Firewalls continue to evolve, and the new SonicWall NSA 220W, aimed at SMBs and branch office installations, packs a surprising amount of intelligence inside a gray metal box. Router, wireless router, firewall, anti-virus, gateway anti-malware, virtual private networks (up to 25 concurrent VPN tunnels), intrusion protection, and application control and visualization is a long list, but it's not all the NSA 220W actually does.
Built on a platform of a Deep Packet Inspection engine, according to SonicWall, the NSA 220W includes real-time application analysis, a look into packets going by (stateful inspection), 802.11 a/b/g/n wireless (thanks to three antennas), and even has optional failover support. But if you just need a high-speed router/firewall for a reasonable price, the NSA 220W fills that bill as well.
Setup and Configuration
We tested the desktop version (a rack kit is optional), which is small enough to lose under a magazine. Three 7-inch antennas, with one specifically for the center position, are included to support 802.11n. There is no on/off switch, but you can shut down some or all of the services after work hours via the configuration screens.
The Quick Start Guide (above) does an excellent job of leading you through the initial hardware setup, starting with package contents. SonicWall even includes a console cable if you want to relive your VT100 control console glory days. Speaking of which, you must connect a PC directly to the NSA 220W for initial configuration. Later, through the admin screen, you can provide NTP server addresses. There are two USB ports on the front of the NSA 220W that support 3G or 4G connections and even modems. A modem or 3G may not provide usable speed, but in case of ISP failure, at least you'd have something.
WAN configuration screens let you define your connection details, whether a router that wants a static IP address, or DHCP for cable modems, PPPoE for DSL connections, and PPTP for VPN links. LAN settings and LAN DHCP settings let you provide a specific IP address for the device, your subnet address, and the range of DHCP addresses to be parceled out.
All modern wireless networking standards and encryptions are included in the W part of the NSA 220. Options for 2.4GHz and 5GHz are covered, but the default is 2.4GHz 802.11n/g/b. Once through all this, you can start drilling down into the menus the NSA 220W provides to control applications in ways that few firewalls can, especially in this price range.
Up and Running
The NSA 220W has two 500MHz Mips64 Octeon processors, along with 512MB of RAM. Full Deep Packet Inspection can be performed at up to 110Mbps, anti-malware inspection up to 115Mbps, application inspection at 195Mbps, and firewall inspection at 600Mbps (according to SonicWall's figures). With our small network, we never made a dent in CPU utilization or stressed the box, even when running multiple bandwidth tests and Internet video on various machines concurrently.
A handy Real-Time Monitor screen (above) should delight the graphics-oriented with 10 minutes of scrolling information. Charts for applications, Ingress and Egress Bandwidth, Ingress and Egress Packet Rate, Ingress and Egress Packet Size, Connection Rate, Connection Count, and Multi-Core Monitor all scroll by for your perusal. One click on any of these opens that display in a new browser tab or window, which is handy.
Let's skip the more common firewall features like QoS, anti-spam support, firewall rules, and dynamic ports. These and the rest of the standard firewall feature set have been important selling points of the SonicWall products for years, and this unit is no exception. What are exceptions are the packet monitoring and AppFlow features.
Deep Packet Inspection doesn't automatically mean the device displays all the packet secrets on an easy-to-use screen that includes translation of packet contents from Hex into English, but the NSA 220W does provide this feature. Amazing that the unlocking of contents of every packet used to require dedicated systems costing tens of thousands of dollars is now an optional feature on a firewall, but here it is.
Since this is just an added feature, the packet buffer is small (500KB), but the details are many. These details are the time stamp (including fractions of a second), ports in and out, source and destination IP addresses, type of packet, etc. To maximize the value of the small buffer, multiple filters can be set, such as IP address, ports, Ethernet ports, and more. Capture output can be routed to another SonicWall unit or FTP server, and report format options include Libcap, text, HTML, and AppData. Quite impressive.