$3,135 (includes one year of support)
Perhaps best known for its anti-virus products, Sophos has produced a stellar UTM product with the UTM 220. Targeting small to midsized offices with up to 150 users, it combines standard UTM offerings with a few features we didn't expect, making this product something definitely worth looking at.
The initial product setup proceeded about as we expected. We first set our workstation IP to match the system's default LAN network, then logged into the web interface with a default username and password.
We were presented with a one-page form where we specified a hostname, administrator password and device location data. (Curiously, all fields were required, including the location city and country. We discovered later that those values are used to generate a root certificate for the product's encryption features.) After accepting the device end-user license agreement (EULA) and submitting the form, the device performed a quick reboot and then launched a 10-step setup wizard where we installed our license file, configured our LAN and WAN interfaces, and made some simple selections to establish a basic rule base for the firewall and content filtering systems. Finishing the wizard initiated a final reboot and, at that point, we were ready for finetuning. Overall, the initial setup from unboxing to basic configuration took around 10 to 15 minutes.
The UTM 220 has eight freely configurable network interfaces, providing plenty of space for WAN, LAN and DMZ zones. It can be easily managed with its excellent web interface or clustered and centrally managed via the Astaro Command Center software. It supports link aggregation and bridging, and offers border gateway protocol (BGP) or open shortest path first (OSPF) as routing protocols. Several types of authentication servers are supported, including LDAP/Active Directory, RADIUS and eDirectory.
A standard category-based content filter is provided, with support for user/group-centric rules and white/blacklisting. SMTP and POP3 proxies can be enabled, with S/MIME and PGP encryption options available for SMTP. The product also provided support for SIP and H.323 protocols, dynamically opening ports based on activity in the control channels of those protocols. It contained a signature-based IPS and web application firewall, with numerous VPN options ranging from a standard IPsec tunnel to Amazon Virtual Private Cloud integration and an HTML5 SSL VPN.
Sophos also extends its perimeter protection to the endpoints. By installing a workstation agent, the UTM 220 can provide centrally managed AV protection, as well as provide limited control over predefined storage, network and short-range devices. The logging options on the device are impressive as well. Syslog is naturally supported, as well as log archival to FTP, SSH, SMB shares or email. Numerous charts are available and live scrolling views of all logs are easily accessible.
The UTM 220 is priced at $1,275 for the unit itself or $3,135 for the unit and one year of updates and premium support. Continuing that package beyond the first year costs $2,979 per year.