Safe alternative for the router - how to choose the right UTM?

UTM devices (Unified Threat Managment), or multi-functional hardware firewalls, are comprehensive solutions for network security. They can perform the same function as routers, providing access to the Internet, but at the same time allow for increased security, thanks to built-in anti-virus, anti-spam and access control systems. There are many models available on the market, differing in specification and purpose. Their versatility makes them increasingly popular, also among small and medium-sized companies. The Fortinet manufacturer's representative has prepared a handful of tips for novice administrators.

Efficiency and efficiency

The basic criterion when choosing UTM is its performance, which describes the firewall's throughput, expressed in Mega- or Gigabits per second. It means aggregated, or summed up data transmission speed of the whole system on all ports. In the simplest terms, the higher its value, the more users it will be able to handle. The IPS (Intrusion Prevention System) bandwidth, that is the intrusion prevention system and other security tools, is also important.

These values ​​depend primarily on the processor power, performance of the system architecture, as well as the network cards used. Manufacturers of equipment, to facilitate the selection of the device, often also give the maximum or recommended number of users who can use it. However, one must take the correction that these values ​​are usually purely indicative. It is worth considering not only current needs, but also network traffic in the next few years. This will allow you to choose a solution that has the right amount of performance.


UTM systems, depending on the purpose, are equipped with four to a dozen or so Ethernet ports. There are also models with additional sockets that allow you to expand them with WAN and LAN modules. However, the increasing use of virtual VLANs reduces the need for physical ports. Thanks to this, for example, DMZ (limited trust) zones for an e-mail server or WWW can be created using one physical Ethernet socket.

WAN, LAN, DMZ connectors and a dedicated interface for management are used as standard. When choosing, as in the case of efficiency, one should take into account the perspective of several years - it is assumed that it is optimal for 3 years. You can then decide on a system with an appropriate port surplus or modular, thanks to which we will be able to expand without having to exchange the whole cost.


UTM's complexity lies in the fact that in addition to firewall and VPN support, these systems also have additional features. The most important of them are anti-virus, anti-spam, anti-spyware and access control for selected websites. A device equipped with all these options should guarantee comprehensive protection of the network and computers connected to it.

Recently, you can also see the customers' demand for the function of reporting on the activity of users on the Internet, which complements address filtering. Leading suppliers already have the right solutions - Fortinet accomplishes this task using the FortiCloud portal or the external FortiAnalyzer solution. In the case of the need for more detailed statistics, including the collection of information on events, their aggregation, storage in the form of a log, analysis and presentation of applications, it will be reasonable to use SIEM systems.

Management and service

Configuration, management and current UTM support should be as simple as possible. This is particularly important in the case of basic models used in small companies that do not permanently employ IT specialists. Systems can be managed using three different solutions: the command line, web interface or a dedicated application.


Proven efficiency confirmed by independent certificates, the appropriate number of ports, high quality tools for security and intuitive management and service are the most important criteria for selecting UTM. In addition, it may be desirable to be able to expand with further elements, such as access points or tokens allowing two-factor authentication, which guarantee administrators that access to sensitive information will only be obtained by authorized persons.

Comprehensive network and computer protection solutions can be especially interesting for small companies that do not have the conditions to introduce complex, distributed tools. It is definitely worth paying attention to, especially now, when threats from cybercriminals are characterized by high intensity and affect virtually every industry.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.