Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

Wireless

Wireless client security options include WEP, WPA, WPA-2 and MAC address filtering.  For much of my testing, I was connected to the TZ100W via the wireless interface, and I had no issues with dropped connections or poor performance.

The TZ100W has Wireless Intrusion Detection Services (IDS) which will detect other Access Points, a nice feature for network administrators trying to control internal users from enabling their own Access Points.  As you can see in Figure 7, my test TZ100W detected five other Access Points nearby.

AP Discovery

Figure 6: AP Discovery

To expand the physical range of a wireless network, SonicWall Access Points, called SonicPoints integrate directly with the TZ100W, allowing for expanded network coverage with centralized network management.  

Wireless networks are a security risk.  The TZ100W separates the wireless network into a different security zone than the wired networks.  Security features can be enabled or disabled for the wireless clients, just as with the wired clients, they just need to be applied to the WLAN zone.

By default, the WLAN zone is considered Untrusted, which means wireless clients can't access devices on the LAN unless rules are created in the firewall to enable them.  I'll cover firewall rules shortly.

Anti-spam

The TZ100W is a Unified Threat Management (UTM) network device designed to provide an array of security functions at the core of a small network.  In addition to a complex firewall, the TZ100W provides Anti-Spam, Real-time Black Listing, Content Filtering, Gateway Anti-Virus, Intrusion Prevention, and Anti-Spyware.

Detailed testing of these security functions require sophisticated tools.  Subsequently, many UTM manufacturers submit their devices to third party organizations, such as AVTest.org.  SonicWall is not one of those manufacturers, however. I did run some limited checks of the TZ100W's UTM features. But I think it would be good if Sonicwall submitted its product for independent Anti-Virus and malware effectiveness testing.

SonicWall's “Comprehensive” Anti-Spam feature is a server based tool, designed to work with an Exchange or other SMTP email server.  To enable and configure the Anti-Spam tool, you have to enter the local IP address of your email server.  Once configured, the Anti-Spam tool will filter email at the network level, giving you the option to Tag, Store, Reject, or Delete emails detected as Spam.

SonicWall’s Anti-Spam service uses the Global Response Intelligent Defense (GRID) Network, which it has expanded since its acquisition of MailFrontier in 2006.  Essentially, when a user connected to the GRID network marks an email as Spam, the information about the email sender, its content, and associated links are uploaded to the GRID, enabling devices such as the TZ100W to block this newly identified source of spam.

If you don't have your own Email server, the TZ100W blocks spam through the use of Real-Time Black List (RBL) services. The RBL feature works by comparing the source IP address of an email to lists of known spammer IP addresses and dropping the matches.  Connections to two well known RBL providers, spamhaus.org and sorbs.net, are enabled by default.  Additional Black List services can be added. Note, however, that the TZ100W does not filter spam based on actual analysis of email content or via heuristics.

The value of blocking Spam at the mail serverl is improved network and PC performance.  Blocking the spam before it enters your network improves bandwidth on the LAN, as well as frees up LAN PC processors from filtering Spam independently. The Anti-Spam features are managed directly through the Anti-Spam menu. 

The rest of the TZ100W security features are enabled or disabled by network zones.  As you can see in Figure 7, I've enabled Content Filtering on the LAN, WAN and WLAN zones.  Further, I've enabled Gateway Anti-Virus, Anti-Spyware, and Intrusion Prevention on the LAN and WAN zones.

Zones

Figure 7: Zones

Content Filtering

Content filtering on the TZ100W can be configured via policies to block up to 56 different categories of content leveraging a database of “millions of URLS, IP addresses and domains” maintained at worldwide SonicWALL facilities.

I can tell you this, if you create and apply a policy that blocks all 56 categories, you might as well turn off your computer.  With the default policy blocking all 56 categories, I received the message shown in Figure 9 just surfing to Yahoo.com and couldn't find a web page I could access.

Content Filter block message

Figure 8: Content Filter block message

I found the last filtering category, “Not Rated” to be useful.  If you're worried SonicWall's database isn't complete enough, filtering unrated websites will block all websites not found in the SonicWall database.  Finally, in the event a blocked site should be permitted, the TZ100W has a custom list feature, allowing for adding allowed or blocked domains as well as keyword blocking. 

Although the SonicWall Content Filtering was effective in blocking rated websites based on selected categories, like most other content filters I have tested, it wasn't difficult to defeat.  With the category pornography selected for content filtering, the TZ100W blocked browsing to adult sites.  However, simply typing “porn” in a search on Yahoo.com and clicking the images option presented adult images that should have been blocked.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Have a AC-5300 running Merlim firmware.Looking to replace cable with wi-fi card on 5ghz frequency.Has direct line of sight to router of around 5 feet ...
Good day! Has anyone bought and pried open Asus PCE-AC88 to slot in the chip mentioned? I would like to setup for my desktop. Or if you have other bet...
I've had the same WAN IP for quite a while.I'm not paying for a public static IP address and don't need one.Would trying to get a new WAN IP occasiona...
I have an RT-Ac3200 that is running 384.11.2. Everything generally works for the most part. But when i update to firmware 384.13.0, my ATT microcell t...
I have 2 RT-AC68U routers, the second acting as an access point. They were bought several months apart.The blue LEDs on the front of both have been ge...

Don't Miss These

  • 1
  • 2
  • 3