Sonicwall SOHO2

The Sonicwall SOHO2 is a sleek and smart-looking device. In its blue plastic finish, it looks more like an Iomega Zip drive than a firewall that can protect your network from unwanted visitors. However, it packs a punch where

functionality is concerned.

Installation of the SOHO2 is straightforward. For first time installs, you need to configure a machine on your network to be in the 192.168.168.x range as the device defaults to 192.168.168.168. After this, simply point any Java-capable browser at the same IP. You’ll be walked through a short install process that lets you update the firmware and change the device’s IP address so that it fits into your existing network. 

Configuring the firewall is simple through its Web-based interface. By entering a login and password, you can control all aspects of the firewall from any machine on your network. It has NAT (Network Address Translation) support, whereby a single external IP is mapped to all your internal IPs. You can also use its built-in DHCP server to automatically assign IP addresses to machines on your LAN. 

Firewalls are based on rules, which inform the firewall about what action to take for each packet of data that goes through it. By default, the SOHO2 allows all outbound packets from the internal network and blocks all inbound packets.

This is a pretty secure and logical default to have. 

For our tests, we set up the firewall’s internal IP address as the gateway for all clients on our LAN. We were able to successfully reach every machine on the external (see firewall introduction, page 132 for more information) network and access all services such as Web and FTP. The reverse was completely blocked and even the external IP given to the firewall’s WAN port was unreachable, even when we pinged it, which meant that for all practical purposes the firewall and thus all machines behind it were invisible to the Internet. This makes it difficult, if not impossible for a hacker to get in.

This was also a good sign that the defaults were quite secure. 

To further test the firewall, we set up something called ‘One-to-One NAT’ on the SOHO2. This option allowed us to map a valid external IP address to a single IP address on our internal LAN. This internal IP address becomes fully visible and usable from the Internet. So if a host on the Internet looks for this external IP address, it should be serviced from only that machine sitting on the internal network, and should not have access to other machines on the network. 

However, even after doing this, the firewall still blocked all incoming packets from outside. We had to create an access rule specifying which particular service, like HTTP, FTP or mail from the external network should be allowed access to the internal machine. As soon as this was set up, we were able to access the services we specified from external machines on the internal ones. 

Further tests included trying to hack into this intentionally vulnerable machine in the LAN by running probes, trojans and other hack attempts. SOHO2 was able to block all accesses that we had not specifically allowed in the firewall rules. 

Although pretty impressed with the ability of this small device, we found that the firewall is itself vulnerable to a medium-level Denial of Service (DoS) attack. Although exploitable by default only from the internal network (which is still a pretty serious scenario if you have a malicious user on your network), it is very easy and highly conceivable that the exploit could be inadvertently opened to the outside by the system administrator himself, if he wishes to give himself remote administration privileges. However, Sonicwall claims to have a new firmware that patches this problem, but as we had one that was a version older, we were unable to verify that claim. So while purchasing this firewall, please ensure that you get the latest firmware and ask specifically whether the DoS attack vulnerability has been patched.

The SOHO2 has a few other nifty features that are worth mentioning, especially for a low-end system like this. One is the built-in content-filtering mechanism that lets you stop access to what you consider as objectionable material and allow or disallow access to certain people on your LAN to such stuff. You can also further extend the default categories like ‘Nudity’, ‘Violence’, ‘Drugs’, etc, by adding a list of keywords. However, it would have been good to have a list that you could simply import instead of having to type in. You can also restrict access by domain names or IP addresses.

The logging facilities, although not exceptional, were adequate and offered a bandwidth usage report. This gives you a report on the kind of traffic by service (Web, FTP, etc) and IP address. Overall, the SOHO2 is a nifty and useful device that can adequately protect your network from intrusions. Although its price may put off some potential customers, the SOHO2 can be a fairly powerful ally in ensuring that your network is not misused.

Vinod Unny