WatchGuard XTM 510 review

With their fire-engine red chassis, you can’t mistake a WatchGuard Firebox appliance. The latest to join this family are the new XTM models which aim to offer mid-range businesses a complete yet good value gateway security appliance.

There are four models in the family and the improved hardware specification is designed to give them a big boost in performance. They are endowed with a 2GHz Intel Celeron 440 processor along with 1GB of DDR2 memory and, for the XTM 510 on exclusive review here, WatchGuard claims a high firewall throughput of 1.4Gbps.

A feature that gives WatchGuard’s appliances greater longevity than much of the competition is that you don’t have to buy a new box when the current one runs out of steam. You could start with the entry-level XTM 505 which offers a firewall throughput of 850Mbps and upgrade performance simply by applying a new license. For the XTM 510 it would cost a further £2,365 to turn it into an XTM 520 which would increase firewall performance to 1.9Gbps. When the time comes you could then upgrade it to a full blown 530 and up performance to 2.3Gbps.

All XTMs offer a single 10/100 port for WAN duties and six Gigabit ports for LAN functions as well as up to five DMZs. The two USB ports at the front are a new feature – these let you connect a flash drive and copy the unit’s configuration to it for safekeeping.

For deployment you now have three options as WatchGuard has added a transparent bridged mode to the standard routed and drop-in options. The oddly named FireCluster aims to improve high availability. Previously, you could only run appliances in active/standby mode which is expensive as one does nothing, but you can now run them in active/active mode where load balancing is performed across cluster members.

With all services activated you get an SPI firewall, deep packet inspection plus support for IPsec and SSL VPNs. These are augmented with anti-virus, anti-spam, IPS and web content filtering. It’s certainly a bumper bundle of security measures, but WatchGuard’s management process is a strange brew that may not be to everyone’s taste.

At the top of the tree is the WatchGuard System Manager (WSM) which provides a central location for managing and monitoring multiple appliances. Along with this you need to install the WebBlocker, log, reporting and quarantine servers which can be loaded on one reasonably specified system or spread across the network.

The WebBlocker filtering service is cumbersome as it runs on any Windows system on the LAN for which the appliance proxies all HTTP and HTTPS traffic. After installation you have to manually download the category database. We were gobsmacked to see that WatchGuard still expects you to use Windows' Task Scheduler to automate database updates.

We had no problems loading all the various components on one Windows Server system. The installation routine also allows you to pick which servers you want, so it’s easy enough to load them on different systems. For testing we also opted for routed mode and dropped the appliance in between our LAN and WAN.

The appliance uses policies created using the separate Policy Manager. Policies determine how traffic is handled and each one contains details of the source and destination networks plus application proxies, packet filtering and custom rules. The proxies are a valuable feature as these provide Layer 7 content inspection, anti-virus and IPS facilities.

You have a good range of proxies to choose from, including ones for HTTP, HTTPS, FTP, SIP, H.323, POP3 and SMTP. The last two proxies make very light work of controlling messaging as you don’t need to provide them with any details about internal mail servers. The Commtouch spamBlocker service is configured from the SMTP and POP3 proxies. We’ve seen quite a few security vendors moving over to the Commtouch service which isn't surprising as it works extremely well.