WatchGuard XTM 21-W review
WatchGuard's new SMB appliance offers plenty of security measures and is good value
Review Date: 5 Jan 2011
Reviewed By: Dave Mitchell
Price when reviewed: £599 (£719 inc VAT)
Features & Design
Value for Money
WatchGuard's latest XTM 2 series solves a major issue we've always had with its SMB security appliances. The new XTM 21-W introduces a completely new web interface that makes it much easier to manage.
WatchGuard products were previously managed using a complex concoction of utilities. The XTM 505 required the WatchGuard System Manager, Firebox Manager and five separate servers for management access, web filtering, message quarantining, logging and reporting.
The XTM 2 series has a web interface that provides access to monitoring and configuration, so all those components are no longer needed. URL category database updates, which previously had to run using Windows Task Manager, have also now been fully automated.
Installation is more streamlined. A big feature in the new firmware is application awareness, included as part of its Security Bundle subscription. This provides control over social-networking activities, so you can manage the login process for specific AD users and groups, decide if they can chat and control the use of Facebook's webmail.
IM apps come under its remit, so for Windows Live Messenger you can control logons, chat, file transfers and games. A big list of P2P apps is included, and for BitTorrent you can stop or allow logons and file transfers while remote-control apps such as RDP, GoToMyPC and LogMeIn can be effectively managed.
Wireless features are improved, too. The appliance supports 802.11bgn operations and can present up to three SSIDs. The guest SSID permits access to only the WAN port, but the other two can be set to bridge with any one of the appliance's network ports.
Rogue wireless AP detection is also new. We found it worked well, detecting more than a dozen APs in our vicinity, but it disables all SSIDs while it's running. However, you can schedule it to run outside working hours.
The appliance supports multiple AD domains, and IPS can be applied to any security policy, including packet filter rules. Commtouch handles anti-spam services, which we've always found delivers high detection rates, but messages can only be tagged, not quarantined. The excellent WebBlocker service provides more than 50 URL categories.
The web interface offers easy access to all the security services, allowing you to configure packet filters and custom firewall rules. There's a good choice of proxies for controlling specific traffic types, including HTTP, HTTPS, FTP, SIP, H.323, POP3 and SMTP.
Plenty of graphical information is provided. For report production you'll need the log and reporting servers, but these are included and don't require a dedicated Windows host.
Simplifying management makes the WatchGuard XTM 2 series far better suited to SMBs looking for a single appliance. The XTM 21-W comes a close second to Cyberoam's A-Listed CR15wi for value, offers an equally good security package, and its proxies and application awareness make it very versatile.
Author: Dave Mitchell
- Will HP finally split into two companies?
- Chromebooks get version of Photoshop
- Toshiba beats retreat from consumer PC market
- Ellison steps down: but who's really running Oracle now?
- Microsoft set to make more job cuts
- Is Peter Pan panto tickets email genuine? Oh no, it isn't
- Intel triples Xeon E5 chip performance, adds DDR4
- Patch Tuesday targets critical IE flaw
- Microsoft refuses to hand over customer emails
- Microsoft yanks Windows 8.1 update after crash reports
- Google Glass: mugger bait, pub problem and other lessons learned from two dangerous weeks
- Twitter, please don't fiddle with my feed
- How Satya Nadella can get some pay-raise karma
- Windows 10: a step back to go forward
- Michael Dell: Cloud infrastructure is the roads, bridges and highways of the 21st century
- How to check your identity hasn’t been sold to the hackers
- Tim Cook: this is how much TV has changed since the 70s
- Westminster wins the .London battle
- 20 years of PC Pro: from deep pan pizza to virtualisation
- Five reasons why the Apple Watch leaves me cold
- How to set up a wireless hotspot for your business: give customers free or paid for internet access
- Five worst SMB security threats... and how to solve them
- Doing business in a social era
- How to configure SysLookup for your network
- The 18 best Outlook tips for increasing productivity: become an Outlook expert with these lesser-known tips
- Office: should you buy it, rent it - or dump it?
- Small server vs cloud: which is best for SMBs?
- The best mobile apps for business
- Windows XP: Microsoft’s ticking time bomb
- gTLDs: what your business should know about new domain names
- How to sell more ebooks on Amazon
- 10 ways to make your business more secure
- Top five VoIP mistakes
- How to add in-app purchasing to an iPhone, Android or Windows app
- Remote-control ransomware: TeamViewer and software hardball
- Why laptops with serial ports matter to the Internet of Things
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office