Even when they advertise UTMs, most vendors talk about firewall performance (Unified Threat Management Systems). There’s a simple distinction between a UTM and a firewall. A firewall merely conducts stateful traffic monitoring, whereas a UTM proactively prevents attacks even on approved ports because it provides the all-important IPS (Intrusion Prevention System). This ensures that even if traffic to such facilities is approved, traffic is constantly reviewed for malicious attacks. In other words, also on open ports, the IPS avoids hacker attacks,.
A UTM is installed with the basic objective of supplying the network with greater security. That implies that the IPS should still be on and running. By design, however, the IPS is switched off and only firewall performance on a UTM is spoken about by vendors. What is the realistic use of the firewall performance on a UTM if the IPS is not activated? Firewall+IPS throughput is a much more realistic measure of UTM throughput. When calculating UTM throughput, this is the most relevant criterion. Because, while providing maximum security, it effectively relays how fast the device functions.
But unfortunately, in the pre-UTM days, most sellers are already trapped. What they did was take an existing firewall and on top of that slap an IPS. But as the IPS was almost an afterthought, when IPS is allowed, there is a huge loss in throughput. Reluctant to advertise that, they only highlight the performance of the firewall, which on a UTM is entirely meaningless. In particular, some vendors, such as Fortinet, have a 90% loss in performance when IPS is allowed (eg: Fortigate 310B – throughput falls from 8 Gbps to 800 Mbps when IPS is enabled).
Contrast this with the methodology of NetASQ. Firewall + IPS throughput, never firewall alone, is still UTM throughput on Netasq. The IPS is still on, providing better security of the network, and with IPS on, there is a 0 percent efficiency loss on NETASQ. When talking about its UTM computers, NetASQ still tests the firewall + IPS throughput.
Thanks to the simple fact that its IPS engine (ASQ – Active Security Qualification) is installed within the UTM operating system kernel, NetASQ is able to deliver this groundbreaking appraoch to IPS. This provides it with twin benefits-first, the IPS engibe is still on and second, with IPS on, there is no reduction in throughput. That means that with IPS on, 100 percent efficiency is preserved. The IPS engine is a different module that sits on top of the operating system with other manufacturers, taking more energy and leading to lower speed and lower performance.