Verdict

”’One year subscriptions: content filtering for 10 users, £30; anti-spam (unlimited users) £105 (inc. 17.5% VAT)”’

Security appliances are a great idea for smaller businesses as they offer a simple drop-in solution that can protect your entire local network. These UTM (unified threat management) boxes provide a full range of security services, but although initial costs can look very reasonable many incur high yearly subscription charges, which reduce their value in the long term. Draytek aims to buck the trend as its latest VigorPro 5510 offers the full gamut of security measures but only asks modest yearly subscription fees.

The starting price includes an SPI firewall, support for 200 IPsec VPN tunnels, gateway anti-virus scanning plus intrusion detection and prevention. Two virus scanning choices are available as you get Draytek’s scanner as standard and three year’s worth of signature updates are included in the price. You also get a one year subscription to Kaspersky’s SafeStream engine, which provides on the fly file scanning. This can be used instead of Draytek’s scanner although it will incur subsequent yearly subscription fees of around £130 inc.VAT.

For web access controls the base price includes simple URL filtering but this can be augmented with full web category filtering, which comes courtesy of the mighty SurfControl. Costing around £30 inc. VAT per year for ten users this looks top value as SurfControl is one of the best services on the market. Next up is anti-spam, which is provided by CommTouch and adds a further £105 inc. VAT to the yearly bill but this has no user limitations.


The 5510 offers a quintet of Gigabit LAN ports teamed up with a pair of Fast Ethernet WAN ports. Four options are provided for your Internet connection as the two WAN ports can be joined together for failover or policy based load balancing. Alternatively, the second WAN port can be used as a standby connection in case the primary link fails or you can activate it only when traffic levels peak. The USB port at the front offers more options as you can network a printer from the appliance or use a USB 3G modem as the secondary WAN connection.

We found installation easy enough and used the appliance to front the lab’s Internet connection and protect all our client systems on the test LAN. Draytek’s web interface is well designed and intuitive and kicks off with a quick start wizard that takes you though defining your Internet connection. We opted for a static IP address on the primary WAN port but both of them can also support PPPoE along with cable or DSL modems. If you add a USB 3G modem you select this option for the WAN port and add your account details. You can then set the connection to be activated if the primary WAN link fails.

There’s a lot more to the appliance’s firewall than just stateful packet inspection as it is used to apply a range of custom filters and determine what anti-virus, anti-spam, intrusion protection and content filtering settings are applied. Filters are particularly versatile as each one can contain up to seven rules applied to selected services, port ranges, source and destination addresses, plus inbound or outbound traffic. To make life easier objects can be created for network address ranges, services and keywords and then used in rules to define groups such as departments. It could get complicated but you can even specify individual anti-virus, anti-spam and intrusion prevention profiles to be used within the rule.

For anti-virus measures up to eight profiles are supported with each one defining whether SMTP, POP3, IMAP, HTTP and FTP traffic should be scanned and what action should be taken if an infection is spotted. For anti-spam you have sixteen profiles where each defines POP3 and SMTP traffic scanning, tags for spam and bulk messages and black and white lists of keywords. Note that the appliance can only tag suspect messages, which will then need to be dealt with locally by rules in your email client. Anti-spam performance was pretty good as after running in a live environment for a week we saw it handle spam with an 85 per cent success rate.

(centre)”’Virus and intrusion protection signatures can be scheduled for regular downloads.”’(/centre)

For basic URL filtering you create lists of keywords and decide whether to block or allow access. It gets far more interesting with SurfControl in the mix as this offers over forty categories grouped under four main headings. You choose which ones you want to block and with up to eight profiles to hand you can create an extensive range of web access policies. These can also be associated with a time schedule object but it’s a tad tricky as this must be done within a filtering rule. SurfControl showed its mettle during testing as with the games and gambling categories blocked we tried to visit over forty on-line bingo sites and were stopped from accessing every one.

”’Verdict”’

Draytek is offering a UTM appliance that’s very affordable for smaller businesses looking for a complete gateway security solution that won’t sting them with high yearly subscription rates. It’s easy enough to install and configure, performed extremely well during testing and the firewall filtering features make it extremely versatile.

”’
(centre)The two WAN ports can be configured for a variety of load balanced or failover scenarios.

—-

(centre)The 5510 even offers facilities for blocking access to popular IM and P2P apps.

—-

(centre)With SurfControl at the helm web content filtering doesn’t get much better.

—-

(centre)Anti-spam measures can be applied to POP3 and SMTP and proved to be a good performer during testing.

—-

Trusted Score