SonicWALL Hardware VPN – Just Do It

If you’ve been following all my posts about SonicWALL, you know that I’ve purchased a ton of gear to construct a nice, widespread VPN. This network consists of the SonicWALL NSA 3500 at my corporate office and a TZ150 at 20 of our remote offices.

Today, I began production deployment to remotes and I have to say, am absolutely, 100% satisfied with the SonicWALL VPN solution. It really is a thing of beauty and it “just works” like you would hope and expect. I’ve had a TZ150 at my house for about a week and I can move my laptop from the office to my coffee table at home, and aside from the latency browsing network shares and such, I still feel like I’m physically connected to the Corporate LAN.

I’ve struggled for the past 12-18 months with deploying our Aastra 9112i VoIP telephones to branch offices for a number of reasons, but primarily because of all the NAT problems associated with SIP packets. The other nagging issue was provisioning and maintaining updates to all these phones once in the field. All the config files and firmware for the Aastras reside on the Asterisk server at the Corporate HQ and are accessed via TFTP and I wasn’t really keen on opening up that port to the entire world. The VPN solves all of these problems! I did the initial provisioning by plugging the phone in to my VOIP LAN at Corporate. The phone pulled down it’s config (which now contains ONLY the internal addresses in the config file) and the latest firmware update as well. Once that was complete, the phone rebooted and I made a successful test call. I took the phone home with me last night, plugged it in to my home network which has that VPN tunnel to Corporate already up, and the phone linked up to Asterisk right away with no additional finagling. Color me impressed!

So now I only have 19 more devices to deploy over the next several weeks and our IT infrastructure will certainly be exponentially more secure than it was a week ago. The VPN is something that has been needed for a while, but funding it was always an issue. Considering the nature of our business, all the personal information we deal with associated with that, and the rising rate of identity theft, we finally realized the time was right and the risk too great to continue operating the way we were any longer. I’ll continue to post updates as the deployment progresses.