Features, benefits and performance impact
UTM products come with a variety of security and networking features. Understanding the benefits
and tradeoffs of these features is crucial to getting the maximum security benefit without unnecessary
performance degradation.
BENEFITS
PErFOrMaNcE
IMPacT
rEcOMMENdaTIONS
WAN opt
Minimizes latency, reduces
amount of traffic between
sites
High
Use only between sites that have high latency (>50ms) and low
bandwidth (< 5 mbps). Use split-tunnel VPN and enable WAN opt only
for specific hosts and ports
Anti-virus /
anti-phishing
Provides flow based
protection for Web traffic
(port 80).
High
Consider disabling for guest VLANs and using firewall rules to isolate
those VLANs. Also consider disabling AV/anti-phishing if you run a full
AV client on host devices.
IDS / IPS
Provides alerts / prevention
for suspicious network
traffic
High
Consider not sending IDS/IPS syslog data over VPN in low-bandwidth
networks.
VPN
Secure, encrypted traffic
between locations
Medium
Use split-tunnel VPN and deploy security services at the edge.
Web caching
Accelerating access to Web
content by caching locally
Medium
Ideal for repetitively accessing heavy multimedia content frequently
for low bandwidth networks. Not recommended for high bandwidth
networks. Please note that YouTube doesn’t support web caching.
Content filtering
(top sites)
Category based URL
filtering using locally
downloaded database
Low
Choose this option if your priority is speed over coverage.
Content filtering
(full list)
Category based URL
filtering using the full
database hosted at
Brightcloud.com
Medium
Choose this option if your priority is 100% coverage and security.
Web browsing will be slightly slower at the beginning but will improve
as more and more URL categories are cached.
Web safe-search
Turning Google / Bing safe-
search option on
Low
Must be deployed in tandem with “disable encrypted search” option
to be effective.
Blocking
encrypted
search
Disabling Google / Bing
searches via https (port
443), allowing Web safe-
search enforcement
Low
Must be deployed in tandem with “Web safe-search” to be effective.
Requires a DNS setting modification, otherwise will also break
Google apps. Check Meraki knowledge base for more.
Cisco Systems, Inc. | 500 Terry A. Francois Blvd, San Francisco, CA 94158 | (415) 432-1000 | [email protected]
4