All of the UTM products handle inbound intrusion scanning, with some of them, such as Astaro and Juniper, scanning for both network behavior patterns as well as checking for specific packet signatures as traffic comes across their interfaces. But some of the UTM products also scan outbound traffic for potential attacks, such as the products from Secure Computing, Internet Security Systems (ISS is owned by IBM) and Sonicwall.
5. What is the target throughput range of your Internet connection?
UTM products come in various sizes to match the expected throughput and traffic profiles of their connection. And as we said earlier, the more services that are enabled, the lower the overall performance. Some models, such as those from Juniper and ISS, have expansion slots where you can add network processors and extra memory as your traffic increases. Others have less flexibility, meaning that you will need to completely replace them with a new box. And obviously, the more demanding traffic needs, the more you will have to pay.
6. Do you presently own firewalls from CheckPoint, Juniper, Cisco or others?
If your headquarters firewalls are from these three vendors, you need to examine how important is it to stick with the same vendor when it comes to deploying UTM boxes in your branch offices. None of these three vendors offer the best-of-breed UTM appliance that can be found from Fortinet, Sonicwall, and ISS. However, all three offer management tools that can configure and view a range of products, so if you have already invested a significant amount of training in these products then learning about the UTM features isn't as much of a stretch. It comes down to a tradeoff between training and level of protection offered.
7. Do you have multiple administrators from different departments?
If you have a group of network administrators that need to concurrently manage the UTM box, then you should consider products from Astaro, Fortinet, or Juniper. All three allow multiple people to view and post configuration changes concurrently. Other products generally only allow a single administrator to make changes, which can get dicey if two (or more) people are connected at the same time.