It was just a while ago since we had a network firewall SRX5308 from NETGEAR for a review. Today our laboratory hosts a device, a uniform threat prevention system, which is also intended for network security. In this review we will try to gain an insight into capabilities provided by ProSecure UTM50.
NETGEAR UTM50 is rack-mounted, which is quite common for this kind of devices, occupying one unit in the rack. The device case has dimensions of 440x43x253 mm.
There are ventilation grates on the side panels and one of them serves as a holder of the fan located inside of the case. Also, brackets can be fastened to the sides in order to mount the device in a rack.
There is nothing remarkable on the top and bottom panels apart from a 3-D brand tag, sticker with brief information about the device, and spots where the rubber legs are supposed to be glued, since the UTM may be both mounted in a rack and placed on a table.
On the front side there are six LAN and two WAN ports, USB slot, and LEDs indicating the device status.
The back panel of the device under review has a power connector, console port, sunken Factory Defaults button, and Kensington lock.
Now let's have a look at the insides of the case.
The hardware platform of the UTM50 comprises four cards performing different functions: the main card, power unit, and two interface ones, which only have a console port on it or LEDs displaying the device status.
Let's give a more detailed review of the main card elements which are located primarily on one side.
Broadcom BCM53118KQLEG fitted with nine Gigabit ports serves as the network processing unit. Its diagram is presented below. We have already seen such a chip in other NETGEAR models, for example in SRX5308 and GS108PE. Network support functions are carried out by three BI-TEK TONYO FM-3178LLF modules and two FM-1178LLF modules.
OCTEON Plus CN5020-700BG564-SCP-G chip serves as the CPU. SRX5308 has been powered by its single-core counterpart. The block diagram of the CPU is presented below.
Macronix MX29GL640EHT2I-70G with the overall memory size of 8 Mbytes performs functions of the flash memory. Apart from this, there is a Compact Flash III Apacer memory card, with the overall memory size of 2 Gbytes, on the main card. The RAM is featured by eight Samsung K4T1G164QF-BCE7 modules, with the overall memory capacity of 1 Gbyte.
That is where we bring the review of the hardware component to a conclusion and pass on to examining the device software package.
Since NETGEAR UTM50 belongs to the product line of devices for uniform security, not only firmware but also anti-virus modules and virus signature databases must be upgraded. Let's examine each of these upgrades separately. Firmware upgrade is carried out in Firmware tab in Administration-System Update menu. One can choose between manual and semi-automatic mode of downloading the firmware upgrade file. In order to do this in semi-automatic mode UTM50 must have access to the Internet to connect to the vendor's servers. When the list of available versions is displayed on the screen, the administrator chooses the applicable firmware version, and the device downloads it. When the file is successfully downloaded, one can pass directly on to the installation procedure.
The whole upgrade procedure takes about seven minutes (not including the reboot and firmware download time); the up-to-date firmware will be installed in the second partition. The device must be rebooted once the installation procedure was successfully finished.
We would like to point it out for our readers that it is necessary to register the device to obtain the latest firmware versions. The device registration is performed in Support-Registration menu. There are three different types of licenses: Web Protection, Email Protection, and Support&Maintenance.
While carrying out the firmware upgrade in the manual mode, one only needs to choose the previously downloaded file containing the new firmware version in Firmware tab, Administration-System Update menu, and click on Upload button.
Management of the anti-virus database upload settings is performed in Signatures&Engine tab, the same-named menu item.
That is where the section dedicated to the review of firmware and anti-virus database update draws to a close and we pass on to testing the capabilities of the device web-interface.
Any modern web-browser may be used in order to access the device web-interface. By default the login and password are admin and password, correspondingly.
Upon the successful authentication the administrator will find himself/herself on the home page of the device with brief information about the CPU workload, usage of the RAM and disc, and some other system information. This page is also available in System Status tab, Monitoring-System Status menu. We have already stumbled upon a similar kind of web-interface in NETGEAR SRX5308 firewall.
Let's take a quick look at the web-interface capabilities of UTM50. Network Config menu sub-items and tabs are used in order to manage LAN and WAN interface parameters, routing, load balancing, and DDNS and DMZ settings. Also, one can limit the monthly traffic usage in this menu, as well as manage the e-mail notification parameters. NETGEAR UTM50 supports several virtual networks connected to the LAN and DMZ interfaces of the device. It should also be noted that the device under review supports virtual network routing, but unfortunately the VLAN membership is determined only on a port basis; 802.1q/802.1p protocols are not supported. We believe that support of trunks would be quite relevant here allowing to connect the local network to several VLANs using just one port.
