The school preferred to deploy separate security gear, such as St. Bernard's iPrism Internet monitoring appliance and the Barracuda content filter, instead of a single box.
UTM vendors often recommend deploying their appliances in a pair for purposes of failover should one go down.
"People buy at least two for high availability," says Paul DeBernardi, director of product marketing at Secure Computing.
Whether UTM appliances are always the best at the job arouses some debate. SonicWall, for instance, argues that it's not viable to do highly accurate, full-performance spam filtering on any UTM.
"What's capable on a firewall is not anywhere near what you can get on a separate spam gateway, such as quarantining messages," SonicWall's Kuhn says.
Some disagree.
"Antispam is possible on UTM, but SonicWall simply does not have the horsepower," says Bob Walder, director of product evaluation at product-testing lab NSS Group.
NSS Group last year began testing UTM appliances, and another round of lab evaluations is set for this fall. Only Fortinet and ISS have received the "NSS Approved" mark so far, and Walder declined to say which vendors didn't make the grade.
But with UTM growing in popularity, one question that arises is whether the market will see a drop in stand-alone devices, such as firewalls or spam filters.
Future of UTM
Each vendor sees its UTM future differently, but a common concern is analyzing the impact VOIP traffic might have on UTM design now that customers are starting to put VOIP traffic through UTM gateways.
"As you add voice traffic to the network, there are a lot more small packets that make the box work harder," Fortinet's Roeckl says, adding that Fortinet is working on an acceleration technology it expects to announce by year-end that will speed VOIP processing to ensure voice quality. Fortinet also envisions ways to inspect VOIP traffic for viruses that might be injected into VOIP streams.
"We're looking at the various attacks," Roeckl says.
Symantec, which makes the Gateway Security line, says it plans to add a QoS control to its UTM, so the appliance can give priority to IP-based applications, including VOIP. At the same time, Symantec -- which had an internal memo on the topic leak out -- acknowledges it's changing course on UTM, reducing investment in its flagship UTM line, and will look to partners to help design the hardware.
For its part, SonicWall is adding support for the VPN standard, IKE 2.0, into its UTM with the expectation customers will be using IKE Version 2 for VOIP traffic.
Secure Computing plans to add a secure application pathway to its UTM based on the Session Initiation Protocol (SIP), so managers can create VOIP policies for different groups within an organization.
"Basically, we're building a SIP proxy, because when you open up VOIP in firewalls, it's like Port 80, a big, fat hole," Secure Computing's DeBernardi says. "This SIP proxy, with different commands for VOIP connectivity, will ensure only pure VOIP traffic gets through."
Secure Computing sells three lines of UTM appliances -- the low-end Snapgear and the high-end Sidewinder G2 and CyberGuard, which each reach 3Gbps. Secure Computing expects to introduce a new version of Sidewinder G2 soon that integrates the content-filtering technologies gained through its acquisition of CyberGuard late last year.