Netgear ProSecure UTM25S review
Top value, performance and security features make the ProSecure UTM25S an excellent choice for small businesses on a tight budget
Review Date: 12 Mar 2013
Reviewed By: Dave Mitchell
Price when reviewed: £799 (£959 inc VAT)
Features & Design
Value for Money
When Netgear launched the ProSecure UTM9S security appliance, its impressive performance earned it a Recommended award. It’s since become Netgear’s best-selling ProSecure product, and the firm has now decided to offer a more powerful version.
Along with the two expansion ports available in the previous model, the ProSecure UTM25S adds more security measures to the mix. We always felt the basic P2P and IM features in the UTM9S were a weakness, but Netgear has beefed them up with full-strength application controls.
Performance sees a modest improvement to 30Mbits/sec for HTTP traffic with antivirus scanning enabled, and 24Mbits/sec with all UTM features turned on. Where the UTM9S was good for up to 15 users, the UTM25S is aimed at SMBs with up to 30.
This compact and quiet appliance also has Gigabit Ethernet all round, with four ports for LAN duties and two more for WAN connections, which also support load-balanced or failover teams. The two expansion slots sit next to these, and Netgear offers optional 802.11n wireless and VDSL/ADSL2+ modules.
Prices start at £307 exc VAT, which is for the appliance, SPI firewall and VPN support. The complete bundle, with a one-year subscription to all security services, costs £454; a three-year bundle costs a reasonable £799. Netgear partners with big names to deliver its services, with Sophos handling virus scanning, Commtouch looking after web filtering and Mailshell delivering anti-spam.
The new application controls are managed with either global or profile modes. The global mode supports one policy applied to all users, and the profile mode allows different policies to be applied to specific users via firewall rules. The spread of applications that can be controlled is impressive, and ranges from business apps such as SharePoint to a healthy selection of IM, P2P, file-transfer and mail programs, network protocols and social networking services.
Policies can contain multiple entries, many of which have their own individual controls. For example, MSN can be controlled by allowing login and chat, but blocking file transfer and games. We tested this with Windows Live Messenger and found it worked perfectly. You can also create various profiles for controlling bandwidth use, traffic metering and QoS. Any of these can then be applied to individual apps within a policy, making Netgear’s application controls highly versatile.
Elsewhere, the UTM25S features updated monitoring tools. Along with the dashboard of Flash-based threat graphs, there are now pie charts and line graphs showing application-specific activity. There’s no internal storage, so if you turn the appliance off you’ll lose your logging data. However, as with the UTM9S, you can employ a ReadyNAS appliance as a remote log store.
To test performance we hooked the UTM25S up to the lab’s Ixia XM2 chassis equipped with Xcellon-Ultra NP load modules. For real-world speeds, you need to look at the HTTP figures quoted by Netgear; the faster quoted figures are achieved using lightweight UDP packets.
With an IxLoad test simulating multiple web clients accessing servers over HTTP, throughput with antivirus enabled was around 30Mbits/sec. With all UTM services for HTTP running, IxLoad reported averages of 23Mbits/sec, showing Netgear’s figures to be pretty accurate.
To test anti-spam, we left the appliance filtering live mail for two weeks, with suspect mail tagged but passed through to our Outlook clients. Using rules to move tagged messages to separate folders, we saw a spam detection rate of 98.3%, with only 0.4% false positives.
The optional wireless module is dual-band, but it’s either 2.4GHz or 5GHz; you can’t run it on both simultaneously. And, although you can create multiple SSIDs, only one can be active at a time. Performance is impressive, though: we saw speeds of 17.5MB/sec over a close-range 5GHz connection.
With the appliance and a three-year subscription to all security services costing £800, the ProSecure UTM25S is very good value. Combining this with an excellent range of security features and expansion options puts it firmly on the PC Pro A-List as our security appliance of choice.
Author: Dave Mitchell
Comparison with Zyxel USG 50?
I was just about to settle on a Zyxel USG 50. It produced similar (better?) speeds when tested 18 months ago (http://www.pcpro.co.uk/reviews/security-appliance
s/369628/zyxel-zywall-usg-50) and seems cheaper - http://www.ebuyer.com/368083 - £340 for one year all-in. Recurring licences also seem cheaper.
I wonder if Dave or anyone else can comment on the relative merits?
By JimmyN on 13 Mar 2013
The UTM25S has better upgrade options with the wireless N and ADSL modules.
Netgear's anti-spam is far superior as the USG 50 we reviewed used DNSBLs which performed very poorly in our live tests.
By DaveMitchell on 13 Mar 2013
why doesn't 30 MBit make a bottleneck?
30 MBit/s throughput for the entire device would be much slower than many broadband connections? Or am I missing something?
By Roughrider on 18 Mar 2013
- Will HP finally split into two companies?
- Chromebooks get version of Photoshop
- Toshiba beats retreat from consumer PC market
- Ellison steps down: but who's really running Oracle now?
- Microsoft set to make more job cuts
- Is Peter Pan panto tickets email genuine? Oh no, it isn't
- Intel triples Xeon E5 chip performance, adds DDR4
- Patch Tuesday targets critical IE flaw
- Microsoft refuses to hand over customer emails
- Microsoft yanks Windows 8.1 update after crash reports
- Google Glass: mugger bait, pub problem and other lessons learned from two dangerous weeks
- Twitter, please don't fiddle with my feed
- How Satya Nadella can get some pay-raise karma
- Windows 10: a step back to go forward
- Michael Dell: Cloud infrastructure is the roads, bridges and highways of the 21st century
- How to check your identity hasn’t been sold to the hackers
- Tim Cook: this is how much TV has changed since the 70s
- Westminster wins the .London battle
- 20 years of PC Pro: from deep pan pizza to virtualisation
- Five reasons why the Apple Watch leaves me cold
- How to set up a wireless hotspot for your business: give customers free or paid for internet access
- Five worst SMB security threats... and how to solve them
- Doing business in a social era
- How to configure SysLookup for your network
- The 18 best Outlook tips for increasing productivity: become an Outlook expert with these lesser-known tips
- Office: should you buy it, rent it - or dump it?
- Small server vs cloud: which is best for SMBs?
- The best mobile apps for business
- Windows XP: Microsoft’s ticking time bomb
- gTLDs: what your business should know about new domain names
- How to sell more ebooks on Amazon
- 10 ways to make your business more secure
- Top five VoIP mistakes
- How to add in-app purchasing to an iPhone, Android or Windows app
- Remote-control ransomware: TeamViewer and software hardball
- Why laptops with serial ports matter to the Internet of Things
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office