We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Storage Devices Reviews
15,577 Reviews

Netgear ProSecure STM600 review

£3093.89 inc VAT

Manufacturer: Netgear

Our Rating: We rate this 4 out of 5

The Netgear ProSecure STM600 security appliance takes on small-to-midsize business stalwarts such as Fortinet and Barracuda by including antispam, antimalware, and web content filtering in a single unit that offers easy deployment and budget-preserving pricing.

The Netgear ProSecure STM600 security appliance takes on small-to-midsize business stalwarts such as Fortinet and Barracuda by including antispam, antimalware, and web content filtering in a single unit that offers easy deployment and budget-preserving pricing.

We tested the Netgear ProSecure STM600, the high-end appliance Netgear started shipping in November, and found that it does an adequate job of blocking what you don't want, while making a minimal intrusion into your network.

The Netgear ProSecure STM600 combines two main functions in a single appliance. First is email protections, including antispam and antimalware, as well as some content filtering. Second is web and FTP client protections, including antimalware and content filtering.

The Netgear ProSecure STM600 has an easy-to-use web-based interface, and a separate out-of-band management port, which is a nice feature. In general, most network managers will be able to configure the STM600 in just a few minutes.

The email protection features work on SMTP, POP3 and IMAP4 protocols. You identify what ports you're running these three protocols on, and then define a fairly simple policy on how to handle traffic.

Web protection is slightly more sophisticated. You start with the same configuration: define what ports you run HTTP, Secure-HTTP and FTP on, then say which policies will apply. The Netgear ProSecure STM600 supports malware scanning, content filtering (such as blocking .EXE files or online shopping sites), URL filtering with your own block/allow lists of URLs and sites, application filtering for a list of about 18 common applications, such as BitTorrent, GoToMyPC, and Yahoo Messenger, plus man-in-the-middle HTTPS scanning.

The Netgear ProSecure STM600 also allows HTTP users to authenticate themselves using a Web page, and you can use this authentication to apply exceptions to your basic policy.

Netgear ProSecure STM600: inline ins and outs

The Netgear ProSecure STM600 acts as a "bump in the wire", meaning that it sits transparently in your network, doing its job, without any additional configuration of your web clients, mail servers or DNS. That's quite a departure from other products in this space, which usually act as separate email servers or web proxies.

The advantage is that you don't have to touch anything. But there are also disadvantages. The most obvious is that now the Netgear ProSecure STM600 is sitting "inline" in your network, controlling all traffic. If the STM600 locks up or otherwise starts misbehaving, everything can slow down or be cut off entirely.

Netgear partially works around this by putting fail-open ports on the STM600, which let traffic pass through untouched if the Netgear ProSecure STM600 loses power. We tested this and found that the STM600 is only "mostly" transparent. Both when we power-cycled it, and when it rebooted, we had to clear ARP caches before communications would resume. You've got to be comfortable putting another device in the critical path between your network and the internet to consider this approach.

Another unusual part of the Netgear ProSecure STM600 configuration is that you don't really make it aware of IP addresses, only ports to scan. This means that, by default, the STM600 will scan traffic to every IP address on the ports you list. That can be a benefit, or it could cause mysterious network problems if you don't realize that even your test lab is being filtered. Fortunately, there is a way to exclude specific IP addresses or subnets from scanning.

NEXT: baby steps in email security >>

Netgear ProSecure STM600 Expert Verdict »
Bundled Services: 3 years web, 3 years email, and 3 years Software Maintenance and Upgrades, 24/7 Support, and Advanced Replacement
426x500x440mm
8.2kg
5 ports
Connectivity Technology: Wired
Data Link Protocol: Ethernet, Fast Ethernet, Gigabit Ethernet
Network/Transport Protocol: SMTP, FTP, POP3, IMAP
Remote Management Protocol: HTTP, HTTPS
Performance: HTTP Throughput: 239 Mbps SMTP Throughput: 960000 emails per hour
Capacity: Concurrent users: up to 600 Concurrent connections: 4000
Features: VLAN support, content filtering, anti-spam protection, anti-malware protection
Expansion/Connectivity
5xnetwork, Ethernet 10Base-T/100Base-TX/1000Base-T, RJ-45 1xmanagement, RS-232, 9 pin D-Sub (DB-9) 1xmanagement, RJ-45
1xnetwork cable
Compliant Standards: CE, UL, C-Tick, VCCI Class A ITE, RoHS, FCC Part 15 A
AC 120/230 V (50/60Hz)
  • Overall: We give this item 8 of 10 overall

By making a serious attempt to match the web security needs of small businesses, Netgear has created a product that sits between the relatively spare feature set of the UTM firewall and the expensive depth of enterprise-class web security gateways. The Netgear ProSecure STM600 gives network managers an excellent option to add web security at a reasonable price with minimum risk.

There are currently no price comparisons for this product.
  • Draytek VigorPro 5500 network-security device

    Draytek VigorPro 5500 network-security device

    No longer is a firewall enough to keep the bad guys from your network; security devices such as the Draytek VigorPro 5500 now have to offer Unified Threat Management – a one-stop shop that provides firewall protection plus antispam, antivirus (AV), anti-intrusion, virtual private network (VPN) support and web-content filtering.

  • Netgear N600 WNDR3800 review

    Netgear N600 WNDR3800

    Netgear's N600 Wireless Dual Band Gigabit Premium Edition (WNDR3800) wireless router has a comprehensive feature-set and good ease of use. It's a dual-band router that can reach wireless speeds up to 300Mbps, and it offers a long wireless range and good reliability. You also get useful built-in NAS and "cloud" functionality so that you can more easily share and access your data.

  • STM Scout laptop bag review

    STM Scout laptop bag

    Laptop shoulder bag for that army surplus look.

  • Agnitum Outpost Pro Security Suite 2008

    Agnitum Outpost Pro Security Suite 2008

    Probably best known as a firewall author, Agnitum has revamped its security bundle, Agnitum Outpost Pro Security Suite 2008 - with mixed results.

  • D-Link DIR-600 review

    D-Link DIR-600

    The D-Link DIR-600 is a wireless router for a small house or apartment. It has a 150Mbps, 802.11n wireless access point, a 4-port 10/100 Ethernet switch, as well as a built-in firewall and filtering settings. You'll have to supply your own modem.


IDG UK Sites

Sony PlayStation 5 release date, price and specs UK: When is the PS5 coming out?

IDG UK Sites

New Apple TV release date rumours, features: 'new Apple TV next week' rumour

IDG UK Sites

Mobile email is powerful and useful - but also hopelessly intrusive

IDG UK Sites

How the Oculus Rift VR headset is helping train the surgeons of tomorrow