What is it?

A unified Threat Management device is the swiss army knife of network security products. They are generally marketed toward the SMB market and include features such as firewall, IPS and VPN.

Wait, isn’t that a NGFW?

Well why have one buzz word when you can have two. The UTM in my opinion builds on the NGFW base, but they also tend to throw in as many other services as they can fit such as web content filtering services, WAF, antivirus, Load Balancing, Secure e-mail management services, wifi management the list goes on. That said the lines between NGFW and UTM are blurry to say the least and I think that’s just the way marketing teams like it.

Why pick a UTM?

Some UTM vendors tend to get a bit carried away with feature consolidation and overall system capabilities. Quite simply consolidating several services into a single device does not come without its compromises. More features means more things can go wrong, which increases your failure domain, so should a single feature fail you could end up with unanticipated downtime. In certain cases the marketed features can sometimes feel as though they have been added in simply to check a box, which in the real world leave gaping holes where expected functionality simply does not exist. In the long run this can be both infuriating and costly.

That said the benefits of a single management device with intuitive configuration and embedded reporting can make a UTM device worth every penny in the right environment.

I have listed the most popular UTM vendors below with a brief summary noting the key features they offer and which models I would consider suitable for a SMB environment. Although many of the vendors would keenly point out that they can scale up to Data Center grade devices with all the features. The reality is most small to mid-size companies do not have more than a 1Gbps Internet connection and large companies will have dedicated security teams and generally not want to risk putting all of their eggs in one basket.

Information regarding Enterprise Firewalls and models I would consider suitable for large businesses are included in a separate post.


Gartner Magic Quadrant for Unified Threat Management’s regular front runner.

Key Features: Firewall, VPN, IPS, Application Control, Web/ Content filtering, AntiMalware/ AntiVirus /AntiSpam, ATP, Integrated Wireless LAN controler

Notable Missing Features: reverse proxy is available, but as a separate product

Notable Models:

  • Fortigate 30
  • Fortigate 60-90 Series

More information: http://www.fortinet.com/products/fortigate/unified-threat-management.html


Checkpoint have always been feature rich and as with Fortinet almost all products can be classed as UTM if you purchase the appropriate software. To that end just like Fortinet they haven’t listed specific models being “UTM” So for the purposes of this post, I have classed Checkpoints Small Business and Small Branch Office Security Appliances as UTM.

Key Features: Firewall, VPN, Advanced Networking & Clustering, Identity Awareness & User Awareness, IPS, Application Control, URL Filtering, Antivirus, Anti-Spam and Email Security

Notable Models:

  • 600 Appliance
  • 1100 Appliance
  • 2200 Appliance

More Information: https://www.checkpoint.com/products-solutions/next-generation-firewalls/small-business-firewall/index.html


The Sophos UTM has steadily evolved over the years based on the companies they have purchased. The UTM 9, based on the Astaro Security gateway had a good following and is still supported by Sophos, but they have upgraded their latest product to encompass their Cyberoam acquisition of early 2014 with the XG Firewall series. Sophos has 14 physical appliances of the XG from desktop through to data center. as well as virtual appliances for Hyper-V, VMware and Citrix.

Key Features: Firewall, IPS, Anti-malware, Host Protection, Botnet protection, WAF, VPN, URL Filtering, Antivirus, Anti-Spam and Email Security, wireless controller, QoS, HTTPS scanning, Web Cache Proxy

Notable Models:

  • XG Desktop Series
  • XG Series 1U

More Information: https://www.sophos.com/en-us/products/next-gen-firewall.aspx


Dell purchased SonicWALL back in 2012 and retained the SonicWALL brandname. The SonicWALL range does extend from small to large systems but the TZ Series is their flagship UTM solution.

Key Features: Firewall, IPS, Antivirus, DPI, Content Filtering, Anti-Spam, NAT, QoS

Notable Models:

  • TZ300
  • TZ400
  • TZ500
  • TZ600

More Information: http://www.sonicwall.com/products/sonicwall-tz/


Meraki MX, is probably the closest Cisco come to offering a UTM. The ASA product line is a good firewall and FirePOWER certainly improves their standing with IPS. however they do seem to fall short of most of the UTM features expected in a one device to rule them all scenario.

The Meraki MX has great potential and the cloud based management has certainly been a huge hit with wireless, sadly however the MX range does lack most of the features present with other UTM solutions. Also their pricing model can be a turn off for many businesses.

Key Features: Firewall, IPS, VPN, Content Filtering, Anti-Phishing/ Anti-Malware

Notable Models:

  • MX64W
  • MX84
  • MX100
  • MX400
  • MX600

More Information: https://meraki.cisco.com/products/appliances


Keen to point out that they like the NGFW and UTM comparison blurry, they offer two separate ranges under the UTM banner, both the Firebox and XTM range which also includes a virtual appliance

Key Features: Firewall, IPS, Antivirus, Anti-Spam, Content Filtering, Application Control, Reputation based filtering

Notable Models:

  • Firebox T and M Range
  • XTM Series

More Information: http://www.watchguard.com/wgrd-products/utm/overview

About Stephen Ransome

Stephen Ransome is an IT consultant and network nerd with experience ranging from SMBs to Service Providers, he has a passion for learning new technologies and delivering solutions that count. He has some alphabet soup, including CCIE#41102 and is far more cynical than he should be.