Review: 02 Micro's SifoWorks U210 Enters The UTM Space

Which is why O2 Micro's approach to their UTM is unique. They actually manufacture their UTMs, from the semiconductor on up.

The electronics manufacturer made the leap into the security business in 2002 with their division, O2 Security. With a litany of security products like firewalls and VPNs, the vendor has just released their line of SifoWorks UTMs. The Test Center took a look at the U210 model.

What we found was an appliance that does the job of threat management, but is still in the fledgling stage in terms of its interface.

The U210 has all the requisite components of a UTM: anti-virus, intrusion detection/protection, QoS bandwidth management, load balancing, content filtering, anti-spam, traffic analysis and SSL VPN.

Setup of the device to change its hard-coded information to the test LAN's subnet got off to a rocky start. After the changes were applied, the status indicator took about six minutes to reach halfway to completion, and then the interface froze. There was no indication as to whether the changes took effect or not. Apparently they had, because login was possible on restart with the new IP information.

In a time where management interfaces have gauges and fancy graphs and bells and whistles, the U210's interface looked somewhat lacking. The main configuration pages are mainly in tabular form and the font is, well -- for us over 35-years-old, a bit small and cramped. There was also a noticeable lack of a help guide or user manual within the interface.

There were some issues we had with the device however, that go beyond aesthetics. A lack of confirmation in the interface whenever a change was applied is one of them.

The only way to discern if the change took place is by a status indicator bar at the bottom of the screen, and by the page reloading. Content Filtering can be applied to URLs, scripts, or by file extension. There was no way to do "block" category filtering, for example a way to block gambling or adult sites en masse. When we tested a specific URL site by blocking it, the setting filtered down to connected clients instantaneously, which was nice. However, the clients only got a "Page Not Found" error which looked like a HTTP or DNS error within the browser. The system does not have a way yet to create a customized content filtering message for clients accessing blocked sites.

The mail security and anti-spam features are arguably the most robust components of this UTM. Anti-spam uses Bayesian filtering and the system creates a "training" database that aids in intelligent, learned spam filtering after the system has captured 200 spams. Mail security can check to see if a sender's account is valid and if the IP is on an RBL. Users can import downloaded whitelists to clients and blacklists to the device. The device also can do mail archiving. The virus scan engine gives the option to use Clam (an open source antivirus engine) or Sophos for an additional cost.

There are some advance features with the U210, though. The device can be setup for high availability and to work with a co-defense system by defining a core switch, edge switch or MAC on Switchport. Intrusion detection provides pre-configured traffic anomalies like port scans and ICMP floods. There are a host of pre-defined IDP signatures to detect a range of potential threats from DoS' to IIS attacks, all of which can be configured to pass through the network or dropped like a hot potato, as per an administrator's discretion. Signature action can be logged or sent as an alarm.

There is, notwithstanding the anemic interface, potential with this product.

As mentioned, O2 Micro has their own chip in this device and the product has gone through rigorous bandwidth and throughput checks. The performance of the device seems to be hearty; CPU utilization did not register anytime during testing over 7percent. The vendor places an emphasis on performance, eschewing traditional methods of processing data -- thereby freeing up time and processes without impacting quality of service.

As far as the interface goes, the vendor states that an upgrade is imminent in Q4 and will address many of the very issues Test Center reviewers found. These changes are, in fact, a direct response to customer feedback.

O2 Micro has a partner program, although it is a small one. The vendor favors a program and underscores competency over having a large volume of partners. The program has platinum, gold and silver levels. The MSRP for the U210 is $4,995 and there are no subscription fees for the security modules.