July 19th, 2013 by StorageReview Enterprise Lab
Netgear ProSecure UTM150 Review
The Netgear ProSecure UTM150 firewall supports 80,000 concurrent connections and throughput at 980Mb/s thanks in part by utilizing 2GB of flash memory and 1GB RAM. The UTM150 also includes Gigabit WAN and LAN ports - four of each for connectivity to the rest of the fabric. The UTM150 and the other firewalls in the series are designed for growing businesses and include enterprise-grade security features including anti-virus, anti-spam, Web filtering and intrusion prevention to keep organizations email, applications, Web and networks safe from threats. Providing these features, the ProSecure UTM series firewalls enable administrators access to control and view their networks.
What distinguishes the Netgear ProSecure UTM150's feature set from its siblings in the UTM series mostly comes down to its faster processor and 1GB RAM (models UTM25 and up have 1GB, while the other models feature 512MB). The UTM150 also features 8 Gigabit RJ45 ports, 4 WAN and 4 LAN, it is the only model that offers more than 2 WAN ports. With that in mind, it's important to highlight the throughput capabilities and concurrent connections availability of each model, as this will likely be a determining factor for organizations trying to parse through data to select a Netgear ProSecure UTM firewall.
The Netgear ProSecure UTM150 includes a lifetime hardware warranty and has a street price of $1500 for the hardware, software subscriptions are extra.
Netgear ProSecure UTM150 Specifications
- Firewall Throughput: 980 Mb/s
- Application Firewall Throughput: 940Mb/s
- Anti-virus Throughput: 110Mb/s
- IPS Throughput: 620Mb/s
- UTM Throughput (HTTP Traffic): 82Mb/s
- UTM Throughput (non-HTTP Traffic, e.g. P2P, DNS, SSH): 620Mb/s
- Maximum VPN Throughput: 586Mb/s
- Maximum Concurrent Connections: 80,000
- 802.1q VLANs: 255
- Content Security Features
- Web and Email Scanned Protocols: HTTP, HTTPS, FTP, SMTP, IMAP, POP3
- Stream Scanning, Inbound and Outbound Inspection, Signature-Less Zero Hour Protection, Distributed Spam Analysis, Anti-spam Real-time Blacklist (RBL), Distributed Web Analysis with 64 categories, 1.2 Million Malware Signatures, Hourly Automatic Signature Updates
- Web Content Filters: Filter By: HTTPS Smart Block, HTML Body Keywords, File Extension
- Email Content Filters: Filter By: Subject Keywords, Password-protected Attachments, File Extension, File Name
- Distributed Spam Analysis Supported Protocols: SMTP, POP3
- User-defined Spam Allowed/Block Lists: Filter By: Sender Email Address, Domain, IP Address, Recipient Email Address, Domain
- Maximum Number of Users: Unlimited
- Firewall Features
- Intrusion Detection & Prevention (IPS), Security Policies Based on Active Directory with Single Sign-On (SSO), PCI Compliance Two Factor Authentication Support
- Stateful Packet Inspection (SPI): Port/Service Blocking, Denial-of-service (DoS) Prevention, Stealth Mode, Block TCP Flood, Block UDP Flood, WAN/LAN Ping Response Control
- 1212 Applications Protected with Application Firewall: Global Mode, Policy Mode, SSL Decryption, Granular Application Policies, Application Session Monitoring, Application Dashboard
- IPS Signatures: 2114
- Secondary Wan IP Addresses: 64
- WAN Modes: NAT, Classical Routing
- ISP Address Assignment: DHCP, Static IP Assignment, PPPoE, PPTP
