Product Reviews

Normally associated with broadband routers, DrayTek has never focused very keenly on the security appliance market, but the latest VigorPro 5500 family of desktop boxes moves it deep into UTM territory. It aims to offer a complete security solution incorporating standard firewalling, IPsec VPNs, IDS and antivirus, to which you can add optional web-content filtering and antispam measures. Compared to rivals, DrayTek is offering these features at a very competitive price, too.

The base 5500 on review comes with five gigabit ports for the LAN and a pair of Fast Ethernet WAN ports over which it can perform policy-based load balancing or failover. The appliance can also use the second WAN port as an on-demand link that will come up only when internet traffic reaches a predefined threshold. The appliance's web interface is simple to use and a quick-start wizard helps configure the primary WAN port. This took us mere seconds to set up for a static IP address, but the appliance also supports PPPoE and DSL or cable modems on both WAN ports.

If you just want basic web-browsing controls, the 5500 comes as standard with URL filtering. For industrial-strength content filtering, DrayTek has teamed up with SurfControl to

ADVERTISEMENT

offer this at a very reasonable price. Accessed from the firewall menu option, you can choose from more than 40 categories, decide individually which ones to block and apply time schedules. During testing, SurfControl delivered a clean sheet, as with the gambling and games categories blocked our attempts to visit 40 online bingo sites were all thwarted.

For antispam, the appliance merely scans all POP3 and SMTP traffic. If a suspect message is spotted, it will modify the subject line with text of your choosing. Naturally, it can't quarantine email, and relies on your mail client or server using rules to handle tagged messages. During live testing, we found it performed well, with around an 85% success rate on spam and bulk mails. Virus scanning can be enabled individually for POP3, SMTP, IMAP, HTTP and FTP protocols, and actions extend to passing the infection, destroying it or resetting the connection. DrayTek offers its own virus signature database and the price includes a three-year subscription, but if you want tougher measures it can use Kaspersky instead (although only the first year's subscription is included).

The 5500 is very versatile, as you can set up various profiles for virus scanning and antispam and select them in the firewall's default access rule. You can also set up firewall rules for sources, destinations and protocols, and activate antivirus and antispam measures, too. Plus, IM and P2P apps can be controlled using profiles. We set one up to block Windows Messenger, and it successfully presented our clients logging on.

DrayTek's first UTM appliance offers an extensive range of security measures that we found easy enough to configure and manage. Profiles add considerable versatility, but a key factor worth considering is the minimal charges for subscription renewals.