Because the STM600 sits in-line for all traffic, whether HTTP or not, we ran performance tests to see how well it would behave under load. Running typical loads through the STM600 with antimalware (but without URL filtering), we saw our system max out at 100% CPU around 33Mbps. With HTTPS traffic, the STM600 was about 15% slower, decrypting, scanning and re-encrypting at about 28Mbps. Those speeds are fast enough for a typical small business Internet connection. However, if you have bulk traffic in your network, such as backups, it would be better to avoid sending that through the STM600, or make sure that you've configured the STM600 not to scan that traffic based on port number or IP address.
Our most significant criticism of the STM600's design as a Web security gateway is that it requires the network manager to know ahead of time all the TCP port numbers used to host malware. While most Web traffic is running on Port 80 (or 443 for encrypted traffic), someone hosting malware on Port 81, for example, would be able to fly right by the STM600.
Although the STM600 doesn't match the feature set and flexibility of some of the high-end Web security gateways from vendors such as Bluecoat, Cisco, and Trend Micro, it has a robust and solid design appropriate to midsized and small businesses.
By making a serious attempt to match the Web security needs of small businesses, Netgear has created a product that sits between the relatively spare feature set of the UTM firewall and the expensive depth of enterprise-class Web security gateways. The STM600 gives network managers an excellent option to add Web security at a reasonable price with minimum risk.
Snyder is also a member of the Network World Lab Alliance, a cooperative of the premier reviewers in the network industry each bringing to bear years of practical experience on every review. For more Lab Alliance information, including what it takes to become a member, go to www.networkworld.com/alliance.