DrayTek VigorPro 5510
Top value, masses of features, three years' anti-virus updates included, low annual subscription fees
With so many options available it can get complicated managing them all
A versatile UTM appliance for small businesses with plenty of standard features and very affordable security upgrades
The latest VigorPro products signal DrayTek's first move into the small business UTM appliance market, and its annual subscription fees look low enough to make it a cost-effective solution in the long run.
The VigorPro 5510 offers five Gigabit LAN ports plus a pair of Fast Ethernet WAN ports. The latter offer some interesting failover scenarios as both can be teamed up for policy-based load balancing or failover, or you can keep the second WAN port in reserve in case the primary link fails. Alternatively, you can let the appliance monitor your internet traffic and fire it up if levels breach a preset threshold.
You can also connect a USB 3G modem to the USB port at the front and use this as a standby internet connection, or even plug in a printer and share it over the network.
For live testing, we dropped the appliance behind the lab's internet connection, allowing it to look after our LAN systems. The box's web interface is a little basic but well designed, making it easy enough to navigate. A quick-start wizard helps you through initial configuration, where we provided a static IP address for our primary WAN port, although it also supports cable and DSL modems or point-to-point protocol over Ethernet connections.
In its base form, the 5510 is kitted out nicely, with a standard SPI firewall, anti-virus scanning, intrusion detection and prevention and support for 200 IPsec VPN tunnels. DrayTek is quite generous with the anti-virus measures, as the price includes a three-year subscription to signature updates for the vendor's own service. Not only that but you also get a one-year subscription to Kaspersky's SafeStream engine, which provides on-the-fly file scanning. You can only select one for scanning, with further annual subscriptions for SafeStream costing around £110, but even this isn't excessive.
You only get URL filtering included in the price, which allows you to manually create keyword lists and block or allow access to specific websites or domains. However, for an extra £25 per year for ten users you can beef this up with SurfControl's web content filtering. A new tab in the management interface will give you a choice of 40 web categories organised under four headings. You can have a variety of access policies in play at different times as up to eight profiles are supported, associated with time schedules. We have always been impressed with SurfControl's massive category database and it proved itself during testing as we blocked the games and gambling categories, Googled for online bingo sites and watched the appliance block access to every one we visited.
The device is very versatile as you decide what security features should be active by using custom filters. Each one can contain seven rules, which are applied to services, port ranges, inbound or outbound traffic, plus source and destination addresses. These determine what anti-spam, anti-virus, content filtering and intrusion protection measures are to be used and you can even decide on individual settings within each rule. Usefully, the appliance supports network objects which can be used to represent services, keywords or maybe IP address ranges.
The anti-virus engines can scan SMTP, POP3, IMAP, HTTP and FTP traffic and you can use up to eight profiles to decide which protocols should be checked and what you want done if an infection is found. Even controls for nuisance IM and P2P applications are on the main menu and are restricted using profiles. You can choose from a reasonable range of common offenders such as Skype, AIM, MSN and BitTorrent and tick the box to disallow them.
Cough up a modest £90 per year and you can add anti-spam to your arsenal. This is provided by CommTouch, without user limitations. Up to 16 profiles are used to decide whether POP3 and SMTP traffic is scanned but, as routing is not carried out, the appliance can't stop and quarantine dodgy messages. Instead, it can tag the message to be dealt with by rules at your mail server or client. We tested this component in a live environment for over a week and saw less than 15 per cent of spam slip past the appliance. It's not perfect, but at this price we're not complaining.
VigorPro 5510 sets a high standard for sheer value as the base price is affordable for small businesses and the annual subscriptions won't hurt your bank balance either. Upgrade options are extensive and we think the SurfControl and CommTouch web content filtering and anti-spam measures are well worth having.