ProSecure® Unified Threat
Management Firewall Data Sheet
UTM Series
Unified Gateway Security for Smart IT Networks – Without Compromise
The NETGEAR® ProSecure® UTM series of all-in-one next-generation firewalls combine an advanced
application firewall with best-of-breed enterprise-strength security technologies such as anti-virus,
anti-spam, Web filtering, and intrusion prevention (IPS) to protect businesses against today’s
application, Web, email, and network threats. This gives business owners and IT admins greater
visibility and control over their network and protects their businesses from threats that would
otherwise bypass traditional firewalls.
ProSecure UTM Features
Redefining the Firewall
and Highlights
• Advanced Application
Control Firewall
– Monitors and controls application use
– Supports up to 1200 applications
– Granular per-application policies
– Preserve productivity and save
bandwidth
• Best-of-breed Anti-malware
Engine
– Enterprise-class malware scan engine
– Up to 400 times the coverage of
legacy all-in-one solutions
– Over 1 million malware signatures
– Hourly automatic signature updates
– Zero hour heuristic based threat
protection
• ProSecure Patented* Stream
Scanning Technology
– Data streams are processed as they
enter the network
– Low latency Web traffic scanning
• Distributed Spam Analysis
Anti-spam Technology
Revolutionary Stream Scanning Platform
– Hybrid in-the-cloud architecture
– Gathers threat data from over 50
million global sources
– New spam is classified and detected
within minutes
– No learning period, works right out
of the box
• Distributed Web Analysis
URL Filtering
– Hybrid in-the-cloud architecture
– Hundreds of millions of categorized URLs
– Real-time classification, 64 categories
– Per User & Group filtering policies
•Virtually Limitless Logging,
Reporting and Quarantine
Capability
– Integrates with NETGEAR ReadyNAS
models with UTM plugin
– Automatically store logs on
ReadyNAS NAS
– Up to 4.6 GB of log storage space
for reports
– Conduct security forensics and
reporting years in arrears
ProSecure UTM firewalls bring advanced network security technologies to small and medium
businesses and remote/branch offices. Traditional firewalls can only block/accept traffic based
on IP addresses and ports and offer little protection outside of that. This approach is quickly
becoming obsolete in today’s Internet where many applications send/receive traffic over ports
that are typically allowed by traditional firewalls. The built-in application firewall of the UTM
overcomes the limitations of yesterday’s firewall and allows the UTM to monitor, control, and
block hundreds of applications such as Skype, Facebook, BitTorrent®, and Yahoo! Messenger;
helping enhance employee productivity and enforce network usage policies.
The UTM application firewall combined with best-of-breed anti-virus, Web filter, and anti-spam
technologies along with IPS and VPN functionality, form the ideal firewall for today’s businesses.
Internet
Unfiltered
network stream
Firewall
Inspection
Intrusion
Prevention
VPN
Application
Control
UTM Appliance
Given the high-performance requirements of scanning latency sensitive Web traffic, incorporating
enterprise-grade security software technologies onto traditional all-in-one platforms has been
a very difficult task. Traditional batch-based scanning methods introduce large amounts of
latency into network traffic and can slow Web browsing to a crawl. All-in-one solutions in the
past have tried to overcome this by minimizing the malware signature set, scanning only a
select few file types, or by avoiding Web scanning altogether. This exposes an entire vector of
the network to malware-based attacks. The ProSecure UTM features patented Stream Scanning
Technology which analyzes data streams as they enter the network. This significantly reduces
latency and allows the use of an extensive malware signature library for scanning – thus offering
an unprecedented combination of speed and coverage in an all-in-one solution.
Traditional Batch-bas ed Scanning Stream Scanning
Rece ive
Scan
Output
Latency
Time
Remote Users
Web
Filtering
Anti-spam
Anti-virus
Rece ive
Scan
Output
Latency
Clean and
secure traffic
LAN
Time
VPNC
CERTIFIED
Basic
Interop
AES
Interop
®
UTM25 UTM150 UTM9S
ProSecure® Unified Threat Management Firewall UTM Series
ProSecure UTM Features
and Highlights
• SSL & IPSec VPN
Remote Access
– SSL VPN - clientless remote access,
anywhere, anytime
– IPSec VPN - secure site-to-site tunnels
and client-based remote access
– Purchase additional licenses for
IPSec VPN
• Built-in SPI Firewall
– Dual WAN Gigabit Firewall**
provides load balancing and failover
– Gigabit LAN ports, configurable
hardware DMZ port
– Stateful packet inspection (SPI)
– Denial-of-service (DoS) protection
– IPS prevents hackers from penetrating
the network perimeter
Simple Setup, Ease of Management
The ProSecure UTM will easily replace any existing firewall or router. A simple 10-step setup
wizard guides you through installation and the UTM will be up and running in minutes.
