Netgear ProSecure UTM9S review

Netgear’s UTM9S is a more flexible alternative to its standard ProSecure UTM appliances. A compact desktop box positioned between the UTM5 and UTM10, it’s the first to offer a pair of modular expansion slots and integration with ReadyNAS storage appliances.

Those other two model names indicate the number of users, but Netgear doesn’t apply per-user licences, so the UTM9S is probably good for at least 15 users. You get the same features as all the other UTM products, including an SPI firewall, IPS, Sophos antivirus, Mailshell anti-spam, Commtouch web filtering, and basic IM and P2P app blocking. It has claimed throughputs of 130Mbits/sec for its SPI firewall and 21Mbits/sec with antivirus scanning enabled.

ReadyNAS integration only requires an add-on to be installed on the storage appliance, and then it can be used by the UTM9S as a quarantine area and remote log store. We loaded the add-on on a ReadyNAS NVX, entered its IP address in the new tab in the UTM9S’s web interface and chose a name for the quarantine folder. During testing, we allowed the logs to build up over a week, and then turned the UTM9S off.

Previously, if you powered off a Netgear UTM appliance, all its logs and Flash-based graphs and statistics tables were lost, but when switched back on, the UTM9S checked the NVX and restored all logs, graphs and tables to their previous state. As all ProSecure UTM appliances function as transparent gateways, they can’t quarantine mail and malware, but this new feature solves the problem by offloading the task onto the NAS appliance.

The wireless module looks great value at only £34, and supports 802.11n Wi-Fi operations in either the 2.4GHz or 5GHz frequency bands. You create a single profile with your chosen security and encryption settings, and you can also apply MAC address filters. It doesn’t support multiple SSIDs.

The VDSL/ADSL2+ module is configured from the same tab in the web interface as the two Gigabit WAN ports. Setup is simple: an auto-detect function sorts out most of the settings, and you can use it as your primary WAN interface or link it with the Gigabit ports for auto-rollover or load balancing.

The appliance is a cinch to install, and for testing we dropped it between the lab’s LAN and internet connection. It’s a lot quieter than the UTM150, making it suitable for small office installation.

All the extra IM and P2P app controls introduced in the UTM150 are here, and Netgear has added a new entry specifically for Facebook. The Commtouch web-filtering service provides over 60 URL categories to block or allow, and this performed very well during testing.

For anti-spam testing, we left the appliance filtering live mail for two weeks, with suspect mail tagged but passed though to our Outlook clients. Using rules to move tagged messages to separate folders, we saw a high spam detection rate of 97.2% with no false positives.

The Netgear ProSecure UTM9S offers exceptionally good value, with the appliance and a three-year subscription costing a shade over £500 exc VAT. It provides a heap of top performing security measures, and the extra expansion slots make it the most versatile of all the ProSecure appliances.

Author: Dave Mitchell