TZ210 in it's prime? or Dinosaur...

Started by Charlie Charbonneau, June 15, 2011, 03:23:23 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Charlie Charbonneau

One of the owners is questioning the renewal of the SonicWall TZ-210 firewall device for more than a year.  What if something better comes out next year?  I've checked SonicWall's site and they're still offering TZ210's as the device on trade-ins and upgrades, so I'm still fairly comfortable with renewing for 2 years.  I know I'm biased towards it and wouldn't hesitate to renew, but I also told him that I would gather other opinions.  So what have ye? 
Charlie Charbonneau
GBMB Insurance
San Antonio TX.

EPIC 2022, CSR24, Windows 2012 Hyper-V & 2016, Win10/11 Pro Stations, Sophos Anti-Virus.
.                .                 ..              ...

Jeff Zylstra

It's basically a diskless computer that runs software for inspecting packets and port control, unless I'm wrong.  If he thinks that massive gains in processing power are coming shortly, or are even warranted for routers, then perhaps going short term is the answer. 

I'm pretty sure that SonicWall uses the same software for almost all of their TZ line, and that the primary differences are in processor speed and bandwidth, and that software versions and updates are more important than which processor it's running on.   Could be wrong on that, but that's my initial take on things.
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Bloody Jack Kidd

Do you basically just use it as a SPI firewall?  Or does it do more?

The Sec vendors are really gung-ho about next-gen UTM type devices, but a good old firewall is still very useful and I wouldn't advise jumping shipping, esp. if your needs do not warrant it.
Sysadmin - Parallel42

Hans Manhave

So, forego the multi-year discount pricing and just buy it a year at a time.  Not worth the fight, I think. 

Do get the add'l services though.  I have appreciated them a lot in the last month.
Fantasy is more important than knowledge, because knowledge has its boundaries - Albert Einstein

Jeff Zylstra

Quote from: Bloody Jack Kidd on June 15, 2011, 03:30:34 PM
Do you basically just use it as a SPI firewall?  Or does it do more?

The Sec vendors are really gung-ho about next-gen UTM type devices, but a good old firewall is still very useful and I wouldn't advise jumping shipping, esp. if your needs do not warrant it.

I don't know if the TZ-210 would be considered next generation or not, but I would think it would be considered at least "current" as far as UTM firewalls go.  I'm liking that between the TZ-210 and my Sophos AV, I can block all of the silly browser add-ons and other third party programs that like to try and install on my machines.   If it's not white-listed, it's not getting installed. 

I do wish that I could somehow turn off all of the intrusion protection alerts I get from it, however.  Many come from either from TDS, my internet provider, or from AKMAI technologies which I understand is a reporting service of some kind.  Neither one of them real threats.   It has a reverse effect on me, and I no longer review the logs because they're full of false positives.  If I knew if a way to stop that, it would be great.
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Bloody Jack Kidd

Quote from: Jeff Zylstra on June 16, 2011, 10:32:12 AM

I do wish that I could somehow turn off all of the intrusion protection alerts I get from it, however.  Many come from either from TDS, my internet provider, or from AKMAI technologies which I understand is a reporting service of some kind.  Neither one of them real threats.   It has a reverse effect on me, and I no longer review the logs because they're full of false positives.  If I knew if a way to stop that, it would be great.

You certainly should be able to filter / whitelist certain IDS events you have vetted and know to be safe or FP.  That should be possible - otherwise your IDS can get very chatty.

Sysadmin - Parallel42

Charlie Charbonneau

I'm like Jeff, I'd like to be able to filter out some of that chatter to make it more useful.  We're a small shop and probably only use half of the potential of the TZ210.  We pay for the av, content filtering, intrusion prevention support.  Considered getting the Spam filtering, but Sophos does a great job at that.  And I know, if it's stopped at the door, then Sophos has less to shuffle through, but in the past year, our spam totals have gone from 80% daily down to 30% Daily.  And I prefer one point of refusal/quarantining.

Does SonicWall provide webinars?  I'm sure there are useful things about the tz210 that I'd love to use if I was more aware of how to set them up?  Particularly what are you blocking jeff?
Charlie Charbonneau
GBMB Insurance
San Antonio TX.

EPIC 2022, CSR24, Windows 2012 Hyper-V & 2016, Win10/11 Pro Stations, Sophos Anti-Virus.
.                .                 ..              ...

Hans Manhave

Sonicwall sends out e-mail with helpful hints.  Got one today.  Provides instructions how to only limit certain DNS, also suggest disallowing NNTP traffic completely.  My latest invasion had a ball with rerouting DNS on Google searches.  This e-mail showed me how to set up an address object, an object group, and then a rule to only allow certain DNS.

Do you get those kind of e-mails?  It must be a setting on my.sonicwall.com.
Fantasy is more important than knowledge, because knowledge has its boundaries - Albert Einstein

Charlie Charbonneau

Charlie Charbonneau
GBMB Insurance
San Antonio TX.

EPIC 2022, CSR24, Windows 2012 Hyper-V & 2016, Win10/11 Pro Stations, Sophos Anti-Virus.
.                .                 ..              ...

Jeff Zylstra

Quote from: Charlie Charbonneau on June 16, 2011, 12:41:47 PM
I'm like Jeff, I'd like to be able to filter out some of that chatter to make it more useful.  We're a small shop and probably only use half of the potential of the TZ210.  We pay for the av, content filtering, intrusion prevention support.  Considered getting the Spam filtering, but Sophos does a great job at that.  And I know, if it's stopped at the door, then Sophos has less to shuffle through, but in the past year, our spam totals have gone from 80% daily down to 30% Daily.  And I prefer one point of refusal/quarantining.

Does SonicWall provide webinars?  I'm sure there are useful things about the tz210 that I'd love to use if I was more aware of how to set them up?  Particularly what are you blocking jeff?

I have the same features on my SonicWall as you do.  I use content filtering, AV and the Intrusion prevention, but don't really block much past that.  I need to whitelist some of the "safe" IPs so it will quit bugging me and filling up logs.
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Kenny Cruzan

We use TZ200 & 210's at our remote offices but our main location has NSA240.  The new OS allows you to use LDAP and even can log specific users on a terminal server.  I just have to find time to set it up to do that...............anyone????
Kenny Cruzan
GSM Insurors
Rockport, TX
TAM 2013, Fax @vantage 9
Windows 2008 server, ATS Backup
eTFile 4.6.1.0, Citrix XenDesktop,
Citrix XenApp7.6
80 users, 100 employees, 15 offices
Dell R710's with XenServer