This article can also be found in the Premium Editorial Download "Information Security magazine: How to tell if you need the help of security integrators and consultants."
Download it now to read this article plus other related content.
| We connected each UTM box on a test network with Windows XP, Vista and Apple
Macintosh clients and a Windows 2003 Enterprise Server running Microsoft's IIS Web server.
Each UTM box was configured with two interfaces--a local network with a DHCP server enabled, and an external network connecting to our DSL modem. We set up firewall and intrusion rule sets, ran Outlook Express POP email clients, and used Skype, GoogleTalk and AIM messaging sessions.
We also connected to a WebDAV server to share files over the Internet. We connected to each product's built-in Web management server using both Firefox v2 and Internet Explorer 6 and 7. We also used SSH to perform command-line configuration tasks when necessary.
We examined log files and configuration reports to determine how each appliance stacked up in enterprise management and control, daily operation, authentication and policies, and feature integration.
All of the products sell for between $12,000 and $18,500. But getting specific price configurations isn't easy, as each product has a complex range of user and feature licenses. Further confounding the pricing issue is that you will need to match the capacity of the product with the expected network traffic it will protect. We tried to compare appliances that had a similar number of network ports and capacity for a 1 Gbps external network connection.
We asked vendors to send us the boxes with the highest throughput possible and geared toward the largest networks. When we did our tests, we turned on all of the security modules--in the real world, this will severely limit their overall performance and is something to consider when deploying these products. However, we did not test performance. This is because testing performance is fraught with all sorts of issues. Either you test with synthetic clients to generate phony traffic so you can compare how different products respond on the "same" artificial lab network, or you do your tests on a live network and hope that the insights gained with your actual conditions are worth the loss of having the comparable traffic data. As a potential purchaser, you should match throughput specs with what you ultimately need on your network.
This was first published in June 2007