Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

Configuration

Like other UTM devices, NETGEAR's UTM10 is a complex device with many configuration options.  Overall, I found the menus intuitive and easy to work with, more so than other UTM devices I've reviewed.  For reference, NETGEAR provides a 480 page manual accessible via the menu.

The UTM10's menus use the same structure as the FVS318G and FVS336G.  The menu has nine main sections as listed in the left column of Table 1.  Each main section has three to eight subsections.  Each subsection has one or more tabbed configuration pages, for a total of over 80 different pages.

Menu summary

Table 1: Menu summary

At times I found myself waiting for the UTM10 to respond after applying a configuration or selecting a different configuration page.  The delay wasn't significant, but it can be frustrating for a "high performance" network device to have a slow admin interface.

Networking

The LAN and WAN ports on the UTM10 support Gigabit Ethernet so I checked for jumbo frame support.  The WAN port MTU value is only adjustable from 1-1500 bytes.  Jumbo frames won't pass over the Internet, thus this feature is used to reduce the WAN MTU if necessary, such as for PPPoE connections.

The LAN ports' MTU value is not adjustable on the UTM10.  I tested for jumbo frame capability anyway, and found the UTM10 will pass frames up to 1962 bytes, the same result I had on the FVS318G.  As I stated in my review of the FVS318G, anything larger than 1500 bytes is a jumbo frame, but typical jumbo frame devices use frame sizes of 4000-9000 bytes.

I faulted the FVS318G for not including VLAN support, so I'm glad to see the UTM10 has this covered with 802.1q VLAN capability in the UTM10.  Up to 255 different VLANs can be easily configured on the UTM10, and each VLAN can run a separate DHCP server for managing IP addresses on the end devices. 

The LAN ports on the UTM10 are assigned by default to VLAN 1.  I created VLAN 2 and assigned it to port 2 on the UTM, and set up the DHCP server to assign IP addresses on VLAN 2 in the 192.168.222.0 subnet.  To verify my configuration, I connected a PC to port 2, and indeed received an IP address in the 192.168.222.0 subnet instead of the UTM10's default 192.168.1.0 subnet.

A best practice for VoIP devices is to place them in a separate VLAN.  One reason for this practice is to apply Quality of Service (QoS) configurations to the VoIP traffic.  In my day job, I've found that prioritizing VoIP traffic can have a positive impact on call performance, specifically with problems like dropped calls.

The UTM10 has the ability to apply QoS priorities to VoIP traffic flows.  I created a QoS profile called VoIP and gave it high priority.  I then created a firewall rule so that all outbound traffic from VLAN 2, which has IP addresses between 192.168.222.1-254, would benefit from the VoIP QoS profile. 

VoIP QoS

Figure 4: VoIP QoS

VPN

The UTM10 offers three VPN options: SSL Client-to-Site tunnels; IPSec Client-to-Site tunnels; and IPSec Site-to-Site tunnels. I found the UTM10's VPN functionality and configuration options essentially the same as the VPN functionality in the FVS336G and the FVS318G.

The UTM10 supports up to 5 SSL Client-to-Site tunnels.  NETGEAR lists Windows 2000 / XP / Vista (32bit), and Mac OS X 10.4+ as supported operating systems for the SSL VPN Client.

The UTM10's SSL VPN is nearly identical to the the FVS336G's, with the exception that the UTM10 is easier due to a new SSL VPN configuration Wizard.  With this new wizard, I had no problem setting up an SSL VPN connection with a Windows XP Pro PC. 

Unchanged from the FVS336G, but worth repeating, is NETGEAR's SSL VPN options of Split Tunnel or Full Tunnel mode.  Split tunnel mode, the default, means SSL VPN clients will route only the traffic you specify over the VPN Connection based on the subnets on the UTM10 you specify.  Full tunnel mode means SSL Clients will route all traffic over the VPN Connection. 

Split tunnel mode requires a few more configurations, while Full Tunnel mode can result in slower client web surfing and/or greater bandwidth consumption of the UTM10's WAN connection.  Further, with the addition of VLAN capability to the UTM10, Split Tunnel mode has more utility, since it allows for configuring which VLANs will be accessible to SSL VPN clients.

The UTM10 also supports IPSec Client-to-Site tunnels.  I covered NETGEAR's IPSec client VPN functionality in my review of the FVS318G, and I found the UTM10's menus and configuration options the same as the FVS318G.

12/9/09: VPN Client correction

Our UTM10 sample wasn't in retail packaging, so didn't include a single NETGEAR IPsec client license. But product you buy will come with a single license.

Interestingly, the UTM10 doesn't include IPSec client software or licenses.  Obviously, NETGEAR is steering UTM10 customers toward the SSL client.  I agree with this direction, as the SSL client is easier to use and configure than the IPSec client on both the PC and router. 

The UTM10 supports up to 10 IPSec Site-to-Site tunnels.  As in my reviews of both the FVS336G and FVS318G, I had no problem setting up Site-to-Site tunnels to other NETGEAR devices, as well as to the recently reviewed SonicWall TZ100W, shown in Figure 5.  I set up the tunnel using 3DES encryption, but DES, AES-128, AES-192, and AES-256 encryption are also supported. 

Site-to-site VPN setup

Figure 5: Site-to-site VPN setup

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

A few things,First, I cant connect to my ISP's email server. They confirmed that it's not them and it's me. I've tested that theory by pinging the ser...
Wanted to try it first. I have a decent router, have two actually. Netgear R7800 and an Asus RT-86U. Not sure where I should post this as a result.Bot...
Wanted to try it first. I have a decent router, have two actually. Netgear R7800 and an Asus RT-86U. Not sure where I should post this as a result.Bot...
I have an Asus RT-AC66U with Tomato firmware v3.4-140 AIO-64k that turns off whenever I turn on band-width limiter. I have mutiple previous routers th...
Anyone know how to so this. Ports are getting locked and we're going nuts.

Don't Miss These

  • 1
  • 2
  • 3