NETGEAR ProSecure UTM25S
Strengths: Low cost, included support, good feature set.
Weaknesses: Ugly, clunky interface.
Verdict: A great option for small businesses.
Unified threat management solutions shouldn't be limited to large corporations with unlimited budgets. NETGEAR agrees, and offers their ProSecure UTM25S at a price point that should be attractive to small businesses.
We began the setup process by unpackaging the device and connecting one of its four local area network (LAN) interfaces to our network. After configuring a network interface on our administration workstation with an IP address of 192.168.1.2, we were able to reach the device's web configuration screen. After logging in with the default username and password, we were presented with a basic system status screen displaying CPU/RAM utilization and other statistics. Clicking on the "wizards" link took us to a page that allowed us to begin a basic setup wizard, which guided us through configuring the LAN IPs, the WAN interface, connection to an network time protocol (NTP) server, basic service scanning and update scheduling. Once the wizard was complete, the system rebooted and came back up ready to begin protecting our network.
The ProSecure UTM25S offers a number of protections, including a firewall, email, web content and application filters, VPN services and anti-virus scanning. The content filter works as we'd expect, allowing for blocking based on category, keyword, file extension and URL black/whitelisting. Schedules can be set to expand or relax filtering rules and the website categorization database is regularly updated. LDAP integration is supported, and installing the domain controller agent allows for single sign-on authorization allowing administrators to be granular in the application of content filtering rules. A basic IPS is also included. It is signature based and also offers basic protections against port scans and DDoS attacks.
VPN setup is made easy with a set of wizards to assist with creating IPsec and SSL VPN tunnels. Point-to-point tunneling protocol (PPTP) and Layer 2 tunneling protocol (L2TP) also are supported. Its two WAN interfaces allow for load balancing or WAN failover, and owners of two UTM25s can configure them into a high-availability cluster. The device also supports a couple of add-on modules: a wireless LAN module can provide wireless services for five to 20 users in either the 2.4GHz or 5GHz band (but not both simultaneously), and the optional digital subscriber line (DSL) network module can be configured as the primary WAN link, or as a failover or load balancing link. Unfortunately, the interface that administrators are required to use to control all these great features is the device's main weak point. It's clunky and simplistic.
NETGEAR's product documentation is well done. Quick start, installation and administrator's guides are available as PDFs on the included support CD and on NETGEAR's website. They're very detailed and well-organized with bookmarks, screen shots and diagrams where appropriate. We were pleased with the thoroughness of the system log and error message appendix in the administrator guide, which provided detailed explanations of log entries and remediation suggestions for error messages.
The ProSecure UTM25S is priced at $695, which includes the hardware and a one-year support and update subscription. The optional wireless module is $56, and the optional DSL module is $91.