Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

Reporting

The UTM10 has a wide array of reporting capabilities including log files, daily and weekly reports and security alerts.  I'm going to cover a few of them to give the general idea.    

I configured my UTM to send emails on all activity, and I got an email every day containing both the UTM10's service and system logs.  The service logs contained text entries regarding successful security database updates and sending of notifications.  The system logs contained text entries generated by traffic that is meant for the UTM, by traffic that is routed or forwarded through the UTM, and by running systems such as NTP and activity on the WAN interface.

I found the Daily and Weekly Reports generated by the UTM10 interesting.  The reports are sent in a zip file as an attachment to an email.  These reports provide hourly details on Web, Mail and System transactions, broken down by protocol.  For example, the Daily Web Report shows the hourly HTTP traffic counts as shown in Figure 10.

Daily Web Report

Figure 10: Daily Web Report

In the above report, you can see there were 762 HTTP connections between 18:00 and 19:00, using 3.346 MB of bandwidth.  During that same hour, 72 URLs were blocked by the UTM10. 

The daily report presents the data numerically and graphically.  In addition to the above data, there are graphs for each protocol by hour.  The corresponding HTTP graph to Figure 10 is shown in Figure 11.  As you can see, the high traffic hours depicted on this graph were 12:00 and 18:00.

HTTP traffic graph

Figure 11: HTTP traffic graph

SMTP and POP3 traffic is reported in the Daily and Weekly Mail reports in similar fashion.  An additional statistics report is available to examine highest traffic generating source and destination IP addresses.

Another reporting feature I found useful is the UTM10 is the Status screen.  Immediately presented when you log in and continuously available on the Monitoring-System Status menu is a useful dashboard presenting real time CPU, Memory and Disk utilization, the status of the Web and Email protocol monitors, and key licensing information for the security services, shown in Figure 12.

System status

Figure 12: System status

Another nice display within the UTM10 is the real-time security dashboard, updated every 30 seconds, which shows the running total of Email, Web, IM/P2P and Network events.  Figure 13 shows the numerical output of this dashboard.  This security dashboard on the UTM10 also provides graphical displays of threat types, counts of most recent and top threat types, and detailed statistics on each of the 6 key protocols monitored by the UMT10 (HTTP, HTTPS, FTP, POP3, SMTP, IMAP).

Real-time security dashboard

Figure 13: Real-time security dashboard

Lastly, there are five types of security alerts on the UTM10: Failure to Update; Malware Detected; Malware Threshold Exceeded; IPS Detected; and IPS Threshold Exceeded.  The Malware and IPS threshold alerts are configurable for the number of violations per time period.  The default is two Malware or IPS Attacks within 10 minutes will send an alert.  The Alerts are emails indicating the offending condition, such as the IPS Alert I covered in back in the Security – Network section.

Performance

I tested network throughput and VPN throughput on the UTM10 using jperf with its default settings as my TCP/IP throughput measurement tool.  I used two physical laptops with a measured minimum throughput of 310 Mbps as my endpoints.

Update 12/27/2009
In my original throughput tests, I left IM and P2P features enabled, which negatively impacts the UTM's throughput. Subsequently, I under-reported the UTM10's maximum throughput, which you can now see in the revised Table 2 is 76 - 96 Mbps with all filtering disabled.

I tested outbound (LAN-WAN) and inbound (WAN-LAN) network throughput with the UTM10's traffic filtering enabled and disabled.   I took four different throughput measurements: no UTM protection (All Off), just Intrusion Protection (IPS On), just Email/Web protection (Email/Web On), and finally with both Intrusion and Email/Web protection (All On).

Network throughput

Table 2: Network throughput

Table 2 shows that enabling all of the UTM10's bells and whistles knocks throughput down around 90%. But the 8 - 10 Mbps of remaining bandwidth should still handle many small business DSL and cable-based Internet connections. However, if you have fiber-based service, the UTM10 would not be a good choice.

I also tested VPN throughput over an IPSec Site-to-Site tunnel and over a SSL Client-to-Site tunnel.  I used the 3DES VPN tunnel between the UTM10 and the TZ100W I described earlier.  I tested VPN throughput in the same manner I tested network throughput, with no UTM protection (All Off), just Intrusion Protection (IPS On), just Email/Web protection (Email/Web On), and finally with both Intrusion and Email/Web protection (All On).  My VPN throughput results are in Table 3.

VPN throughput

Table 3: VPN throughput

The row labeled S2S VPN in Table 3 shows my throughput results over the  IPSec Site-to-Site tunnel. while the row labeled SSL VPN shows my throughput results over the SSL Client-to-Site tunnel.

The results show a 70% throughput reduction in the IPsec tunnel with all UTM features enabled and a 45% drop with an SSL client connection.

What's the takeaway here?  With all security features enabled, expect 8 -10 Mbps throughput to and from the Internet.  Further, with all security features enabled, expect about 5 - 6 Mbps throughput over a Site-to-Site IPsec VPN tunnel and about 4 - 5 Mbps throughput over an client SSL VPN tunnel.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hi folks,Just to let you know that I've finally decided to migrate the Wiki from the old legacy repo to the current NG repo.https://github.com/RMerl/a...
Hello I'm hoping for some advice I flashed RT-AC86U_384.15_0 & factory reset after.I did not re-import any sort of settings I set it all up from 0 new...
Hello!I have just bought an asus AC1900U to substitute my provider router (Moivistar, triple VLAN config).I'm very happy with it. Amazing wifi reach a...
I need a new modem but do not need a built in wifi on it because I want to use my wifi router as a AP only; so just need a modem and wired router - is...
Hello. I have an ax88u as the main router and am looking for an Aimesh node. I'm considering either an ac86u or an ax88u. Which one should I choose? I...

Don't Miss These

  • 1
  • 2
  • 3