Check Point wins test of eight unified threat management (UTM) devices for small business.
Unified Threat Management devices integrate five basic security features: firewall, IDS/IPS, anti-virus/anti-spam, VPN and outbound content filtering. UTMs offer easy setup and can support a 25-person office for around $1,500.
Network World tested eight devices: Check Point Software's 640, Dell/Sonicwall's NSA250MW, Elitecore Technologies' Cyberoam CR35iNG, Fortinet's FortiGate 100-D, Juniper Networks' SSRX220H-POE, Kerio Technologies' Control 1100, Sophos/Astaro's UTM 220, and Watchguard Technologies' XTM330. Here are the results.
Check Point: Cheap, capable
Check Point is our Clear Choice Test winner. The Check Point 640 UTM is the cheapest and most capable box -- two things that usually don’t go together -- and the most appropriate UTM device for the SMB marketplace. It has an appealing user interface, a lot of great security features, and is simple to manage and create new security rules. It also works well with mixed Mac/Windows networks.
Dell/Sonicwall: Easy setup, flexible
The Sonicwall UTM was extremely easy on the initial setup, but suffers from a confusing series of menu choices. One of the Sonicwall’s biggest limitations was its VPN support, which is just for Windows SSL connections. In other areas, it was more flexible: you can choose among three different Dynamic DNS providers and two Windows client AV services. It also can handle multiple upstream Internet connections and is one of the few vendors that offers DPI SSL traffic inspection. Another nice feature is that there is no maximum file attachment size for the AV scanner.
Elitecore Cyberoam: Basic features, not flashy
The Elitecore Cyberoam doesn’t have the prettiest user interface but it gets the job done, with features that can compete with the market leaders, such as application filtering and Instant Messaging archiving. The basic zone-to-zone firewall rules are setup automatically and can be easily augmented. Also, there are a wide variety of VPN clients and three dynamic DNS choices. There’s also a good selection of reports, including security incidents, trends, and compliance.
Fortinet: Powerful security features, pricey
Fortinet has a very capable but complex box that took a few calls to their tech support to get working properly. Its dashboard gives you the basic operations, and there are menus that are somewhat obvious once you spend time with the product. They have very powerful protection policies, so you can specify a particular user in a particular group to run specific applications or based on particular devices. Its URL filtering is equally powerful. It also offers the ability to automatically export logs to the cloud. In addition to the five security modules, it also has a powerful applications firewall and bandwidth management features.
Juniper: Lots of features, not easy to use
Juniper’s UTM is a study in contrasts: it is the most feature complete box. But it is also the most vexing to setup and configure. You’ll find yourself typing on the command line and looking up command syntax. In addition to all this command line typing, you will be clicking and navigating back and forth across its Web menu tree to accomplish even the simplest of tasks. One nice thing is that the APs can communicate on both 5 and 2.4 GHz bands and support multiple SSIDs. However, the UTM has only an IPsec VPN, there is no AD integration, no client-based endpoint protection and no deep packet inspection over SSL yet, although Juniper is working on adding these features.
Kerio Control: Easy setup, smooth workflow
Kerio was one of the easier boxes to configure, with clear menus and simple options, such as the ability to aggregate all of its LAN ports in a single switched network. Its workflow to setup security policies is straightforward, and effective group policy access rights come with a few pre-set conditions to make for easier setup. There is also a separate Web portal that you can assign different access rights to, a nice feature. Users can also access just their own usage data online and receive regularly scheduled reports. Rules are easy to setup, and can include a redirect to a different URL if your users are trying to surf objectionable sites.
Sophos/Astaro: Simple setup, flexible
Sophos bought the rights to the Astaro line of UTMs and it has a very attractive menu layout and simple setup, such as the ability to create a simple LAN switch across all ports. It had five flexible Dynamic DNS providers, with DNS entries that can be assigned to a particular interface port. It supports Web applications filtering, QoS monitoring and link path diversity too. Menu choices are clearly laid out, reflecting the solid UTM heritage of the Astaro line. Reports are sprinkled throughout the user interface, and presented at the top level of various menu choices, such as network protection statistics, or interface statistics. While that can be initially disconcerting, we liked the visualizations included too.
Watchguard: Powerful, with cloud features
Watchguard was extremely fast to setup for a basic network, but the additional security measures took several long sessions with tech support personnel at our side coaching us. It has the ability to set separate policies for particular interfaces, and all policies have the same common rule set, which can make for a very powerful security device. It has a cloud based management interface that works in conjunction with the Web UI where AV signatures and reputation management on IP and domains are screened. It also makes use of the cloud to aid in nearly touchless remote deployment.