Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

Reporting

The UTM10 has a wide array of reporting capabilities including log files, daily and weekly reports and security alerts.  I'm going to cover a few of them to give the general idea.    

I configured my UTM to send emails on all activity, and I got an email every day containing both the UTM10's service and system logs.  The service logs contained text entries regarding successful security database updates and sending of notifications.  The system logs contained text entries generated by traffic that is meant for the UTM, by traffic that is routed or forwarded through the UTM, and by running systems such as NTP and activity on the WAN interface.

I found the Daily and Weekly Reports generated by the UTM10 interesting.  The reports are sent in a zip file as an attachment to an email.  These reports provide hourly details on Web, Mail and System transactions, broken down by protocol.  For example, the Daily Web Report shows the hourly HTTP traffic counts as shown in Figure 10.

Daily Web Report

Figure 10: Daily Web Report

In the above report, you can see there were 762 HTTP connections between 18:00 and 19:00, using 3.346 MB of bandwidth.  During that same hour, 72 URLs were blocked by the UTM10. 

The daily report presents the data numerically and graphically.  In addition to the above data, there are graphs for each protocol by hour.  The corresponding HTTP graph to Figure 10 is shown in Figure 11.  As you can see, the high traffic hours depicted on this graph were 12:00 and 18:00.

HTTP traffic graph

Figure 11: HTTP traffic graph

SMTP and POP3 traffic is reported in the Daily and Weekly Mail reports in similar fashion.  An additional statistics report is available to examine highest traffic generating source and destination IP addresses.

Another reporting feature I found useful is the UTM10 is the Status screen.  Immediately presented when you log in and continuously available on the Monitoring-System Status menu is a useful dashboard presenting real time CPU, Memory and Disk utilization, the status of the Web and Email protocol monitors, and key licensing information for the security services, shown in Figure 12.

System status

Figure 12: System status

Another nice display within the UTM10 is the real-time security dashboard, updated every 30 seconds, which shows the running total of Email, Web, IM/P2P and Network events.  Figure 13 shows the numerical output of this dashboard.  This security dashboard on the UTM10 also provides graphical displays of threat types, counts of most recent and top threat types, and detailed statistics on each of the 6 key protocols monitored by the UMT10 (HTTP, HTTPS, FTP, POP3, SMTP, IMAP).

Real-time security dashboard

Figure 13: Real-time security dashboard

Lastly, there are five types of security alerts on the UTM10: Failure to Update; Malware Detected; Malware Threshold Exceeded; IPS Detected; and IPS Threshold Exceeded.  The Malware and IPS threshold alerts are configurable for the number of violations per time period.  The default is two Malware or IPS Attacks within 10 minutes will send an alert.  The Alerts are emails indicating the offending condition, such as the IPS Alert I covered in back in the Security – Network section.

Performance

I tested network throughput and VPN throughput on the UTM10 using jperf with its default settings as my TCP/IP throughput measurement tool.  I used two physical laptops with a measured minimum throughput of 310 Mbps as my endpoints.

Update 12/27/2009
In my original throughput tests, I left IM and P2P features enabled, which negatively impacts the UTM's throughput. Subsequently, I under-reported the UTM10's maximum throughput, which you can now see in the revised Table 2 is 76 - 96 Mbps with all filtering disabled.

I tested outbound (LAN-WAN) and inbound (WAN-LAN) network throughput with the UTM10's traffic filtering enabled and disabled.   I took four different throughput measurements: no UTM protection (All Off), just Intrusion Protection (IPS On), just Email/Web protection (Email/Web On), and finally with both Intrusion and Email/Web protection (All On).

Network throughput

Table 2: Network throughput

Table 2 shows that enabling all of the UTM10's bells and whistles knocks throughput down around 90%. But the 8 - 10 Mbps of remaining bandwidth should still handle many small business DSL and cable-based Internet connections. However, if you have fiber-based service, the UTM10 would not be a good choice.

I also tested VPN throughput over an IPSec Site-to-Site tunnel and over a SSL Client-to-Site tunnel.  I used the 3DES VPN tunnel between the UTM10 and the TZ100W I described earlier.  I tested VPN throughput in the same manner I tested network throughput, with no UTM protection (All Off), just Intrusion Protection (IPS On), just Email/Web protection (Email/Web On), and finally with both Intrusion and Email/Web protection (All On).  My VPN throughput results are in Table 3.

VPN throughput

Table 3: VPN throughput

The row labeled S2S VPN in Table 3 shows my throughput results over the  IPSec Site-to-Site tunnel. while the row labeled SSL VPN shows my throughput results over the SSL Client-to-Site tunnel.

The results show a 70% throughput reduction in the IPsec tunnel with all UTM features enabled and a 45% drop with an SSL client connection.

What's the takeaway here?  With all security features enabled, expect 8 -10 Mbps throughput to and from the Internet.  Further, with all security features enabled, expect about 5 - 6 Mbps throughput over a Site-to-Site IPsec VPN tunnel and about 4 - 5 Mbps throughput over an client SSL VPN tunnel.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

had a share problem but figured it out. all better now.wish there was a way to delete this post
Before anyone says "what could you need 10GbE for anyway", I will say that I do not need 10GbE, but I do need more than 1GbE. So, I am looking for opt...
I’m not sure if this is the correct forum so, mods, please move if needed. My situation is that we about to get the NBN FTTN / VDSL2+ via iiNet and I’...
I have always used RDP to remotely connect to an internal machine at my home 192.168.1.3 using OpenVPN remotely, but recently I have not been able to ...
I have an RT-86U and because of various reasons ended up starting to use Merlin on it. Works ok'ish but lately I haven't been able to add anymore DHCP...

Don't Miss These

  • 1
  • 2
  • 3