WatchGuard XTM 21-W review
WatchGuard's new SMB appliance offers plenty of security measures and is good value
Review Date: 5 Jan 2011
Reviewed By: Dave Mitchell
Price when reviewed: £599 (£719 inc VAT)
Features & Design
Value for Money
WatchGuard's latest XTM 2 series solves a major issue we've always had with its SMB security appliances. The new XTM 21-W introduces a completely new web interface that makes it much easier to manage.
WatchGuard products were previously managed using a complex concoction of utilities. The XTM 505 required the WatchGuard System Manager, Firebox Manager and five separate servers for management access, web filtering, message quarantining, logging and reporting.
The XTM 2 series has a web interface that provides access to monitoring and configuration, so all those components are no longer needed. URL category database updates, which previously had to run using Windows Task Manager, have also now been fully automated.
Installation is more streamlined. A big feature in the new firmware is application awareness, included as part of its Security Bundle subscription. This provides control over social-networking activities, so you can manage the login process for specific AD users and groups, decide if they can chat and control the use of Facebook's webmail.
IM apps come under its remit, so for Windows Live Messenger you can control logons, chat, file transfers and games. A big list of P2P apps is included, and for BitTorrent you can stop or allow logons and file transfers while remote-control apps such as RDP, GoToMyPC and LogMeIn can be effectively managed.
Wireless features are improved, too. The appliance supports 802.11bgn operations and can present up to three SSIDs. The guest SSID permits access to only the WAN port, but the other two can be set to bridge with any one of the appliance's network ports.
Rogue wireless AP detection is also new. We found it worked well, detecting more than a dozen APs in our vicinity, but it disables all SSIDs while it's running. However, you can schedule it to run outside working hours.
The appliance supports multiple AD domains, and IPS can be applied to any security policy, including packet filter rules. Commtouch handles anti-spam services, which we've always found delivers high detection rates, but messages can only be tagged, not quarantined. The excellent WebBlocker service provides more than 50 URL categories.
The web interface offers easy access to all the security services, allowing you to configure packet filters and custom firewall rules. There's a good choice of proxies for controlling specific traffic types, including HTTP, HTTPS, FTP, SIP, H.323, POP3 and SMTP.
Plenty of graphical information is provided. For report production you'll need the log and reporting servers, but these are included and don't require a dedicated Windows host.
Simplifying management makes the WatchGuard XTM 2 series far better suited to SMBs looking for a single appliance. The XTM 21-W comes a close second to Cyberoam's A-Listed CR15wi for value, offers an equally good security package, and its proxies and application awareness make it very versatile.
Author: Dave Mitchell
- Microsoft supercharges PowerPoint with Office Mix
- Microsoft and Nokia deal tweaked ahead of completion
- Microsoft slashes custom XP support price
- Ubuntu LTS Server 14.04 extends cloud support
- Intel: PC sales are "encouraging"
- Google to rank encrypted pages higher
- Heartbleed: the race to reissue security certificates
- Dropbox boosts app line-up with Carousel and Mailbox for Android
- BlackBerry CEO says not selling off phones "any time soon"
- Microsoft halts business downloads of Windows 8.1 Update
- Hello Cortana, it's nice to meet you
- Windows 8.1 Update: an abject surrender
- The insane economics of Sky Now TV
- No such thing as a free app... so pay up if you want quality
- Time to outlaw crapware-laden installers
- Windows Phone 8.1 video: hands-on
- Office for iPad: key information
- Why every PC buyer owes Richard Durkin a debt of gratitude
- HTC One M8 vs Samsung Galaxy S5: 2014's big-hitters compared
- Windows XP end of life: key information
- Office: should you buy it, rent it - or dump it?
- Small server vs cloud: which is best for SMBs?
- The best mobile apps for business
- Windows XP: Microsoft’s ticking time bomb
- gTLDs: what your business should know about new domain names
- Can Microsoft survive? A look at servers and tools
- Can Microsoft survive? The future of Office
- A real-world guide to business VoIP
- Sack your PA: how to stay on top of your work life
- Power lies with the internet giants, not the governments
- Why laptops with serial ports matter to the Internet of Things
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office
- How to write your company's IT security policy
- Raspberry Pi and Wolfram: a must-have for every child
- Could you get by with Office Web Apps?
- The best Android antivirus apps for 2014
- Headings vs headers: how to use both in Word