In Network Security menu an administrator can change the intrusion detection system parameters, manage services and their performance, access-lists and trigger ports, as well as UPnP system. Also, UTM50 allows an administrator to manage traffic filtration upon its transmission between one virtual network to another.
Application Security menu items are used to manage parameters of checking the user traffic for viruses and spam.
NETGEAR UTM50 supports two types of tunnel connections: IPSec and SSL VPN the configuration of which is performed via VPN menu items.
Management of local users and their groups, alteration of the authentication and RADIUS server parameters are carried out in Users menu items.
Management of the access parameters of HTTPS and SNMP protocols is performed in Administration menu. Also, one can save/restore/reset the user configuration, update the firmware, and set data and time there. It's worth noticing that the then-current firmware version didn’t have support of the amendments in the Russian Federation’s legislation regarding the time zone changes. Therefore, Moscow has been still assigned GMT+3 time zone.
Information on the CPU utilization, RAM and disc, data on the status of network interfaces and virtual networks, connected users, as well as any other log and diagnostics information can be found in Monitoring menu.
Support menu provides the administrator with a possibility to get in touch with the vendor's customer support services, send a suspicious file for a thorough anti-virus check, officially register the device, as well as gain access to the online knowledge and document database.
The last unrevised menu item is Wizards. It allows an administrator to launch a wizard to facilitate the set-up procedure.
When this article had already been finished, we received a newer firmware version from the vendor. Unfortunately, the newer version didn't have either IPv6 support or any updates on the Russia's time zones. However, we would like to tell a few words more about the new features which the latest firmware version, 3.1.0-149_RU, has been added with. Now NETGEAR UTM50 can act as a PPTP and L2TP server. We assure you that this feature will be tested in the applicable section of this review. Now the device supports up to five concurrent connections.
Apart from it, the new firmware supports integration of UTM50 and ReadyNAS network storages. By entering the links noted below you can learn more information about ReadyNAS 2100 and ReadyNAS Ultra 2 Plus, which we had already reviewed earlier. This kind of integration is necessary for UTM50 for storage of letters in the quarantine mode upon detection of any suspicious files containing spam or viruses.
Also, 3.1.0-149_RU firmware version supports the third version of SNMP.
That is where we bring the web-interface review to a conclusion and pass on to reviewing the capabilities of the SNMP-interface, since UTM50 does not allow administrators to gain access to its command line. Upon connection via the console port one must enter the login and password (none of the well-known combinations match), meanwhile upon access via telnet the device displays an error message saying «telnetd: applet not found».
In order to gain access via SNMP one must use SNMP menu item, Administration menu. Apart from the community names, an administrator also needs to specify IP addresses that are allowed to access SNMP with the device.
We used Getif 2.3.1 utility in order to find out what kind of parameter values one can get using SNMP. We will not give a detailed review on all capabilities of this utility and its full parameter list, but only point out the most interesting ones in our view. The branch named .iso.org.dod.internet.private.enterprises includes info on the anti-virus protection, protocols under check, and license expiration dates.
System information is located in the branch named .iso.org.dod.internet.mgmt.mib-2.system.
Performance statistics of the network interfaces and info on their status are located in .iso.org.dod.internet.mgmt.mib-2.interfaces branch.
Performance meters of IP, ICMP, TCP, UDP, and SNMP are located in branches named.iso.org.dod.internet.mgmt.mib-2.ip, .iso.org.dod.internet.mgmt.mib-2.icmp, .iso.org.dod.internet.mgmt.mib-2.tcp, .iso.org.dod.internet.mgmt.mib-2.udp, and .iso.org.dod.internet.mgmt.mib-2.snmp, correspondingly.
Also, we decided to connect the NETGEAR UTM50 to our test monitoring system powered by Cacti in order to obtain the interface and CPU usage diagrams.
Apart from the third-party utilities, an administrator would have been able to use the custom monitoring and management system NETGEAR NMS200, but unfortunately at the moment this article was being written, the NMS200 (184.108.40.206 version) didn't have support of UTM50.
That's where the review on the capabilities of the UTM50 SNMP-interface draws to a close and we pass straight on to the testing procedure.
The first testing procedure we usually begin our testing section with is estimating the booting time of the device, which is a time interval starting with the moment when the power is on until the first echo reply is received through ICMP protocol. NETGEAR UTM50 boots in 57 seconds, which, as we consider, is a decent result for this type of devices.
