Are there unified threat-management firewalls with the chops to provide the perimeter-security functions that an enterprise needs? In this Clear Choice Test, we set out to determine whether we could find a UTM firewall that could scale up successfully in performance, feature set and manageability.

We tested 13 UTM products from 12 hardware vendors and nine software vendors, all aimed squarely at the enterprise. We evaluated these products on performance. Could they deliver firewalling at gigabit speeds in an environment that included virtual LANs, dynamic routing, high availability and centralized management? And could they perform with intrusion-prevention systems (IPS) and antivirus turned on?

No single product came out on the top, but Juniper Networks, Check Point Software and Cisco were head and shoulders above the rest.

While products from these three companies can be beat in individual categories (IBM Internet Security Systems [IBM/ISS] soared in the IPS category, and Fortinet beat folks hands down on antivirus tests), they consistently finished among the top performers in all categories.

Because Check Point was represented four times (with its software riding on its own UTM-1 2050 box, as well as on hardware from Crossbeam Systems, IBM and Nokia) and Juniper twice (once on its ISG-1000 and once on its SSG-520M), these two vendors claimed the top seven spots on our scorecard.

We give the firewalls within these all-in-one devices an enthusiastic stamp of approval. Their UTM features, however, are another matter. We found that most products have dangerously variable performance characteristics when such UTM features as antivirus and IPS are turned on. We also found that the IPS and antivirus coverage in most products is not particularly strong. We had a few outstanding products in those tests, but not enough consistent winners to say that every enterprise should jump onto the UTM bus.

Snyder is a senior partner at Opus One, a consulting firm in Tucson, Ariz. He can be reached at Joel.Snyder@opus1.com.

Snyder is also a member of the Network World Lab Alliance, a cooperative of the premier reviewers in the network industry, each bringing to bear years of practical experience on every review. For more Lab Alliance information, including what it takes to become a member, go to www.networkworld.com/alliance.

Whitepapers

• Gene Kim's Practical Steps to Mitigate Virtualization Security Risks
• Selecting Effective Virtual Directories
• A Modern Approach to On-Demand Email and Data Security
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• Compliance, Protection, Recovery: A Layered Approach to Laptop Security
• Endpoint Security: Data Protection for IT, Freedom for Laptop Users

View more SECURITY whitepapers

Webcasts

• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• Learn how to Keep your Mobile Workforce Connected
• The self-managed network

View more SECURITY special reports