Firewall or UTM?

Firewalls are meant to be a mechanism between devices limiting access.  When discussing hardware or network firewalls specifically or security appliances in general, the talk has changed over the years.  Firewalls, Proxy Firewalls, Next Generation Firewalls (NGFW),  Unified Threat Managers (UTM), they go by many names now but they shouldn’t be used interchangeably.

As the threat landscape evolved so did the security to mitigate it.  Now when someone refers to a firewall they are generally talking about one of two things, a Next Generation Firewall (NGFW) or a Unified Threat Management appliance (UTM).  The difference in these is pretty astounding.  NGFWs are a big step up from the packet filtering firewalls of yesteryear.  Most include features such as Denial of Service protection,  stateful packet inspection,  deep packet inspection, and many other connection oriented safeguards.  Beyond that many gateway security appliances add additional features.  Many people still call these firewalls, but really they are much more.  Depending on vendor this new class of appliance has been coined as a Unified Threat Management or Unified Threat Gateway appliance (UTM or UTG).   Most now are using UTM for the buzzword.

So what is the difference?  A UTM will provide all of the NGFW features but SHOULD also include multi-wan, web filtering, antivirus, intrusion prevention (not just detection), data loss prevention, application level filtering, functional logging and reporting capabilities, and connection filtering based on reputation.  There are several vendors that provide these features and more.  The UTM that we believe provides the best price/functionality/versatility/security is the Firebox series from WatchGuard.  While you can get similar feature sets from other vendors, WatchGuard seems to provide the most comprehensive UTM solution to all markets.

Now, a small home office can operate at the gateway with nearly the same capabilities as a Corporate office.  Of course there are many factors that can extend capabilities, but keeping it to a singular device WatchGuard shines.  The security features are the same across all models for the majority of features.  A few features are limited simply due to hardware limitations (ie T10 does not support the entire IPS database).  But it provides enterprise level border security to all sizes of business at a very affordable price point.

All WatchGuard firewall models are shipped by default with NGFW features enabled including thorough logging and reporting capabilities. When purchased as a UTM or upgraded the additional features are unlocked, and these include…..

  • Webblocker
  • SpamBlocker
  • Application Control
  • Reputation Enabled Defense
  • Botnet Protection
  • Intrusion Prevention Service
  • Antivirus
  • APT-Blocker
  • Data Loss Prevention (DLP)
  • Network Discovery
  • Threat Detection and Response
  • In depth logging and reporting as well as traffic visualization

If you have any questions about these features or how a UTM from WatchGuard can benefit your business, Upton Technologies can assist.  For more information on how a UTM fits into and benefits your network check out our Layering Security brief.


Ryan Stephens 

Senior IT Security Consultant at Upton Technology