Like other UTM devices, NETGEAR's UTM10 is a complex device with many configuration options. Overall, I found the menus intuitive and easy to work with, more so than other UTM devices I've reviewed. For reference, NETGEAR provides a 480 page manual accessible via the menu.
The UTM10's menus use the same structure as the FVS318G and FVS336G. The menu has nine main sections as listed in the left column of Table 1. Each main section has three to eight subsections. Each subsection has one or more tabbed configuration pages, for a total of over 80 different pages.
Table 1: Menu summary
At times I found myself waiting for the UTM10 to respond after applying a configuration or selecting a different configuration page. The delay wasn't significant, but it can be frustrating for a "high performance" network device to have a slow admin interface.
The LAN and WAN ports on the UTM10 support Gigabit Ethernet so I checked for jumbo frame support. The WAN port MTU value is only adjustable from 1-1500 bytes. Jumbo frames won't pass over the Internet, thus this feature is used to reduce the WAN MTU if necessary, such as for PPPoE connections.
The LAN ports' MTU value is not adjustable on the UTM10. I tested for jumbo frame capability anyway, and found the UTM10 will pass frames up to 1962 bytes, the same result I had on the FVS318G. As I stated in my review of the FVS318G, anything larger than 1500 bytes is a jumbo frame, but typical jumbo frame devices use frame sizes of 4000-9000 bytes.
I faulted the FVS318G for not including VLAN support, so I'm glad to see the UTM10 has this covered with 802.1q VLAN capability in the UTM10. Up to 255 different VLANs can be easily configured on the UTM10, and each VLAN can run a separate DHCP server for managing IP addresses on the end devices.
The LAN ports on the UTM10 are assigned by default to VLAN 1. I created VLAN 2 and assigned it to port 2 on the UTM, and set up the DHCP server to assign IP addresses on VLAN 2 in the 192.168.222.0 subnet. To verify my configuration, I connected a PC to port 2, and indeed received an IP address in the 192.168.222.0 subnet instead of the UTM10's default 192.168.1.0 subnet.
A best practice for VoIP devices is to place them in a separate VLAN. One reason for this practice is to apply Quality of Service (QoS) configurations to the VoIP traffic. In my day job, I've found that prioritizing VoIP traffic can have a positive impact on call performance, specifically with problems like dropped calls.
The UTM10 has the ability to apply QoS priorities to VoIP traffic flows. I created a QoS profile called VoIP and gave it high priority. I then created a firewall rule so that all outbound traffic from VLAN 2, which has IP addresses between 192.168.222.1-254, would benefit from the VoIP QoS profile.
Figure 4: VoIP QoS
The UTM10 offers three VPN options: SSL Client-to-Site tunnels; IPSec Client-to-Site tunnels; and IPSec Site-to-Site tunnels. I found the UTM10's VPN functionality and configuration options essentially the same as the VPN functionality in the FVS336G and the FVS318G.
The UTM10 supports up to 5 SSL Client-to-Site tunnels. NETGEAR lists Windows 2000 / XP / Vista (32bit), and Mac OS X 10.4+ as supported operating systems for the SSL VPN Client.
The UTM10's SSL VPN is nearly identical to the the FVS336G's, with the exception that the UTM10 is easier due to a new SSL VPN configuration Wizard. With this new wizard, I had no problem setting up an SSL VPN connection with a Windows XP Pro PC.
Unchanged from the FVS336G, but worth repeating, is NETGEAR's SSL VPN options of Split Tunnel or Full Tunnel mode. Split tunnel mode, the default, means SSL VPN clients will route only the traffic you specify over the VPN Connection based on the subnets on the UTM10 you specify. Full tunnel mode means SSL Clients will route all traffic over the VPN Connection.
Split tunnel mode requires a few more configurations, while Full Tunnel mode can result in slower client web surfing and/or greater bandwidth consumption of the UTM10's WAN connection. Further, with the addition of VLAN capability to the UTM10, Split Tunnel mode has more utility, since it allows for configuring which VLANs will be accessible to SSL VPN clients.
The UTM10 also supports IPSec Client-to-Site tunnels. I covered NETGEAR's IPSec client VPN functionality in my review of the FVS318G, and I found the UTM10's menus and configuration options the same as the FVS318G.
12/9/09: VPN Client correction
Our UTM10 sample wasn't in retail packaging, so didn't include a single NETGEAR IPsec client license. But product you buy will come with a single license.
The UTM10 supports up to 10 IPSec Site-to-Site tunnels. As in my reviews of both the FVS336G and FVS318G, I had no problem setting up Site-to-Site tunnels to other NETGEAR devices, as well as to the recently reviewed SonicWall TZ100W, shown in Figure 5. I set up the tunnel using 3DES encryption, but DES, AES-128, AES-192, and AES-256 encryption are also supported.