Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Wi-Fi Router Charts

Click for Wi-Fi Router Charts

Mesh System Charts

Click for Wi-Fi Mesh System Charts


This article is sponsored by QNAP.

QNAP & Sophos UTM


QNAP is big on Virtualization. So big in fact, that it is the only NAS vendor to make it easy to run multiple Virtual Machines (VMs) on a single NAS and centrally manage them via a user-friendly interface. QNAP's Virtualization Station supports a wide range of Windows, Linux and UNIX-based VMs, including pre-configured virtual appliances from Bitnami and VMware. Virtualization Station provides access to remote desktops on each VM, takes VM snapshots and even connects USB devices to VMs.

One very useful thing this capability enables is enhancing the security of your network by adding a virtual Unified Threat Management (UTM) appliance, specifically Sophos' free UTM Home Edition.

Sophos' hardware requirements for the UTM are an Intel compatible 1.5 GHz CPU, 1 GB RAM and 20 GB of hard disk space. A QNAP TS-453 Pro [reviewed] with a quad-core Intel Celeron 2.0 GHz CPU, 8 GB of RAM and four Intel 10/100/1000 Ethernet ports is plenty powerful for this application.

It's worth noting the Intel Baytrail processor used in the TS-453 Pro and other QNAP NASes provides higher performance with lower power consumption and more memory than competitor's products.

Competitive comparison

Competitive comparison

The TS-453 Pro was configured so the UTM VM had two CPU cores, 2 GB RAM, 80 GB disk space and two Ethernet interfaces. Two of the NAS Ethernet ports are used for the UTM WAN and LAN connections. One of the TS-453 Pro's Ethernet interfaces is the UTM's WAN interface, the other will be the UTM's LAN interface.

The UTM would normally replace your current router. You can continue to use your current router's wireless portion by converting it to an access point.

Creating The VM

To set up the VM, you'll need to access the Network Settings, Create VM and Virtual Machine edit Virtualization Station menus. Start by downloading the software here.

UTM ISO file download

UTM ISO file download

You then configure the VM, Start it and let it install.

VM configuration for UTM

VM configuration for UTM

Once the VM installation completes, log into the Sophos UTM web GUI and follow the UTM setup wizard.

VM configuration for UTM

UTM install wizard summary

Since you'll want to access both the virtual UTM and normal NAS features, you'll need to make multiple connections between the NAS and your network as shown in the diagram below. Since the virtual UTM is now acting as your LAN's router, it assigns all IP addresses, including those for normal NAS functions. In our configuration, the UTM admin interface is located at

Connecting the NAS/UTM

Connecting the NAS/UTM
  • Ethernet 1 = NAS interface: Assign the NAS a static IP address in the subnet or allow it to get it an address via DHCP from the UTM. You access NAS administration here, including Virtualization Station
  • Ethernet 2 = VM interface: Assign each VM a static IP address in the subnet or allow them to get their IP address via DHCP from the UTM. This connection is needed only if you have other VMs running on the NAS.
  • Ethernet 3 = UTM WAN Interface: The UTM WAN interface will get a public IP address from your ISP via DHCP. If you have a static public IP, you can configure that IP in the UTM's web menu.
  • Ethernet 4 = UTM LAN Interface = The UTM's admin interface is located at The UTM's DHCP server will assign IP addresses to the NAS on Ethernet 1 and VMs on Ethernet 2.

The whole process is shown in the gallery below.

In Use

With the UTM as the main network router there seemed to be a slight lag when initially loading a website. But subsequent loads of the same site came up without delay.

Throughput measurements using two Windows PCs and TotuSoft's LAN Speed Test with a file size of 100 MB are summarized in Table 1. IPsec tunnel throughput was measured to a ZyWALL 110 router to terminate the tunnel.

Test Description Upload Download
UTM On 84.4 141.9
UTM Off 100.9 184.6
Site to site IPsec 29.1 31.3
Table 1: Virtual UTM throughput (Mbps)

The image gallery below shows throughput measurements, a screenshot of the IPsec tunnel and a website blocked by the UTM's content filtering feature.

This final image gallery shows the TS-453 Pro's CPU utilization, which peaked at 43% with simultaneous UTM traffic and a large filecopy.


While you can buy faster UTMs, they require purchasing a separate device and often have ongoing license subscription fees. The combination of QNAP's Virtualization Station, quad-core TS-453 Pro and free Sophos UTM Home Edition combine to make a very viable and powerful alternative.

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Don't Miss These

  • 1
  • 2