Netgear ProSecure UTM 150 review

When we reviewed Netgear’s little ProSecure UTM 5 appliance, its exceptional value and features made it a top choice for small businesses. The new UTM 150 aims to offer the same affordable security measures to larger businesses.

The hardware has a firewall throughput of 900Mbits/sec and is designed to handle 150 users. This is only a recommended limit, however, as Netgear doesn’t apply a costly per-user license – it can handle larger user bases if demand isn’t excessive.

The UTM 150 offers the same security features as the other family members. These include an SPI firewall, IPS, Sophos antivirus, Mailshell anti-spam, Commtouch web filtering, IM and P2P app blocking, plus IPsec and SSL VPNs.

It has four Gigabit WAN ports; choose one as your primary port and if it fails, the appliance will roll over to a secondary port. Alternatively, you can load-balance across all four WAN ports using either round robin or a weighting scheme based on the link speed and usage.

The appliance functions as a transparent gateway, so installation only takes a few minutes. It can be slipped in between your LAN and Internet connection. Bear in mind, Netgear has increased the cooling fan speeds so it’s noisy enough that you won’t want it sitting in the office.

The web interface is common to all ProSecure members, although Netgear has made some minor improvements. Compared to a UTM 50 we had in the lab, the UTM 150 has extra options in the application security menu for blocking the iTunes Music Store, Rhapsody, Quicktime, RealPlayer and Winamp. It can also block GoToMyPC remote control sessions, the Alexa Toolbar, Weatherbug and the Yahoo Toolbar. The dashboard screen has been updated to include counters for these services, and the traffic and real-time threat graphs are now Flash based.

The rest is unchanged. The firewall has two default rules for protecting inbound and outbound traffic and these can be customised to suit. As the appliance is a transparent gateway it can’t quarantine email, but it can apply black and white lists and RBLs, plus Mailshell’s distributed spam analysis. Inbound spam can be blocked, tagged or logged and infected attachments stripped out with a custom message placed in the subject line.

For anti-spam testing we left the appliance filtering live mail for two weeks, with suspect mail tagged but passed though to our Outlook clients. Using rules to move tagged messages to separate folders, we saw a respectable success rate of 95.4% with only five false positives.

Commtouch provides over sixty URL categories to block or allow, and this allowed very little through. IM and P2P controls aren’t as extensive as those offered by Cyberoam’s nifty little CR15wi, as you can only block or allow them.

All in all, although it’s noisy and the new service blocking options are of little extra value, the UTM 150 is a success. It offers the same ease of use and security features as Netgear’s lower-end ProSecure appliances, and the supported user base makes it an affordable option for larger businesses.

Author: Dave Mitchell