Full Text

If you run a small business, you have a lot of choices to protect your network. You can buy a consumer-grade router for less than $50, you can spend more than $4,000 for an enterprise firewall, or you can select something in between.

That's where unified threat management (UTM) products fit. UTMs integrate five basic security features: firewall, IDS/IPS, anti-virus/anti-spam, VPN and outbound content filtering to prevent phishing and browser-based attacks. UTMs offer easy setup and they can support a 25-person small business for an average of around $1,500.

We tested eight devices: Check Point Software's 640, Dell/Sonicwall's NSA250MW, Elitecore Technologies' Cyberoam CR35iNG, Fortinet's FortiGate 100-D, Juniper Networks' SSRX220H-POE, Kerio Technologies' Control 1100, Sophos/Astaro's UTM 220, and Watchguard Technolgies' XTM330.

Here are our top-line findings:

? Check Point is our Clear Choice Test winner. The Check Point 640 UTM is the cheapest and most capable box -- two things that usually don't go together -- and the most appropriate UTM device for the SMB marketplace. It has an appealing user interface, a lot of great security features, and is simple to manage and create new security rules. It also works well with mixed Mac/Windows networks.? Kerio, Watchguard, Elitecore and Sophos were runners-up. All had solid protective features and were nearly as easy to manage as Check Point, but cost more. Dell, Juniper and Fortinet all had their issues, which we describe in the individual reviews.? In addition to the five basic UTM features, all of the vendors have included extra functionality. For example, Dell/Sonicwall and Check Point included a wireless access point inside the box. Watchguard and Fortinet have management software that will work with their own external Wi-Fi access devices.? Several units also include Web applications firewalls that can be used to selectively block particular applications from running on the internal network, while others include traffic or bandwidth management to eliminate network hogs or to at least clamp down on potential bandwidth abuses.? Units from Check Point, Fortinet and Kerio can be used to connect to two different upstream Internet connections, such as a cable modem and a DSL link, for the ultimate in connection diversity on a budget. This provides failover in case one link goes down, or can be used for...