The value of the Address Group and Objects is they remain in the configuration even if I disable wireless MAC security, allowing me to easily re-enable wireless MAC security to the same list of MAC addresses.
Figure 3: Address Objects and Groups
Even with the use of Address Objects and Wizards, there are still 82 different configuration pages. Perhaps through the use of the Wizards and default values, the TZ100W can be managed by non-technical people. But I think the multitude of options and configurations require some networking knowledge and experience to fully optimize this router.
I think SonicWall could do a better job organizing the menus. Several submenus seem to be misplaced. For example, there is a Security Dashboard submenu in the System menu, displaying information about viruses, intrusion prevention, and spyware. However, configuring anti-virus, intrusion prevention, and anti-spyware is in the Security Services menu. Why not put the Security Dashboard in the Security Services menu?
Many of the menus have a status display. But in some of the menus, the status display is the first option, while in others, the status display is the second option and in still others it is named differently, such as Call Status or Station Status. I suggest making the menus consistent by placing a status display as the first choice in each main menu. Another issue is there is menu duplication with both the RBL Filter menu and Licensing information. These menu issues may be minor, but for overall ease of use, they make a difference.
To understand the TZ100W's network options, you have to understand SonicWall's use of ports, interfaces and zones. Physically, the TZ100W has five 10/100 Ethernet ports. Those five ports can be configured in three different port assignment schemes as shown in Figure 4.
Figure 4: Port Assignment
The first port assignment scheme results in a single WAN port and four LAN ports. The second port assignment scheme results in dual WAN ports and three LAN ports. The third port assignment scheme, labeled in Figure 4 as WAN/LAN/LAN2 Switch, results in a single WAN port, one LAN port, and three LAN2 ports. There are options to further customize the port assignments via the Port Shield menu, but with only five ports, these three options should be good for most small networks.
Ports are associated with interfaces on the router. IP addresses, routing and DHCP pools are applied by interface, not ports. Depending on the chosen port assignment scheme, there will be one to four ports associated with each interface on the router. For example, in the third port assignment scheme shown above, ports X2-X4 are associated with the LAN2 interface.
The third port assignment scheme is a “poor man's VLAN.” When enabled, this scheme separates the LAN ports into two VLANs called LAN and LAN2. This scheme doesn't support 802.1q VLANs, but it does allow for running two separate LANs with true network broadcast separation.
Zones are how firewall and security features are managed on the TZ100W. Each interface is assigned to a zone, and there are seven default zones: LAN, WAN, DMZ, VPN, SSL VPN, MULTICAST, and WLAN. Additional zones can be added for customization.
Once you get the hang of it, the concept of ports assigned to interfaces and interfaces assigned to zones makes sense. It also is necessary for configuring security. Security on the TZ100W is managed by defining which traffic flows are permitted between zones, and which security features are enabled in each zone. Security features include content filtering, anti-virus, anti-spyware and Intrusion Prevention Service (IPS). I'm going to cover the security features in more detail shortly.
Back to the three port assignment schemes, the second port assignment scheme allows for dual WAN ports with options for load balancing and failover. I found that failover worked almost instantly on the TZ100W using the default configurations. I connected the primary and optional WAN ports to two different Internet connections and disconnected the Ethernet cable on the primary WAN port. Within seconds, I could access the Internet again from a PC connected to a TZ100W LAN port. Restoral was equally quick. Upon reconnecting the primary WAN port, a traceroute showed traffic was again flowing through the primary.
As I've stated in past reviews, I highly recommend routers with dual WAN ports for anyone that relies on Internet connectivity for revenue, communications or productivity. To utilize dual WAN ports you have to subscribe to two different ISPs, but the TZ100W's load balancing options allows the use of both connections, maximizing your bandwidth when both ISPs are up.
Load balancing configuration options are Round-Robin, Bandwidth-based and Percentage-based. Round-Robin equally distributes utilization between WAN ports, Bandwidth-based sends a fixed bandwidth amount of traffic out one WAN interface with the remaining going to the other, and Percentage-based sends a percentage of traffic out one WAN interface with the remaining going to the other. Traffic statistics on each WAN port's utilization are available in the Load Balancing menu as shown in Figure 5.