NetASQ U6000 UTM appliance
An enterprise level UTM appliance that combines tough firewall and IPS functions with strong anti-spam and web content filtering capabilities.
Enterprises have traditionally favoured point solutions for their network security as these are capable of delivering high levels of protection within their areas of expertise.
However, the high costs for support, management and maintenance are driving many towards UTM appliances as these can offer a complete range of security features in a more cost-effective an easily managed solution.
A major concern for larger businesses is performance as a single appliance handling all security functions has the potential to become a bottleneck. NetASQ aims to solve this with its latest U6000 which it claims as the first carrier grade UTM appliance with a maximum throughput of 5Gbps. Another bonus is NetASQ's licensing model as it provides support for unlimited users as standard.
The U6000 brings together NetASQ's firewall and IPS capabilities and serves them up with anti-virus, anti-spam and web content filtering services. Central to the appliance is the ASQ (advanced security qualification) engine which runs on a hardened FreeBSD kernel and uses three traffic inspection modes where it watches out for malicious content, employs behavioural and statistical analysis and uses twenty signature databases. ASQ is designed to reduce scanning overheads as it handles all firewall, NAT and VPN functions itself before passing it over to the mail and web proxies so reducing the number of processes required.
The hardware package for the U6000 is adequate as this 4U Supermicro rack system is equipped with a single 3GHz Xeon 5160 teamed up with 4GB of memory. The storage arrangement does look a little dated as the appliance comes with a pair of 73GB Seagate SCSI hard disks configured in a mirror. Power redundancy is also on the menu as the appliance is supplied with a pair of hot-plug supplies.
Network connectivity options are extensive as along with two embedded Gigabit ports, the price also includes a quad-port Gigabit card. The appliance can support up to 24 network interfaces and the wide range of spare expansion slots allows you to mix copper and fibre. As the appliance represents a single point of failure, HA is an essential feature and the U6000 supports active/passive configurations.
For deployment the U6000 can route traffic between selected network interfaces, function as a transparent bridge or use a combination of the two. Web browser access isn't available as management is carried out by NetASQ's own Unified Manager, Realtime Monitor and Event Reporter utilities. For the mail and web content filtering services, NetASQ uses transparent proxies. There are pros and cons here as no client configuration is necessary but for mail it can't perform quarantining. It can only tag the subject line of suspect messages so you'll need rules for handling these either on your mail server or at each mail client. HTTPS scanning is also conspicuous by its absence.
We opted for the transparent bridge mode for testing in the lab and found installation easy enough and aided further by a useful CD-ROM based wizard. The Unified Manager utility is well designed and provides easy access to all functions. Network interfaces need to be defined for LAN, WAN and DMZ duties and then you can create objects to represent network entities, services, users and hosts. User authentication is provided as the appliance supports LDAP and can use a wide range of methods including RADIUS servers.