Netgear ProSecure STM600 web security gateway
Although the Netgear ProSecure STM600 doesn't match the feature set and flexibility of some of the high-end web security gateways from vendors such as Bluecoat, Cisco and Trend Micro, it has a robust and solid design appropriate to midsized and small businesses
- Good web interface
- Doesn't match the feature set and flexibility of some high-end web security gateways,
By making a serious attempt to match the web security needs of small businesses, Netgear has created a product that sits between the relatively spare feature set of the UTM firewall and the expensive depth of enterprise-class web security gateways. The Netgear ProSecure STM600 gives network managers an excellent option to add web security at a reasonable price with minimum risk.
The Netgear ProSecure STM600 security appliance takes on small-to-midsize business stalwarts such as Fortinet and Barracuda by including antispam, antimalware, and web content filtering in a single unit that offers easy deployment and budget-preserving pricing.
We tested the Netgear ProSecure STM600, the high-end appliance Netgear started shipping in November, and found that it does an adequate job of blocking what you don't want, while making a minimal intrusion into your network.
The Netgear ProSecure STM600 combines two main functions in a single appliance. First is email protections, including antispam and antimalware, as well as some content filtering. Second is web and FTP client protections, including antimalware and content filtering.
The Netgear ProSecure STM600 has an easy-to-use web-based interface, and a separate out-of-band management port, which is a nice feature. In general, most network managers will be able to configure the STM600 in just a few minutes.
The email protection features work on SMTP, POP3 and IMAP4 protocols. You identify what ports you're running these three protocols on, and then define a fairly simple policy on how to handle traffic.
Web protection is slightly more sophisticated. You start with the same configuration: define what ports you run HTTP, Secure-HTTP and FTP on, then say which policies will apply. The Netgear ProSecure STM600 supports malware scanning, content filtering (such as blocking .EXE files or online shopping sites), URL filtering with your own block/allow lists of URLs and sites, application filtering for a list of about 18 common applications, such as BitTorrent, GoToMyPC, and Yahoo Messenger, plus man-in-the-middle HTTPS scanning.
The Netgear ProSecure STM600 also allows HTTP users to authenticate themselves using a Web page, and you can use this authentication to apply exceptions to your basic policy.
Netgear ProSecure STM600: inline ins and outs
The Netgear ProSecure STM600 acts as a "bump in the wire", meaning that it sits transparently in your network, doing its job, without any additional configuration of your web clients, mail servers or DNS. That's quite a departure from other products in this space, which usually act as separate email servers or web proxies.
The advantage is that you don't have to touch anything. But there are also disadvantages. The most obvious is that now the Netgear ProSecure STM600 is sitting "inline" in your network, controlling all traffic. If the STM600 locks up or otherwise starts misbehaving, everything can slow down or be cut off entirely.
Netgear partially works around this by putting fail-open ports on the STM600, which let traffic pass through untouched if the Netgear ProSecure STM600 loses power. We tested this and found that the STM600 is only "mostly" transparent. Both when we power-cycled it, and when it rebooted, we had to clear ARP caches before communications would resume. You've got to be comfortable putting another device in the critical path between your network and the internet to consider this approach.
Another unusual part of the Netgear ProSecure STM600 configuration is that you don't really make it aware of IP addresses, only ports to scan. This means that, by default, the STM600 will scan traffic to every IP address on the ports you list. That can be a benefit, or it could cause mysterious network problems if you don't realise that even your test lab is being filtered. Fortunately, there is a way to exclude specific IP addresses or subnets from scanning.
Join the newsletter!
Toys for Boys
Sony Playstation 5
ASUS ROG, ACRONYM partner for Special Edition Zephyrus G14
Bose SoundLink Revolve Bluetooth Speaker
Theragun PRO Percussive Therapy Device
Nakamichi Delta 100 3-Way Hi Fi Speaker System
Sony WF-1000XM3 Wireless Noise Cancelling Headphones
WD_BLACK™ SN850 NVMe™ SSD
Philips Sonicare Diamond Clean 9000 Toothbrush
Fujiflim Instax Square SQ1
Lego Mindstorms Robot Inventor
MSI Modern 14
Mario Kart Live: Home Circuit for Nintendo Switch
Garmin vívofit® jr. 2
Fender Fullerton Ukele
MSI GE66 Dragonshield Limited Edition
Teac 7 inch Swivel Screen Portable DVD Player
SunnyBunny Snowflakes 20 LED Solar Powered Fairy String
Dickie Toy Remote Control Mega Crane Set
Kindle Paperwhite eReader (10th Gen)
Most Popular Reviews
- 1 Oppo Watch review: A masterclass in imitation
- 2 Google Pixel 5 Review: Soft Reboot
- 3 Google Pixel 4a review: The Goldilocks Google phone
- 4 Samsung Galaxy Note 20 Ultra 5G review: Wrong Number
- 5 LG NANO99 NanoCell 8K TV review: Prestige at a price
Latest News Articles
- Google releases Chrome 87 with support for Apple silicon Macs
- Reddit, LinkedIn, TikTok will issue updates to stop apps from copying the clipboard in iOS 14
- Apple admits to widespread iOS Mail security threat but claims no ‘immediate risk’
- McAfee Labs says fileless cyberattacks are on the rise in 2018
- Vulnerabilities found in Samsung SmartThings Hub
PCW Evaluation Team
Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.
This smart laptop was enjoyable to use and great to work on – creating content was super simple.
It really doesn’t get more “gaming laptop” than this.
As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.
The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.
This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.
- iPhone 12 Pro review: The iPhone that’s future proof
- Google Pixel 5 Review: Soft Reboot
- Oppo Watch review: A masterclass in imitation
- Everything you need to know about Smart TVs
- What's the difference between an Intel Core i3, i5 and i7?
- Laser vs. inkjet printers: which is better?