Administration is performed through an intuitive Web-based interface. Set granular policies
and alerts, check summary statistics and graphical reports, drill down to IP address-level data,
and integrate log data with standard network management tools using SNMP. Malware,
application, and IPS signature, software, and firmware updates are all handled by the
UTM - online and automatically.
For many administrators and IT personnel one of their biggest nightmares is the management
of individual licenses or “seats.” Buying additional licenses when computers and personnel
are added to the network is time-consuming and costly. The ProSecure UTM offers Web and
email protection subscriptions with no “per-user ” licensing.
UTM SERIES COMPARISON
MODEL UTM5 UTM10 UTM25 UTM50 UTM150
SIZING GUIDELINES
Firewall Throughput¹ 500 Mbps 566 Mbps 700 Mbps 980 Mbps 980 Mbps
Application Firewall Throughput¹ 400 Mbps 450 Mbps 630 Mbps 905 Mbps 940 Mbps
Anti-virus Throughput¹ 20 Mbps 23 Mbps 25 Mbps 42 Mbps 110 Mbps
IPS Throughput¹ 130 Mbps 150 Mbps 200 Mbps 320 Mbps 620 Mbps
UTM Throughput¹ (HTTP Traffic) 13 Mbps 15 Mbps 22 Mbps 32 Mbps 82 Mbps
UTM Throughput¹ (non-HTTP Traffic,
e.g. P2P, DNS, SSH)
Maximum VPN Throughput¹ 80 Mbps 80 Mbps 85 Mbps 85 Mbps 586 Mbps
Maximum Concurrent Connections¹ 12,000 16,000 40,000 40,000 80,000
802.1q VLANs 255 255 255 255 255
130 Mbps 150 Mbps 200 Mbps 320 Mbps 620 Mbps
CONTENT SECURITY
Web and Email Scanned Protocols HTTP, HTTPS, FTP, SMTP, IMAP, POP3
Stream Scanning
Inbound and Outbound Inspection
Signature-Less Zero Hour Protection
Malware Signatures 1.2 Million 1.2 Million 1.2 Million 1.2 Million 1.2 Million
Automatic Signature Updates Hourly Hourly Hourly Hourly Hourly
Web Content Filters Filter By: HTTPS Smart Block, HTML Body Keywords, File Extension
Web Object Filters ActiveX, Java™, Flash, JavaScript™, Proxy, Cookies
• • • • •
• • • • •
• • • • •
Email Content Filters Filter By: Subject Keywords, Password-protected Attachments, File Extension, File Name
Distributed Spam Analysis
Distributed Spam Analysis
Supported Protocols
Anti-spam Real-time Blacklist (RBL)
User-defined Spam Allowed/Block Lists Filter By: Sender Email Address, Domain, IP Address, Recipient Email Address, Domain
Distributed Web Analysis w/64 categories
Maximum Number of Users Unlimited
• • • • •
SMTP, POP3
• • • • •
• • • • •
ProSecure® Unified Threat Management Firewall UTM Series
MODEL UTM5 UTM10 UTM25 UTM50 UTM150
FIREWALL FEATURES
Stateful Packet Inspection (SPI) Port/Service Blocking, Denial-of-service (DoS) Prevention, Stealth Mode, Block TCP Flood,
Block UDP Flood, WAN/LAN Ping Response Control
Application Firewall Global Mode, Policy Mode, SSL Decr yption, Granular Application Policies,
Application Session Monitoring, Application Dashboard
Applications Protected
Intrusion Detection & Prevention (IPS)
IPS Signatures
WAN Modes NAT, Classical Routing
ISP Address Assignment DHCP, Static IP Assignment, PPPoE, PPTP
332 332 1212 121 2 1212
• • • • •
619 619 2114 211 4 2114
Secondary WAN IP Addresses***
NAT Modes 1-1 NAT, PAT
Routing Static, Dynamic, RIPv1, RIPv2
VoIP SIP ALG
DDNS DynDNS.org, TZO.com, Oray.net, 3322 DDNS
