WatchGuard XTM 510 review

WatchGuard’s latest XTM appliance has a wealth of network security measures, but management is a weakness. Read our exclusive review of the new XTM 510 to find out more.

Price
£2,399

With their fire-engine red chassis, you can't mistake a WatchGuard Firebox appliance. The latest to join this family are the new XTM models which aim to offer mid-range businesses a complete yet good value gateway security appliance.

There are four models in the family and the improved hardware specification is designed to give them a big boost in performance. They are endowed with a 2GHz Intel Celeron 440 processor along with 1GB of DDR2 memory and, for the XTM 510 on exclusive review here, WatchGuard claims a high firewall throughput of 1.4Gbps.

Advertisement - Article continues below

A feature that gives WatchGuard's appliances greater longevity than much of the competition is that you don't have to buy a new box when the current one runs out of steam. You could start with the entry-level XTM 505 which offers a firewall throughput of 850Mbps and upgrade performance simply by applying a new license. For the XTM 510 it would cost a further 2,365 to turn it into an XTM 520 which would increase firewall performance to 1.9Gbps. When the time comes you could then upgrade it to a full blown 530 and up performance to 2.3Gbps.

All XTMs offer a single 10/100 port for WAN duties and six Gigabit ports for LAN functions as well as up to five DMZs. The two USB ports at the front are a new feature these let you connect a flash drive and copy the unit's configuration to it for safekeeping.

Advertisement
Advertisement - Article continues below

For deployment you now have three options as WatchGuard has added a transparent bridged mode to the standard routed and drop-in options. The oddly named FireCluster aims to improve high availability. Previously, you could only run appliances in active/standby mode which is expensive as one does nothing, but you can now run them in active/active mode where load balancing is performed across cluster members.

Advertisement - Article continues below

With all services activated you get an SPI firewall, deep packet inspection plus support for IPsec and SSL VPNs. These are augmented with anti-virus, anti-spam, IPS and web content filtering. It's certainly a bumper bundle of security measures, but WatchGuard's management process is a strange brew that may not be to everyone's taste.

At the top of the tree is the WatchGuard System Manager (WSM) which provides a central location for managing and monitoring multiple appliances. Along with this you need to install the WebBlocker, log, reporting and quarantine servers which can be loaded on one reasonably specified system or spread across the network.

The WebBlocker filtering service is cumbersome as it runs on any Windows system on the LAN for which the appliance proxies all HTTP and HTTPS traffic. After installation you have to manually download the category database. We were gobsmacked to see that WatchGuard still expects you to use Windows' Task Scheduler to automate database updates.

Advertisement - Article continues below

We had no problems loading all the various components on one Windows Server system. The installation routine also allows you to pick which servers you want, so it's easy enough to load them on different systems. For testing we also opted for routed mode and dropped the appliance in between our LAN and WAN.

The appliance uses policies created using the separate Policy Manager. Policies determine how traffic is handled and each one contains details of the source and destination networks plus application proxies, packet filtering and custom rules. The proxies are a valuable feature as these provide Layer 7 content inspection, anti-virus and IPS facilities.

Advertisement
Advertisement - Article continues below

You have a good range of proxies to choose from, including ones for HTTP, HTTPS, FTP, SIP, H.323, POP3 and SMTP. The last two proxies make very light work of controlling messaging as you don't need to provide them with any details about internal mail servers. The Commtouch spamBlocker service is configured from the SMTP and POP3 proxies. We've seen quite a few security vendors moving over to the Commtouch service which isn't surprising as it works extremely well.

Advertisement - Article continues below

Commtouch spamBlocker works with many ISPs allowing it to passively monitor mail messages and compute hashes for each one. This allows it to identify spam very quickly as it simply compares hashes sent to it from the WatchGuard appliance with its own servers. Messages that trigger a response will receive either a confirmed spam, bulk or suspect message categorisation and you can apply actions such as allowing, tagging, denying, dropping or quarantining.

WebBlocker actions are configured from the HTTP and HTTPS proxies and you have a choice of over fifty categories to block or allow. With Websense behind the scenes we found performance to be extremely good with it blocking our test clients from all manner of time wasting sites.

Web filtering gets a boost from WatchGuard's ReputationAuthority service. With information gathered from WatchGuard's global network of appliances, it can determine whether incoming web traffic can be trusted by applying a score to it. You also get the new local override feature where a user can access a blocked site by entering a password.

Advertisement - Article continues below

The XTM appliances can now be accessed via a web browser which provides configuration access along with monitoring services. However, there is limited access to policy creation and modification as you can't, for example, configure the spamBlocker or WebBlocker functions within the relevant policies. This has to be done from the Policy Manager.

With only a single XTM appliance on test we found management complex due to the number of utilities and server components that need to be loaded. The WatchGuard System Manager and its associated servers are best suited to handling multiple appliances.

Nevertheless, the XTM 510 looks comparatively good value especially as the licenses include unlimited users. It performed exceptionally well during testing and the multitude of proxies also makes it very versatile.

Verdict

During testing we found the XTM 510 performed very well with both the WebBlocker and spamBlocker features particularly impressing us. The appliance is good value, performance can be easily upgraded in steps and the myriad proxies allow the creation of very versatile security policies. However, the method of management is best suited to large, distributed deployments of WatchGuard appliances and is too complex for single appliance installations.

Advertisement - Article continues below

Chassis: 1U rack Processor: 2GHz single core Intel Celeron 440 Memory: 1GB DDR2, 1GB CompactFlash card Network: 1 x 10/100, 6 x Gigabit Ports: RJ-45 serial, 2 x USB Software: WatchGuard and Firebox System Managers plus WebBlocker, Report, Log and Quarantine servers Options: Upgrade from XTM 510 to 520, £2,365 (ex VAT)

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/business/business-operations/356395/nvidia-overtakes-intel-as-most-valuable-us-chipmaker
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/server-storage/servers/356083/the-best-server-solution-for-your-smb
Sponsored

The best server solution for your SMB

26 Jun 2020