As described on our "How Firewalls Work" page, all NAT based routers do some sort of "stateful Inspection".  The difference in NAT firewalls is how much inspection they do, and the SOHO does a lot!

The SOHO's focus is on blocking Denial of Service (DoS) attacks and port scans, and it appears to do it well.  I tried both a port scanning program which scanned ports used by common Trojan and similar attacks and also a Network Management tool which mapped networks by pinging ranges of IP addresses.  In both cases, the SOHO logged and blocked the scans, and emailed me an Alert (more about that later).  It even properly identified the program being scanned for in some cases.  I didn't check any of the SOHO's DoS attack blocking capabilities, mainly because I didn't have time to locate an attack program.

The SOHO's has many logging features.  You can select what's logged, and what is considered an Alert.  There's also a Log Redundancy filter that's enabled by default that prevents duplicate consecutive log messages from being logged. These messages can be common, due to things like network retry mechanisms, and SonicWall recommends keeping the filter enabled to avoid unnecessarily filling up the log too soon.  If the log does fill up (which shouldn't happen due to the automatic log emailing feature), you can choose between clearing the log and shutting down the SOHO in order to preserve the log data.  Detailed logging to a Syslog server is also supported if you really want the gory details (if you need a Windows or MacOS Syslog client, go to this page).

But what good is all this stuff if you don't remember to check it?  The SOHO helps you out there, too, with log and alert emailing.  You can email the log to one email address at a specified daily or weekly time, or when the log fills up.  Alerts are sent within seconds of detection, to a separately defined email address from the log email address.

Unlike the inexpensive routers which have recently added logging capability, the SOHO does not keep a log of Web site access.  Instead it performs three rolling analyses, which can be viewed, but not emailed:

1. Top 25 Most Accessed Web sites
2. Top 25 Bandwidth users by IP address
3. Top 25 Bandwidth consumers by service (Port and Protocol)

These reports will give you a quick idea of where your bandwidth is going.  You can enable and disable data collection and clear the accumulated data, but can't save it.

That about does it for logging and reports.