WatchGuard XTM 505 review

WatchGuard's latest XTM 5 series of appliances provides a complete security solution to SMBs and is designed to allow performance to be easily upgraded as required. If you start with the XTM 505 on review here, you can supercharge it in steps by upgrading to a 510, on to a 520 and finally to a 530 using a licence key.

The entire XTM 5 series uses the same hardware, with the 505 offering a high firewall throughput of 850Mbits/sec. Upgrade to a 510 and throughput is opened up to 1.4Gbits/sec with the top-dog 530 offering an impressive 2.3Gbits/sec.

The 505 has full UTM capabilities as standard, including an SPI firewall, IPsec and SLL VPNs, IPS, anti-spam, antivirus and web content filtering. What makes WatchGuard different from the competition, however, is its method of management.

New to WatchGuard's appliances is an integral web interface, but this offers limited access for configuration and is designed primarily to provide a monitoring service. For full management you need to load a number of services on other systems on the LAN.

Quarantining, reporting and logging are handled by separate servers and the WebBlocker content filtering service also runs on another system for which the appliance proxies all HTTP and HTTPS traffic. The load can be distributed by running each server on different Windows hosts, but we found it easy enough to install them all on a single Windows Server system.

We installed the appliance in routed mode but it also supports a drop-in mode, plus the new bridged mode where the appliance is completely transparent to the network. First contact is via the WatchGuard System Manager (WSM), which looks after multiple appliances.

From here, you select your appliance and access it directly using the Firebox System Manager (FSM). This opens with a star-shaped graphic showing activity between each interface and provides tabs for in depth graphs of traffic, bandwidth usage and service status.

The Policy Manager is used to configure packet filters, custom rules and the various proxies to decide how the appliance handles inbound and outbound traffic. Proxy choices include HTTP, HTTPS, FTP, SIP, H.323, POP3 and SMTP, and the last two make message security easy to set up as they don't need to know about internal mail servers.

The spamBlocker anti-spam feature comes courtesy of the Commtouch managed service, which we've always found to be a top performer. The WebBlocker service provides over 50 URL categories to choose from and during testing in the lab we found it also worked extremely well.

However, WebBlocker isn't so easy to set up as you have to use the Windows Task Scheduler to automate ongoing database updates. WatchGuard has been using this method for years and really should integrate this process into the WebBlocker server.

The gateway antivirus and IPS services are enabled in selected proxy policies and the TCP-UDP proxy adds extra controls for managing IM and P2P apps with a particular focus on Skype. The report and log servers team up to provide plenty of predefined reports, offering high levels of detail on users, browsing activity and spam status and each can be exported into HTML or PDF formats.

During testing the XTM 5050 put in a very good performance and the use of proxies allows strong security policies to be created. Smaller businesses with a single appliance will find management overly complex, but it does look reasonably good value as WatchGuard's licensing schemes have no per-user restrictions.

Author: Dave Mitchell