Netgear ProSecure STM600 web security gateway
Although the Netgear ProSecure STM600 doesn't match the feature set and flexibility of some of the high-end web security gateways from vendors such as Bluecoat, Cisco and Trend Micro, it has a robust and solid design appropriate to midsized and small businesses
- Good web interface
- Doesn't match the feature set and flexibility of some high-end web security gateways,
By making a serious attempt to match the web security needs of small businesses, Netgear has created a product that sits between the relatively spare feature set of the UTM firewall and the expensive depth of enterprise-class web security gateways. The Netgear ProSecure STM600 gives network managers an excellent option to add web security at a reasonable price with minimum risk.
The Netgear ProSecure STM600 security appliance takes on small-to-midsize business stalwarts such as Fortinet and Barracuda by including antispam, antimalware, and web content filtering in a single unit that offers easy deployment and budget-preserving pricing.
We tested the Netgear ProSecure STM600, the high-end appliance Netgear started shipping in November, and found that it does an adequate job of blocking what you don't want, while making a minimal intrusion into your network.
The Netgear ProSecure STM600 combines two main functions in a single appliance. First is email protections, including antispam and antimalware, as well as some content filtering. Second is web and FTP client protections, including antimalware and content filtering.
The Netgear ProSecure STM600 has an easy-to-use web-based interface, and a separate out-of-band management port, which is a nice feature. In general, most network managers will be able to configure the STM600 in just a few minutes.
The email protection features work on SMTP, POP3 and IMAP4 protocols. You identify what ports you're running these three protocols on, and then define a fairly simple policy on how to handle traffic.
Web protection is slightly more sophisticated. You start with the same configuration: define what ports you run HTTP, Secure-HTTP and FTP on, then say which policies will apply. The Netgear ProSecure STM600 supports malware scanning, content filtering (such as blocking .EXE files or online shopping sites), URL filtering with your own block/allow lists of URLs and sites, application filtering for a list of about 18 common applications, such as BitTorrent, GoToMyPC, and Yahoo Messenger, plus man-in-the-middle HTTPS scanning.
The Netgear ProSecure STM600 also allows HTTP users to authenticate themselves using a Web page, and you can use this authentication to apply exceptions to your basic policy.
Netgear ProSecure STM600: inline ins and outs
The Netgear ProSecure STM600 acts as a "bump in the wire", meaning that it sits transparently in your network, doing its job, without any additional configuration of your web clients, mail servers or DNS. That's quite a departure from other products in this space, which usually act as separate email servers or web proxies.
The advantage is that you don't have to touch anything. But there are also disadvantages. The most obvious is that now the Netgear ProSecure STM600 is sitting "inline" in your network, controlling all traffic. If the STM600 locks up or otherwise starts misbehaving, everything can slow down or be cut off entirely.
Netgear partially works around this by putting fail-open ports on the STM600, which let traffic pass through untouched if the Netgear ProSecure STM600 loses power. We tested this and found that the STM600 is only "mostly" transparent. Both when we power-cycled it, and when it rebooted, we had to clear ARP caches before communications would resume. You've got to be comfortable putting another device in the critical path between your network and the internet to consider this approach.
Another unusual part of the Netgear ProSecure STM600 configuration is that you don't really make it aware of IP addresses, only ports to scan. This means that, by default, the STM600 will scan traffic to every IP address on the ports you list. That can be a benefit, or it could cause mysterious network problems if you don't realise that even your test lab is being filtered. Fortunately, there is a way to exclude specific IP addresses or subnets from scanning.
Join the Good Gear Guide newsletter!
Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop
Linksys AC5400 MU-MIMO Gigabit router
Lexar® JumpDrive® S57 USB 3.0 flash drive
Smart LED Bulb LB130
Samsung portable 1TB T3 drive
Epson EcoTank Expression ET-2500
Epson WorkForce ET-4550
Everki ContemPRO Roll Top Laptop Backpack
Lexar® JumpDrive® S45 USB 3.0 flash drive
Logitech G403 Prodigy mouse
Lexar® Portable SSD
Huawei Mate 9
Belkin MIXIT Metallic Lightning to USB Cable
Epson WorkForce DS-360W
3SIXT Ultra HD Sports Action Camera
Acer Swift 7
Google Daydream VR headset
Garmin Fenix Chronos smartwatch
Dell Inspiron 5000 series 2-in-1
Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards
Dell XPS 13 laptop
Audio-Technica ATH-ANC70 Noise Cancelling Headphones
HP Pavilion x360 13”
Lexar® JumpDrive® C20c USB Type-C flash drive
HD Pan/Tilt Wi-Fi Camera with Night Vision NC450
Surface Pro 4
Blade 28 backpack by Arc’teryx
Most Popular Reviews
- 1 Gigabyte Aorus GA-AX370-Gaming 5 AMD Ryzen AM4 motherboard review
- 2 Kogan curved 4K UHD 55-inch LED LCD TV review
- 3 Panasonic Blu-ray recorder PVR set-top box review
- 4 Garmin Fenix Chronos fitness tracker smartwatch review
- 5 Star Wars Death Star Bluetooth levitating rotating speaker review
Latest News Articles
- BlackBerry readies a more secure version of the Samsung Galaxy S7
- After CIA leak, Intel Security releases detection tool for EFI rootkits
- Cisco on CIA WikiLeaks revelations: It’s not our problem… this time
- Old Windows malware may have tampered with 132 Android apps
- Google shifts on email encryption tool, leaving its fate unclear
PCW Evaluation Team
A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.
I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.
As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.
I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.
Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!
For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.
- First look at the Formula 1 2017 pit lane in Melbourne, Australia
- LG 2017 OLED and Super LED UHD 4K TVs: Hands-on review
- Oppo R9s Plus phone: Full, in-depth review
- Which flagship TV is best? Sony 4K HDR Bravia 2016 versus LG 4K HDR OLED 2016
- 10 Blu-ray movies / Best looking Blu-ray movies
- FTSocial Media ExecutiveNSW
- FTInfrastructure ArchitectVIC
- TPSenior Agile Business AnalystVIC
- TPBusiness AnalystNSW
- FTDatabase DeveloperVIC
- FTProject Manager (Business Applications)NSW
- FTSenior Full Stack Software Engineer, C#, Financial ServicesNSW
- TPMedia AssistantNSW
- FTTechnical Business AnalystNSW
- FTPerformance Tester and Automation Tester (Brisbane-based)ACT
- FTNV1 Cleared Software Engineer - Defence Projects - North Ryde areaNSW
- FTAgile CoachVIC
- TPUnix- Technical Support OfficerVIC
- FTFull Stack Software DeveloperQLD
- CCVirtualisation Engineer - IP NetworksVIC
- CCSenior Network Architect l Checkpoint firewalls l Cisco ACINSW
- FTMid-Level Software Engineer x 2 - Adelaide Based (PV, NV2 or NV1 required)ACT
- FTKey Account ManagerVIC
- FTSenior Business Analyst - Data Warehouse/ Statistical projectNSW
- FTQA LeadNSW
- FTService Desk ConsultantACT
- FT.net Developer (Front and Back end)QLD
- FTAgile TesterNSW
- FTTeam LeaderNSW
- FTSQL Server DBA- 2016 RDBMS, SSIS, SRS, Certified DBANSW