Firewall Functions Port Range For warding, Port Triggering, DNS proxy, MAC Address Cloning/spoofing,
DHCP DHCP Server, DHCP Relay
User Authentication for VPN Active Directory, LDAP, Radius, Local User Database
Security Policies Based on Active
Directory with Single Sign-On (SSO)
PCI Compliance Two Factor
Authentication Support
16 16 32 32 64
Network Time Protocol NTP Support, Diagnostic Tools (ping, DNS lookup, trace route, other),
Auto-Uplink on Switch Ports, L3 Quality of Service (QoS) ,LAN-to-WAN and WAN-to-LAN (ToS)
• • • • •
• • • • •
VPN
Site-to-site VPN Tunnels 5 10 25 50 150
SSL VPN Tunnels 2 5 14 25 75
L2TP, PPTP VPN Tunnels 5 5 5 5 5
IPsec Encrypton/Authentication DES, 3DES, AES(128,192,256 bit)/SHA-1, MD5
Key Exchange IKE, Manual Key, Pre-Shared Key, PKI, X.500
IPsec NAT Traversal (VPN Passthrough)
iPhone Native VPN Client Support
Included ProSafe VPN Client Lite Licenses 0 1 1 3 3
SSL Version Support SSLv3, TLS1.0
SSL Encryption Support DES, 3DES, ARC4, AES(128,256 bit)
SSL Message Integrity MD5, SHA-1, MAC-MD5/SHA-1, HMAC-MD5/SHA-1
SSL Certificate Support RSA, Diffie-Hellman, Self (Key Lengths 512-bit, 1024-bit, 2048-bit )
SSL VPN Platforms Supported Windows 2000 / XP / Vista® (32bit), Windows 7 (32 and 64bit), Mac OS® X 10.4.x/10.6.x
• • • • •
• • • • •
DEPLOYMENT
VLAN Support
Dual-WAN Fail-over
• • • • •
• • •
ProSecure® Unified Threat Management Firewall UTM Series
MODEL UTM5 UTM10 UTM25 UTM50 UTM150
Intelligent Traffic Load Balancing
Configuration Wizards Setup, IPsec VPN, SSL VPN
• • •
Electronic License
• • • • •
LOGGING AND REPORTING
Management HTTP/HTTPS, SNMP v2c
Reporting Summary Statistics, Graphical Reporting, Automatic Outbreak Alerts, Automatic
Malware Notifications, System Notifications
Logging Traffic, Malware, Spam, Content Filter, Email Filter, System, Service, IPS,
Application, Port Scan, IM, P2P, Firewall, IPsec VPN, SSL VPN
Log Deliver y Management GUI Query, Email Delivery, Syslog
Hardware Warranty Lifetime
HARDWARE
Gigabit RJ45 Ports WAN/LAN 1/4 1/4 2/4 2/6 4/4
DMZ Interfaces (Configurable) 1 1 1 1 1
Flash Memor y/RAM 2 GB/512 MB 2 GB/512 MB 2 GB/1 GB 2 GB/1 GB 2 GB/1 GB
USB Ports 1 1 1 1 1
Certifications ICSA: Anti-virus VPNC: AES Interop, Basic Interop
Checkmark: Anti-Malware, Anti-Spam, Enterprise Firewall, VPN, IPS, URL Filtering
Major Regulatory Compliance FCC Part 15 Class A, CE mark commercial, VCCI, C-Tick Class A, CE/LVD, cUL, RoHS, China RoHS
Storage and Operating
Temperatures
Humidity Operation 90% Maximum Relative, Storage 95% Maximum Relative
Power Input Rating 100-240V, AC/50-60Hz, Universal Input, 1.2 Amp Max
Dimensions (W x H x D) cm 33 x 4.3 x 20.9 33 x 4.3 x 20.9 33 x 4.3 x 20.9
Operating Temperature 0°-45° C (32°-113° F),
Storage Temperature -20°-70° C (-4°-158° F)
100-240V, AC/50-60Hz, Universal Input,
1.0 Amp Max
44 x 4.3 x 25.3 44 x 4.3 x 25.3
Dimensions (W x H x D) in 13 x 1.7 x 8.2 13 x 1.7 x 8.2 13 x 1.7 x 8.2
Weight kg/lb 2.1/ 4.6 2.1/ 4.6 2.1/ 4.6 2.9/6.4 2.9/6.4
Package Contents ProSecure UTM Appliance, Power Cable, Rubber Feet, Resource CD, Rackmount Kit,
Warranty Card, Quick Installation Guide, Electronic License (Bundles only)²
Hardware Warranty Lifetime
17.3 x 1.7 x 9.96 17.3 x 1.7 x 9.96