- Firewall Functions: Port Range Forwarding, Port Triggering, DNS proxy, MAC Address Cloning/spoofing, Network Time Protocol NTP Support, Diagnostic Tools (ping, DNS lookup, trace route, other), Auto-Uplink on Switch Ports, L3 Quality of Service (QoS) ,LAN-to-WAN and WAN-to-LAN (ToS)
- DHCP: DHCP Server or Relay
- User Authentication for VPN: Active Directory, LDAP, Radius, Local User Database
- Site-to-site VPN Tunnels: 150
- SSL VPN Tunnels: 75
- L2TP, PPTP VPN Tunnels: 5
- IPsec Encrypton/Authentication: DES, 3DES, AES(128,192,256 bit)/SHA-1, MD5
- Key Exchange: IKE, Manual Key, Pre-Shared Key, PKI, X.500
- IPsec NAT Traversal (VPN Passthrough), iPhone Native VPN Client Support
- Included ProSafe VPN Client Lite Licenses: 3
- SSL Version Support: SSLv3, TLS1.0
- SSL Encryption Support: DES, 3DES, ARC4, AES(128, 256 bit)
- SSL Message Integrity: MD5, SHA-1, MAC-MD5/SHA-1, HMAC-MD5/SHA-1
- SSL Certificate Support: RSA, Diffie-Hellman, Self (Key Lengths 512-bit, 1024-bit, 2048-bit)
- SSL VPN Platforms Supported: Windows 2000 / XP / Vista (32bit), Windows 7 (32 and 64bit), Mac OS X 10.4.x/10.6.x
- VLAN Support, Dual-WAN Fail-over, Intelligent Traffic Load-balancing, Electronic License
- Configuration Wizards: Setup, IPsec VPN, SSL VPN
- Logging and Reporting
- Management: HTTP/HTTPS, SNMP v2c
- Reporting: Summary Statistics, Graphical Reporting, Automatic Outbreak Alerts, Automatic Malware Notifications, System Notifications
- Logging: Traffic, Malware, Spam, Content Filter, Email Filter, System, Service, IPS, Application, Port Scan, IM, P2P, Firewall, IPsec VPN, SSL VPN
- Log Delivery: Management GUI Query, Email Delivery, Syslog
- 750Mhz Cavium OCTEON Plus CN5230 Quad Core CPU
- Gigabit RJ45 Ports WAN/LAN: 4/4, 1x USB Port, DMZ Interfaces (Configurable): 1, Flash Memory/RAM: 2GB/1GB
- Certifications: ICSA: Anti-virus VPNC: AES Interop, Basic Interop and Checkmark: Anti-Malware, Anti-Spam, Enterprise Firewall, VPN, IPS, URL Filtering
- Major Regulatory Compliance FCC Part 15 Class A, CE mark commercial, VCCI, C-Tick Class A, CE/LVD, cUL, RoHS, China RoHS
- Operating Temperature: 0-45°C (32°-113°F), Storage Temperature -20-70°C (-4°-158°F)
- Humidity: Operation 90% Maximum Relative, Storage 95% Maximum Relative
- Power Input Rating: 100-240V, AC/50-60Hz, Universal Input, 1.0 Amp Max
- Hardware Warranty: Lifetime
Design and Build
The Netgear UTM150 features sturdy metal construction that nets a solid build. The UTM150 can be set up on a table top or it can be rack-mounted requiring only 1U of space. In our test lab, we have it mounted back-to-back with the Netgear GSM7352S switch in the same 1U space to optimize our rack layout since the UTM150 doesn't span the full length. On the LAN side Netgear offers four 1GbE ports which users can dedicate one or more of those to specific VLANs depending on expected bandwidth or links to different segments of your buildings infrastructure.
The front of the Netgear UTM150 is split into WAN and LAN segments, offering four ports for each section. The UTM150 is the highest offering in Netgear's ProSecure lineup, supporting up to four WAN connections to load balance across or support failover modes in the event one connection is dropped. This is where the high-throughput of 980Mbps comes to play, meaning businesses can fully utilize internet connections up to the 1GbE interface limit.
The sides of the unit feature ventilation for active cooling, with fans acoustically designed with rack or closet installation in mind. The rear of the Netgear UTM150 includes a single power cable connection, reset button, as well as a RS232 port for a serial console.
