ProSecure® UTM appliances are situated between an organization's internal network and the Internet. The UTM acts as a stateful packet inspection firewall, keeping track of TCP connection state for every connection that is maintained through the UTM. Moreover, the UTM manages an organization's Internet usage and protects these organizations from Internet borne malware, spam, viruses, and inappropriate web surfing. With the ProSecure® UTM appliance sitting between the organization and the Internet, it is critical that the UTM appliance is sized appropriately and matches the performance needs of the organization.
There are no industry-standard metrics for determining the model to select, as every organization is unique and displays different network traffic characteristics. Moreover, the performance of the UTM can vary widely depending on a number factors including the complexity of the firewall rules loaded, the number of current active VPN users, the IPS signatures employed, the number of active connections used by each user, and a host of other metrics, including, last but not least, the number of protocols inspected by the Antivirus engine and the number of signatures applied to the AV engine.
As such, NETGEAR highly recommends that you contact your ProSecure® authorized VAR who is well versed in UTM sizing to benchmark your organization and recommend the best model for your needs. That said, NETGEAR generally uses several specifications to roughly evaluate the applicability of an UTM appliance:
A starting point is to estimate the throughput your organization requires between its internal network and the Internet. As the UTM appliance sits between your internal network and the Internet, firewall throughput number is the total amount of traffic that can be passed with the UTM in place.
Users typically engage in a host of activities that consume TCP sessions. Web browsing over HTTP and HTTPS, FTP file transfers, Email over POP3, SMTP, and IMAP, Instant Messenger, Peer to Peer Traffic, TELNET, SSH and streaming audio and video all consume TCP sessions.
On the average, "normal" users typically consume 100-300 active TCP sessions. Virus Infected PCs turned into zombies can often consume upwards of 1000 active TCP sessions, although ProSecure® UTM appliances have administrator-definable limits to contain infected PCs from consuming an excessive number of TCP sessions.
Anti-Virus Throughput & Virus Coverage
Anti-Virus scanning can be performed against files or data embedded in time-sensitive applications such as web browsing over HTTP(s) or in latency-tolerant applications such as Email. Because Anti-Virus speed is directly correlated to the number of signatures applied in the scanning process and in the protocols being scanned, Anti-Virus throughput can typically be inflated by reducing the signature set size or reducing the numbers of protocols scanned. Thus, Anti-Virus effectiveness is often a balance between speed and thoroughness. ProSecure® UTM appliances employ signature sets that are up 400x larger than competing legacy small business UTM solutions while employing patent-pending Stream Scanning technology to vastly increase Anti-Virus throughput.
UTM Appliance Model Comparison
|UTM Model Capacity
|Firewall Throughput (Mb/s)
|Concurrent TCP Sessions
|Anti-Virus Throughput (Mb/s)
|Anti-Virus Signature Set Size
Explore Our Technology Solutions
Enterprise-class security architecture protects business networks without impacting productivity.
A Distributed Spam Analysis architecture that
uses an in-the-cloud approach to stop-up-to-the- minute spam outbreaks.
Firewall functionality that deploys an array of
network security technologies.
The ProSecure™ UTM series offers two types of virtual private network tunnels for optimal secure connection to your network.