The NetGear UTM9S is an all-in-one security appliance that is deployed at the internet gateway. It features a stateful packet inspection firewall, intrusion prevention systems (IPS), SSL VPN (secure sockets layer virtual private network), internet protocol security (IPsec) VPN, anti-malware, anti-spam, web URL filtering and application control. It also has some solid small/home office features, such as modular UTM slots for wireless and DSL modules.
Setup was fairly straightforward. We connected the appliance to our test network, we connected to the internal port, set up the addressing for the internal local area network (LAN), set up the addressing for the external wide area network (WAN) and configured dynamic host configuration protocol (DHCP) for our test network. The user interface is nicely laid out and was easy to use. The menu options are contained in multiple bars across the top of the browser page and configuration options are tabbed in the window below.
There is a setup wizard, but we chose to do our configurations manually. Within about 15 minutes, we configured our firewall, our email anti-virus settings, anti-spam, URL filtering, blacklist and scan exclusions. The appliance also supports full VPN, including SSL and IPsec. Although we did not configure or test the VPN options, we see that it supports NetGear's ProSafe VPN Client, along with point-to-point tunneling protocol (PPTP) and Layer 2 tunneling protocol (L2TP) options. There is also a nice wizard for configuring either SSL or IPsec VPNs. Our appliance shipped with a DSL module and internal wireless bridge module. We did not test either of these options, but the configuration was made easy as it was all integrated within the same user interface. It was a nice feature to have options for the WAN and LAN connectivity, as well as the ability to use this for backup connectivity if needed.
The UTM9S combines a stateful packet inspection firewall with a content scan engine that uses NETGEAR stream scanning technology to protect the network from denial of service (DoS) attacks, unwanted traffic, traffic with objectionable content, spam, phishing and web-borne threats, such as spyware, viruses and other malware threats. Stream scanning is based on the observation that network traffic travels in streams. The UTM scan engine starts receiving and analyzing traffic as the stream enters the network. As soon as a number of bytes are available, scanning starts.
This product was extremely easy to set up and configure in our test environment. Within minutes, we had an operating solution. The documentation is complete and well done. The product comes complete with 24/7 support and advanced hardware replacement for the first year bundled price, and is renewable for $55 a year thereafter. This product offers a lot of gateway protections at an attractive price point. The model we tested is rated at 130Mbps throughput on the firewall. Other models in the family can scale to 900Mbps. We would recommend doing some performance testing in large environments if you intend to use all of the appliance capabilities.- ML