[Review] Smoothwall SWG UTM1000
Just a quick review of the Smoothwall UTM1000 we recently purchased and installed on our network.
The box we received looked good, seemed to be powerful enough but was VERY noisy. For those of us who have these devices in our offices or classrooms I simply cannot recommend them. There is a fix to go into the bios and change the fan management but it really should be on by default. The hardware is a little outdated now. I checked the specs of ours and it only runs a very old intel CPU which is a massive power hog. I think its not even a core i variety yet.
Lets be clear, the smoothwall support is some of the best I have ever experienced, their agents are incredibly technical and explain things well. There are problems with them ringing you back if you have a non urgent query and on a number of times I had to chase them a 2nd or 3rd time to get an answer. But when I actually did that the support was excellent, particularly a guy called John Fisher is very good there. They remote desktop in, and fix problems there and then. The RMA procedure was also very efficient which is important as a firewall/filter is pretty essential device.
I love the smoothwall firewall. All the interfaces are setup very clearly and have nice icons to show you which is which. Port forwarding and assinging external IPs is a breeze. I had it up and running in about 20mins with our brand new BT 100mbit line and was very pleased with the results. Speed and port blocking have worked flawlessly since install date.
I'm in 2 minds about the Guardian web filter, its very powerful but also very complicated. The reporting side of things is poor. Trying to watch the realtime stats things go off the screen too quickly and there are no simple reports you could send to your headmaster or someone of a less technical mindset. The filtering seems to work well but actually setting it up took us days. There are many different levels of filter that can be applied and no real advice on how to setup the proxy for "best practice". After many many hours of trying to work out what was going wrong we realized that SSL transparent filtering did not work with windows XP. This was only explained after a phone call to support. In the end we managed to get a NTLM proxy on a specific port working with a transparent proxy with no authentication working on the main line. This is not ideal as there are a number of caveats of using NTLM such as Dropbox and Google drive not working and a number of other random apps. The gaurdian user interface is also very jumbled and you have to jump back and forth from the proxy settings to the Gaurdian settings.
There is a massive feature missing which is to type in a username and site to check if its filtered or not form the front page dashboard. This is present on virtually every other filter so why doesn't smoothwall have it? Quick block and Quick allow are nice features but we need a way of checking sites quickly.
The interface is cluttered with un-needed items and takes a while to get used to. Saying that once you learn where things are (sometimes not where you would expect!!) its actually really nice to use day to day. I particularly liked the menus that worked kind of like a wizard such as the firewall port forwarding and external aliases being close together. This makes it easy to navigate to each setting. It really is a shame I had to ring support a number of times to find the correct setting though. Things like "reflective port forwarding" is buried in advance firewall settings and hard to find.
The help system is OK but very very plain to read with a lot of text. I actually gave up and found it quicker ringing support. Needs more screenshots, a bigger font and a more streamlined menu system. Saying that it does the job and is updated on each release so if you do like reading then its ok :)
Now this is one of the downsides to Smoothwall. The solution is incredibly expensive compared to competing products. I think overall our smoothwall is going to cost close to 9K over a 3 year period. I found the price per device for Gaurdian licenses to be particularly expensive compared to other solutions. A site license, or basing it on FTE teachers in the school would be much better for places like us who have a lot of devices and a guest network. I cannot recommend Smoothwall currently based on price, there are cheaper options which will do the same thing.
We looked at both Lightspeed and Sophos when deciding on which firewall and filter to buy. We actually purchased a Sophos filter as it was much cheaper than the Smoothwall but it died after a couple of years and their support wasn't great. In use, the Sophos box was much simpler to get going and more advanced when it came to filtering, monitoring and testing. It didn't have a firewall so in the end we moved to Smoothwall filtering instead to get everything done in the same box.
The Lightspeed solution looks very good from their website, I don't have any experience of it but it looks much simpler from the screenshots and has some very cool educational based features.
Overall I would say the Smoothwall UTM1000 is a great device, worthy of consideration. Their support and development is particularly good. If you are price sensitive there may be better solutions out there but sometimes its worth spending the money to get the best, and I believe the UTM1000 is exactly that!