Getting the Netgear ProSecure UTM150 up and running might be a daunting task, but Netgear provides more than enough support to make sure the setup process is as fluid as possible. Netgear has a guide with over 700 pages that detail just about any question or concern administrators could have. Administrators are able to use the guide for help to get the UTM150 (or other ProSecure UTMs) in their particular environment. Additionally, Netgear includes a wizard that goes through 10 steps to aid in installation. Users who might not be familiar with all of the terminology or can't figure out a step in the wizard can turn to the guide. It presents a lay out of each step with a picture showing the interface as well as information about what each piece of terminology means.
In our lab we split the ProSecure UTM150 into two VLANs, with the UTM150 handling DCHP and VLAN routing for both. We utilize a Class-C subnet for standard office traffic and management and a Class-B subnet for lab-related activities, with plenty of additional headroom supported as our lab grows. On the WAN side, we have one primary internet connection coming in to support the bulk of our building's traffic, with one connection for fail-over.
Once the UTM150 is configured to work in your business environment, getting it setup to protect your network infrastructure is made easy for the "many hats" small or medium business operator, while still providing plenty of advanced options for a dedicated IT department. Netgear offers a wide range of filtering and anti-virus options in its Application Security section. Sections are broken out by service including email and web, and include comprehensive content filtering settings to make sure users of your network don't stray while they surf or bring malicious content inside. While white-list and black-list support is included to allow or reject specific sites, if your interest is blocking certain website categories Netgear has you covered. The screenshot below shows the categories the ProSecure can filter, and if you are curious what category certain websites fall into, a search tool is included to make sure you block (or don't block) the right areas.
The UTM150 has the capability the identify and block over a thousand types of well-known applications such as Facebook, BitTorrent, and Skype depending on the rules and requirements of the workplace.
A unique feature of the ProSecure UTM150 when it comes to anti-virus and malware scanning is its ability to scan streams in real-time, versus processing individual files completely before sending them down the line. This decreases traffic latency, since the end-user gets to see his or her traffic as it comes in through in chunks, versus waiting for an entire complete file to be processed by the firewall first before being sent out.
To handle a growing remote workforce, the UTM150 also supports a wide range of VPN options, up to 150 site-to-site tunnels or 75 SSL tunnels by leveraging its quad-core CPU and a slew of encryption standards to meet different business requirements .
Netgear has also made it easy for IT admins to keep the ProSecure UTM150 updated against new threats, where with a current subscription you can set an update schedule as fast as every 15 minutes or slow as once a week. This helps reduce time spent keeping the ProSecure firewall up to date and more time to work on other more important items.
While every large enterprise likely has a firewall in every location, small businesses often rely on their Internet service provider's router to do the job. The duties and benefits of a purpose-built firewall aren't always obvious to smaller organizations. Netgear tries to bridge this gap with the ProSecure UTM series, the UTM150 specifically being the top offering in the family.
The ProSecure UTM150 has more features and checkboxes than most will ever need, but that inclusive feature-set brings with it quite a bit of flexibility. The UTM150 sits at the top of the ProSecure line, offering roughly 1Gb/s in firewall throughput with its quad-core CPU, fail-over and load-balancing across 4 WAN ports, and internal connectivity over four user-configurable LAN ports. When it comes to network security, IT admins have plenty of buttons to push to monitor, filter, or block a wide range of services and keep their internal network safe of malware and viruses. This is pushed heavily through email, HTTP, HTTPs, and FTP services but can also be expanded to specific applications. To keep things up to date users can also select automatic update options, scaling from 15 minutes to once per week, to make sure virus definitions are always current. VPNs aren't left out of the mix either, with the UTM150 having support for up to 150 site-to-site links or 75 SSL VPN tunnels. When it comes down to it, the ProSecure UTM150 brings with it many powerful filtering options that don't take an entire IT department to configure or maintain.