Sonic TZ170 for multiple VPN's and 20 IP internal

I have a client asking about a Sonic TZ170 that was proposed by another company. The internal network will have two subnets (LAN/DMZ) with 15~30 devices in the LAN and 4~8 devices in the DMZ. The DMZ will host the email server, web server, Fax Server, and possibly another support server. The LAN will host workstations, SQL Server, Domain Controllers.

Both networks will have to be accessible via IPSec dedicated device to device tunnels and the firewall has to support PPTP inbound to the Firewall as the end point.

In reading on the TZ170, I've not used one, it looks like it's going to be way under-powered for their needs and that the 2040 series would be the minimum we would want to start with.

Any thoughts or issues that I would want to know about a TZ170 for the above?

Reply to
Loading thread data ...

They are using 11 channels of a T1 circuit, so performance will be limited.

I was more worried about licenses for internal IP, VPN (PPTP and IPSec) terminating at the TZ170, and about overall use of such a small unit for a startup company. I figured the $1500 for building it up to the same specs as a 2040 would be better invested in the 2040 unit.

They will definitely need a WAN, LAN, DMZ network setup.

Reply to

You didn't mention the WAN-speed. I've got some experience with the TZ170, and 15-30 client's isn't really a big thing for the appliance. IIRC, 3DES-throughput is 30MBit, which is enough to saturate a conventional internet-connection.

On the 2040 there's an additional interface you may configure. e.g. as an optional DMZ, in addition to the already built-in OPT-port. Take a look at the Enhanced SonicOS, as there might be a feature which is only available in the enhanced version. Also be careful about the licensing of internal clients and configurable vpn-tunnels (tz170 is available with 10/25/unlimited users)


greetings \\cd

Reply to
Draschl Clemens

If I get a chance to pick a firewall it will be the WatchGuard Firebox

700x or the 1000x series, as they include all the features the client needs, but I may be too late.

Thanks for the info.

Reply to


I prefer the Enhanced SonicOS. Standars is a little bit too low-level. Especially when some complex NAT- or portforwarding problems and -setups occur. The price depends on the amount of VPN-sessions you'll need. Around $1500 is the base price of the 2040, but with (only) 10 VPN-Tunnels. Upgrading to Enhanced SonicOS will cost you additional $800, and additional VPN-licenses nearly the same. I don't know your amount of traffic, but the TZ170 seems OK to me. Of course with the 2040 you've got some extra-power in your box.

Perhaps you'll jump to fortigate firewalls? They're free of user- and VPN-license limitations. Just the support and additional anti-virus signatures or the content scanning will cost you some $. FortiGate 60 will be the choice. 4 internal ports, 1 DMZ, 2 WAN-ports. ISP-loadbalancing, vpn, content scanning... $marketing... They only got some issues regarding their FortiOS, which violates the GPL

formatting link


Reply to
Draschl Clemens Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.