Home Page


Firewall Topics

Application Control

Application Layer Filtering

Firewall Authentication

High Availability, Failover, RAID, Clustering, & Redundancy

IPS & IDS Systems

Load Balancing & Link Balancing


Network Firewall Buyers Guide

Next-Gen vs UTM

Packet Filtering

Parental Control

Perimeter Network or DMZ

Personal or Hardware Firewall?

Ports Protocols and IP Addresses


Stateful Packet Filtering



What is a Firewall?

Which Network Firewall?

Zero Day Protection



All in one Firewalls - UTM Appliance



What is UTM (Unified Threat Management)

UTM is just another name for an all in one security appliance. A UTM appliance will consist of a firewall as well as other key security features such as spam filtering, web filtering, anti-virus, anti-spyware, anti-phishing, IPS/IDS, DOS and DDOS protection, Application filtering, Network Access Control, VPN's and so on.

When the use of internet started rising and become an everyday need for many businesses and companies, so did the concerns for network security. This is when traditional firewalls and anti-virus packages became a mandatory need. As the years have rolled on, firewalls and anti-virus still very much at the heart of network and internet security have become just part of the solution. A firewall will filter on ports, protocols and connection states. If allowed, the traffic will filter through, and if denied the traffic is dropped. An anti-virus scanner will scan for viruses and either quarantine or delete if found.

However today there are many other advanced threats in which most are developed to fool firewalls and anti-virus filters. Therefore over the years as new advanced threats have emerged, so has the advanced techniques in combating these threats which go way beyond just a firewall and an anti-virus scanner.

Here is a list of the common security protection needed in combating such threats;

IPS/IDS (Intrusion Prevention/Detection System)

Zero Day Protection

DOS and DDOS (Denial of Service and Distributed Denial of Service)

Application Proxy Filtering on the application layer

Spam filtering

URL filtering



Rootkit protection

DLP (Data Leakage Prevention)

Application control



The need for so many security features in one box resulted in the terminology UTM appliance. A UTM (Unified Threat Management) appliance is basically a firewall and many other security features all in one appliance. The Watchguard and Fortinet appliances mentioned in my network firewall recommendations are an example of UTM appliances.

UTM appliances are ideal for small to medium sized businesses. Rather than purchasing an anti-spam appliance, URL filter software, Firewall, IPS appliance, etc, they could just opt for an all in one with a UTM appliance which would save them lots of money.

However a larger, enterprise network would benefit more from dedicated appliances. Dedicated appliances give more granularity, control, and more processing power just to concentrate on a particular aspect. For example a company with inbound and outbound mail flow of around 20,0000 a day would require a dedicated SMTP appliance, with a dedicated administrator maintaining the appliance. A UTM appliance would usually not be suitable or capable for this type of mail flow.

Another reason in which a company may decide to purchase dedicated appliances or dedicated software for a particular job, for example a web filter, is because dedicated appliances are always much better equipped and have more powerful rules and granular settings to look after that particular threat. So a web filter program within a UTM firewall will never have as many settings and is as powerful as a dedicated web filter, designed and produced just to look web/url filtering.

Lastly, when using all and every feature a UTM firewall has to offer, this has a massive impact on the UTM firewall's performance. It is capable of only a small fraction of what it would be capable of if the UTM feature were disabled. This is another reason a company may purchase a dedicated appliance. They may already have a UTM firewall, which is looking after traditional firewall features and VPN, so rather than turning on a UTM feature such as the spam features for example which would have a performance hit on the appliance, they may just purchase a separate anti-spam appliance, looking after their emails for spam and viruses.

For further reading, there's some excellent electronic ebooks available for download from eBooks.com