WatchGuard XTM 330 review
Delivers a host of sophisticated security measures at a very reasonable price
Review Date: 11 Jun 2012
Reviewed By: Dave Mitchell
Price when reviewed: Appliance with 1yr security bundle, £843 (£1,012 inc VAT)
Features & Design
Value for Money
WatchGuard already lays claim to a sizable chunk of the SMB network security market, but with its latest multifunction appliance it wants even more. In this exclusive review we look at the new XTM 330, which offers impressive performance and strong features for a surprisingly low price.
This 1U rack appliance claims a high firewall throughput of 850Mbits/sec, and complements that with a good range of security services. These cover gateway antivirus, anti-spam, application controls, IPS, web filtering and WatchGuard’s own reputation-enabled defences.
The appliance, plus a one-year subscription to its LiveSecurity support and all the above security services, costs £843 exc VAT. Go for a full three-year subscription and it’s yours for £1,325.
Installation has been streamlined, with a wizard stepping through the initial setup process, registering the appliance and activating your subscriptions. The web interface has been spruced up to make it more intuitive, and the homepage provides plenty of detail on appliance performance, subscription status and security service activity.
Firewall policies combine settings for each security service, where you select a proxy, apply it to any or all of the seven Gigabit interfaces, and define a proxy action. There’s a good choice of proxies: along with HTTP, FTP, SIP, H.323, POP3 and SMTP, it has HTTPS as standard.
The WebBlocker service provides 55 categories that can be blocked or allowed on a per-policy basis. The appliance needs to be pointed to a separate system that hosts the category database, but we found it worked happily on a Windows 7 system and delivered excellent results in our live filtering tests.
The Commtouch anti-spam service is configured via the POP3 and SMTP proxies, but if you choose not to use the separate quarantine server you can only tag suspect messages. For testing, we created a policy that tagged suspect messages, and created rules on our Outlook clients that moved them to separate folders. We left the appliance filtering live email for a month and saw an impressive spam detection rate of 98.9%. The Bulk mail detection is too enthusiastic, but you can turn this off and let these messages through if you wish.
If you have issues with social networking in the workplace, WatchGuard’s application awareness could be the answer. This can control apps such as Facebook so you can decide by AD user or group who can log in, chat, edit their profile, play games, access webmail, use video and transfer files.
WatchGuard’s latest Fireware 11.5.1 software provides improvements such as IPv6 routing and clientless SSO (single sign-on). WatchGuard has also enhanced its Log Viewer and Report Manager apps with a new web-based logging and reporting tool. Viewed from a separate web interface, this provides improved logging detail on security services, users, alerts and traffic. On-demand reports for specific time periods can be exported as PDFs, and the new boxes under management report shows the status of your VPNs.
The XTM 330 isn’t as easy to configure as Netgear’s ProSecure UTM 150 appliance for example – but it’s much smarter. It packs in plenty of security features and is more versatile than any other appliance we’ve seen at this price point.
Author: Dave Mitchell
- Will HP finally split into two companies?
- Chromebooks get version of Photoshop
- Toshiba beats retreat from consumer PC market
- Ellison steps down: but who's really running Oracle now?
- Microsoft set to make more job cuts
- Is Peter Pan panto tickets email genuine? Oh no, it isn't
- Intel triples Xeon E5 chip performance, adds DDR4
- Patch Tuesday targets critical IE flaw
- Microsoft refuses to hand over customer emails
- Microsoft yanks Windows 8.1 update after crash reports
- Google Glass: mugger bait, pub problem and other lessons learned from two dangerous weeks
- Twitter, please don't fiddle with my feed
- How Satya Nadella can get some pay-raise karma
- Windows 10: a step back to go forward
- Michael Dell: Cloud infrastructure is the roads, bridges and highways of the 21st century
- How to check your identity hasn’t been sold to the hackers
- Tim Cook: this is how much TV has changed since the 70s
- Westminster wins the .London battle
- 20 years of PC Pro: from deep pan pizza to virtualisation
- Five reasons why the Apple Watch leaves me cold
- How to set up a wireless hotspot for your business: give customers free or paid for internet access
- Five worst SMB security threats... and how to solve them
- Doing business in a social era
- How to configure SysLookup for your network
- The 18 best Outlook tips for increasing productivity: become an Outlook expert with these lesser-known tips
- Office: should you buy it, rent it - or dump it?
- Small server vs cloud: which is best for SMBs?
- The best mobile apps for business
- Windows XP: Microsoft’s ticking time bomb
- gTLDs: what your business should know about new domain names
- How to sell more ebooks on Amazon
- 10 ways to make your business more secure
- Top five VoIP mistakes
- How to add in-app purchasing to an iPhone, Android or Windows app
- Remote-control ransomware: TeamViewer and software hardball
- Why laptops with serial ports matter to the Internet of Things
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office