The second test we decided to conduct was a security scanning procedure which has been carried out using Positive Technologies XSpider 7.7 (Demo build 3100) utility. The scanning has been carried out from the LAN segment of the network. On the whole, there were four open ports discovered. They are TCP-23 (Telnet), UDP-53 (DNS), TCP-80 (HTTP), and TCP-443 (HTTP SSL). The most interesting data are presented below.
After that we just couldn't help but carry out the most anticipated test by our readers, the performance tests of UTM 50. The primary specifications of the test stand we used are presented below.
|Motherboard||ASUS Maximus IV Extreme-Z||ASUS M60J|
|CPU||Intel Core i7 2600K 3.4 GHz||Intel Core i7 720QM 1.6 GHz|
|RAM||DDR3 PC3-10700 SEC 32 Gbytes||DDR3 PC3-10700 SEC 16 Gbytes|
|OS||Windows 7 x64 SP1 Rus||Windows 7 x64 SP1 Rus|
At first we tested the routing speed both with the NAT and without it. Results of the measurements are presented on the diagrams below. As we can see, the NAT barely has any effect on the performance of the device.
After that we decided to test the data transmission speed via PPTP. We realize that PPTP wouldn't probably be used at all in big companies and corporations to connect to the provider; nevertheless we decided to do this test. Similar to SRX5308, we were unhappily surprised by the results. We believe that the data transmission speed of less than 10 Mbps for this kind of devices is just unacceptable.
As we have promised at the end of the section dedicated to the review of the device web-interface capabilities, we decided to test the local network access speed upon the remote client connection through PPTP. We would like to point out that the restrictions obtained are attributed to the performance factor of the UTM50 CPU which has been really heavy loaded during this test. Therefore, the connection of a remote client via PPTP can lead to the performance penalty of the whole device.
Apart from the PPTP, NETGEAR UTM50 can establish tunnel connections based on both IPSec and SSL, which performance level is considerably different. This way, upon connecting via IPSec the device showed good results as far as the speed was concerned, whereas the performance of the UTM50 is not really enough for the support of SSL connections.
As we have already mentioned in the review of the web-interface capabilities, NETGEAR UTM50 allows carrying out data-flow anti-virus traffic check of several well-known application protocols. We decided to find out what speed the local network users would have upon downloading information from certain HTTP server using a download manager. At first we tested the download speed of a big file with several data flows upon direct connection of a client to the server. After that we did the same, but this time using the uniform NETGEAR firewall. The last test we carried out was launching of the anti-virus check on UTM50. The tests were carried out with 1, 15, and 50 concurrent data flows.
The transmission speed decrease upon launching the anti-virus check is attributed to the poor performance of the device CPU, which is quite natural since such tests require considerable computing resources.
One can limit the maximum transmission speed for the data transmitted between LAN, WAN, and DMZ segments. In order to do that, the bandwidth profile must be configured and attached to the created firewall rule.
As a matter of course, we couldn't help but review it and therefore we have carried out following measurements. On the diagram below one can see the way the real and the configured transmission speeds correspond. As one can see, the operational transmission speed almost precisely corresponds to the actual speed. The measurements in this test were carried out using JPerf 2.0.2 utility and 10 concurrent TCP sessions. Data transmission has been carried out from LAN to WAN segment. We also believe it's worth pointing out that the speed for data flows routed between VLANs is impossible to limit.
That's where we draw the performance testing chapter to a close and move on to summing it all up.
NETGEAR UTM50 is a uniform firewall system providing means of complex network edge protection to administrators. In spite of satisfactory functional capabilities, some speed results left us completely perplexed. It looks like we observe a kind of illness of the entire line of hardware firewall products of NETGEAR which causes low data transmission speed with PPTP and SSL-VPN. However, UTM also possesses quite a few advantages.
- A wide array of functional capabilities
- Ability to carry out an anti-virus check of the data stored
- Easy to configure
- Network attack resistant
- Support of remote connections via SSL-VPN, PPTP, and L2TP
- Support of traffic balancing adjustment via WAN channels
- Support of VLANs
- Competitive price
Unfortunately, we cannot help to mention certain drawbacks we have discovered.
- Incorrect time zones
- Inability to disable telnet using the web-interface
- Web-interface is available only in English
- No IPv6 support
- Inability of setting date and time manually
- Support of the only dynamic routing protocol, RIP
- No support of 802.1p/802.1q protocols with LAN/DMZ ports
- Low SSL-VPN speed, meanwhile the speed with PPTP is even much lower
- No support of UTM50 in NMS200
We hope that the vendor manages to correct all identified problems in the foreseeable future and users will be able to obtain full-featured and fast firmware.
As of when this article was being written, the average price for a NETGEAR UTM50 in Moscow online shops was 24000 roubles.