Business security versus the bank balance.
Business owners always want to strike the balance between quality and price and with routers, quality really means reliability, security and feature set.
We come across small businesses who are using home grade hardware and are looking for router advice, aside from saying (as nicely as possible) “not that”, we need to make recommendations.
For ITW4 it always seems to come down to the choice of two brands, Draytek or SonicWall. Broadly speaking you can’t go wrong with either and we have a lot of experience with both, in fact we use a mix of both in our own infrastructure, but let’s try to hammer out the differences between the two models we regularly recommend; the Draytek 2860 (2860n) and the SonicWall TZ400 which has recently replaced the TZ215.
These are similar in that they are capable of connecting to a range of different internet technologies on the WAN, are available with Wi-Fi or without, have multiple gigabit ports and support IPV6, a very configurable port redirection and forwarding management interface that’s where these two devices part ways.
The most obvious difference is cost with the Draytek being a more affordable £220 with Wi-Fi whereas the SonicWall currently costs over £650 without Wi-Fi. Cost also plays a part in ownership of both devices. If you want to keep the SonicWall in support that’s around £150 a year (including security updates). For Wi-Fi add £80 and for a rack mount kit add £170. Support on SonicWall means you will get 24/7 telephone support, and warranty as long as you keep the support going.
A rack mount kit for the Draytek is around £50. Support for the Draytek is £39 annually, which is really more of an extended warranty.
Let’s talk credentials.
These business class routers have a lot of handy built-in features, the ways they get jobs done is quite different though.
SonicWall have certainly invested heavily in security and reporting resulting in the firewall and intrusion prevention system in the TZ unit being fantastic. The TZ400 is capable of antivirus, anti-spyware and anti spam in its gateway roles, something the draytek makes no attempts to do. The content filtering on the SonicWall is also part of the security and it is a well rounded package. The Draytek router has content filtering and while it will block the casual employee’s attempts, the more technical user will find their way around it.
SonicWall also contains advanced application control to allow network administrators to block machines not loaded with anti virus software from accessing the internet – a useful feature by any measure.
Both routers are able to connect to a variety of different WAN connections; the Draytek’s in-built VDSL modem is handy but the SonicWall again excels as it can be setup to connect to 4 X WAN connections should it be needed (overkill for most SME users).
Both of these devices are reliable enough for us to recommend them to our customers. We have supplied hundreds of Draytek units over the years and we have had only a couple back for warranty repairs (two year warranty as standard). We have not supplied nearly as many SonicWALL units but we have not had to return any. Speaking of reliability, if reliability is a concern, both Draytek and SonicWall now have high availability as an option, this means you have a failover unit available which runs in tandem with the main unit and takes over in the event of a failure.
The 2860’s firewall is a basic when compared to the TZ400; it uses SPI and DDoS prevention. It does not do deep packet inspection or intrusion prevention, and that again is where the SonicWALL shines. For most SMEs the Draytek is going to do a fine job of protecting your company data and the full feature set is simply too long to list or discuss here but SonicWall’s firewall is going to keep the more determined attacker out a bit longer.
Configuration really needs mentioned here, because for a systems administrator both these units are very configurable and have good interfaces, however for an end user trying to get their network off the ground the SonicOS is going to leave your head spinning, the Draytek unit is much easier to setup in our opinion.
A Note on SonicOS 6
Just a side note i wanted to add into this article, we have noticed in the newest version of SonicOS 6.2.X that Layer 3 Splicing (Transparent Firewall) has been removed, for the casual user this might not represent an issue but for someone managing any reasonable sized network or running web servers this is a real pain, this feature is arguably one of the best parts of the SonicOS. As ever there are work arounds and we have carried them out but just keep it in mind if you need LAN devices to have public facing IP addresses. We have contacted SonicWall about this and requested feedback as this does seem like an oversight on their part, hopefully it will be reversed.
Both routers are reliable and feature rich and will grow with your network, but if advanced security is key and you are willing to pay for the annual support, the SonicWall has the edge and certainly is the most secure of the two brands. For everyone else the Draytek is still a secure and flexible choice and it’s one that many of our clients have made without regret. If you are unsure about what is best for you drop us a line on 0845 519 4425 to discuss your needs.
* Prices correct are time of publishing, prices exclude VAT