WatchGuard XTM 21-W review
WatchGuard's new SMB appliance offers plenty of security measures and is good value
Review Date: 5 Jan 2011
Reviewed By: Dave Mitchell
Price when reviewed: £599 (£719 inc VAT)
Features & Design
Value for Money
WatchGuard's latest XTM 2 series solves a major issue we've always had with its SMB security appliances. The new XTM 21-W introduces a completely new web interface that makes it much easier to manage.
WatchGuard products were previously managed using a complex concoction of utilities. The XTM 505 required the WatchGuard System Manager, Firebox Manager and five separate servers for management access, web filtering, message quarantining, logging and reporting.
The XTM 2 series has a web interface that provides access to monitoring and configuration, so all those components are no longer needed. URL category database updates, which previously had to run using Windows Task Manager, have also now been fully automated.
Installation is more streamlined. A big feature in the new firmware is application awareness, included as part of its Security Bundle subscription. This provides control over social-networking activities, so you can manage the login process for specific AD users and groups, decide if they can chat and control the use of Facebook's webmail.
IM apps come under its remit, so for Windows Live Messenger you can control logons, chat, file transfers and games. A big list of P2P apps is included, and for BitTorrent you can stop or allow logons and file transfers while remote-control apps such as RDP, GoToMyPC and LogMeIn can be effectively managed.
Wireless features are improved, too. The appliance supports 802.11bgn operations and can present up to three SSIDs. The guest SSID permits access to only the WAN port, but the other two can be set to bridge with any one of the appliance's network ports.
Rogue wireless AP detection is also new. We found it worked well, detecting more than a dozen APs in our vicinity, but it disables all SSIDs while it's running. However, you can schedule it to run outside working hours.
The appliance supports multiple AD domains, and IPS can be applied to any security policy, including packet filter rules. Commtouch handles anti-spam services, which we've always found delivers high detection rates, but messages can only be tagged, not quarantined. The excellent WebBlocker service provides more than 50 URL categories.
The web interface offers easy access to all the security services, allowing you to configure packet filters and custom firewall rules. There's a good choice of proxies for controlling specific traffic types, including HTTP, HTTPS, FTP, SIP, H.323, POP3 and SMTP.
Plenty of graphical information is provided. For report production you'll need the log and reporting servers, but these are included and don't require a dedicated Windows host.
Simplifying management makes the WatchGuard XTM 2 series far better suited to SMBs looking for a single appliance. The XTM 21-W comes a close second to Cyberoam's A-Listed CR15wi for value, offers an equally good security package, and its proxies and application awareness make it very versatile.
Author: Dave Mitchell
- Sony revives optical discs with 1TB Archival Disc
- IDC: iPad intertia opens door for Windows tablets
- Office 365 goes social with "Oslo" news feed
- Windows XP: upgrading 30,000 PCs in 30 days
- LibreOffice: ignore Microsoft's "nonsense" on government's open source plans
- Intel Xeon E7 v2 servers support 6TB of RAM
- Microsoft promises video calls between Skype and Lync
- Office for iPad due before July
- Windows 7 on business PCs gets an extension
- Windows apps land on Chromebooks with VMware
- CeBit 2014 diary: Cameron comes to town
- The 5 most interesting UK businesses at SXSW
- Quickest way to upload 1GB? Hop on a train
- Move over Delia: IBM Watson is cooking tonight
- Eric Schmidt on the double-edged smartphone: friend and foe
- Getty joins the race to the bottom
- Hour of Code: five steps to learn how to code
- Sony Xperia Z2 Tablet review: first look
- Sony Xperia Z2 review: first look
- Samsung Galaxy Gear 2 review: first look
- Small server vs cloud: which is best for SMBs?
- The best mobile apps for business
- Windows XP: Microsoft’s ticking time bomb
- gTLDs: what your business should know about new domain names
- Can Microsoft survive? A look at servers and tools
- Can Microsoft survive? The future of Office
- A real-world guide to business VoIP
- Sack your PA: how to stay on top of your work life
- Power lies with the internet giants, not the governments
- Software subscriptions return us to a life of servitude
- Headings vs headers: how to use both in Word
- Windows Server 2012 R2: how the Datacenter edition could change SMBs
- Invoices and VAT: how to set up your documents correctly
- Nexus 5 vs Samsung Galaxy S4 Active: the best phone for avoiding screen burn
- How much is a social user worth?
- The key to choosing a secure password
- Thunderbolt Bridge: a fast Mac migration tool
- Should you advertise on Twitter?
- How to track a lost smartphone
- Self-publishing success: the best way to sell your book