ProSecure® Unified Threat Management Firewall UTM Series
ORDERING INFORMATION
Hardware (Firewall and VPN Functionality Only)
North America Europe Asia
UTM5-100NAS UTM5-100EUS UTM5-100AJS
UTM10-100NAS UTM10-100EUS UTM10-100AJS
UTM25-100NAS UTM25-100EUS UTM25-100AJS
UTM50-100NAS UTM50-100EUS UTM50-100AJS
UTM150-100NAS UTM150-100EUS UTM150-100AJS
1-Year Bundle (Hardware including 1-year Web, 1-year Email, and 1-year Software Maintenance and Upgrades, 24/7 Support, and Advanced Replacement)
North America Europe Asia
UTM5EW-100NAS UTM5EW-100EUS UTM5EW-100AJS
UTM10EW-100NAS UTM10EW-100EUS UTM10EW-100AJS
UTM25EW-100NAS UTM25EW-100EUS UTM25EW-100AJS
UTM50EW-100NAS UTM50EW-100EUS UTM50EW-100AJS
UTM150EW-100NAS UTM150EW-100EUS UTM150EW-100AJS
3-Year Bundle (Hardware including 3-year Web, 3-year Email, and 3-year Software Maintenance and Upgrades, 24/7 Support, and Advanced Replacement)
North America Europe Asia
UTM5EW3-100NAS UTM5EW3-100EUS UTM5EW3-100AJS
UTM10EW3-100NAS UTM10EW3-100EUS UTM10EW3-100AJS
UTM25EW3-100NAS UTM25EW3-100EUS UTM25EW3-100AJS
UTM50EW3-100NAS UTM50EW3-100EUS UTM50EW3-100AJS
UTM150EW3-100NAS UTM150EW3-100EUS UTM150EW3-100AJS
1-Year Subscriptions
Web Threat Man age ment Email Threat Management Software Maintenance and Upgrades,
24/7 Support, Advanced Replacement
Subscription Bundle (Web + Email +
Support & Maintenance)
UTM5W-10000S UTM5E-10000S UTM5M-10000S UTM5B-10000S
UTM10W-10000S UTM10E-10000S UTM10M-10000S UTM10B-10000S
UTM25W-10000S UTM25E-10000S UTM25M-10000S UTM25B-10000S
UTM50W-10000S UTM50E-10000S UTM50M-10000S UTM50B-10000S
UTM150W-10000S UTM150E-10000S UTM150M-10000S UTM150B-10000S
3-Year Subscriptions
Web Threat Man age ment Email Threat Management Software Maintenance and Upgrades,
24/7 Support, Advanced Replacement
Subscription Bundle (Web + Email +
Support & Maintenance)
UTM5W3-10000S UTM5E3-10000S UTM5M3-10000S UTM5B3-10000S
UTM10W3-10000S UTM10E3-10000S UTM10M3-10000S UTM10B3-10000S
UTM25W3-10000S UTM25E3-10000S UTM25M3-10000S UTM25B3-10000S
UTM50W3-10000S UTM50E3-10000S UTM50M3-10000S UTM50B3-10000S
UTM150W3-10000S UTM150E3-10000S UTM150M3-10000S UTM150B3-10000S
*U.S. Patent No. 7,971,254
**Available on the UTM25, UTM50, and UTM150.
***Maximum 16 secondary WAN IP addresses per WAN port
¹Throughput measured in a lab environment. Actual performance may vary.
2
Electronic Licenses are now used to register UTMs that are purchased as part of a bundle. A license key will be assigned to the UTM at the time it is registered with NETGEAR License servers.
350 E. Plumeria Drive
San Jose, CA 95134-1911
1-888-NETGEAR (638-4327)
E-mail: info@NETGEAR.com
www.NETGEAR.com
NETGEAR, the NETGEAR logo, Connect with Innovation, ProSafe and ProSecure, are trademarks and/or registered trademarks of NETGEAR,
Inc. and/or its subsidiaries in the United States and/or other countries. Other brand names mentioned herein are for identification purposes only
and may be trademarks of their respective holder(s). Information is subject to change without notice. © 2012 NETGEAR, Inc. All rights reserved.
This product comes with a limited warranty, the acceptance of which is a condition of sale.
DS-UTM_Series-6
Loading...