WatchGuard XTM 515 review
Combines a heady blend of gateway security measures with excellent performance and a reasonable price
Review Date: 4 Feb 2013
Reviewed By: Dave Mitchell
Price when reviewed: £1,011 (£1,213 inc VAT)
Features & Design
Value for Money
WatchGuard’s latest XTM 5 Series of security appliances aims to deliver enterprise-level performance at SMB prices. In this exclusive review, we look at the XTM 515, which has a high quoted throughput of 850Mbits/sec.
The appliance delivered the goods in our performance tests. Hooking up the 515 to the lab’s Ixia XM2 chassis and Xcellon-Ultra NP load modules, we created a test that simulated web clients on two Gigabit ports accessing web servers on two other Gigabit ports.
The IxLoad tool reported a top throughput of 860Mbits/sec, with all universal threat management (UTM) features switched on in the firewall policies. The appliance can be upgraded with a feature key to an XTM 525, which increases throughput to 1Gbit/sec.
The XTM 515 isn’t short of features either, and the price shown above is for the one-year Security Bundle. This includes WatchGuard’s LiveSecurity support plus IPS, web-content filtering, anti-spam, gateway antivirus, application controls, HTTPS inspection and WatchGuard’s “reputation enabled” defence. The latter uses an online server to flag up URLs with good reputations, so the box doesn’t have to scan every item of traffic.
Mixed-mode routing is the most flexible deployment method since it allows all the ports to be defined as separate interfaces. We opted for this and had the appliance up and running in minutes thanks to a wizard-based setup routine. It becomes trickier from here on in, however, as you need to configure application proxies for each of the security services. Even so, there’s a fine choice, and it includes HTTP, HTTPS, FTP, SIP, H.323, POP3 and SMTP.
After proxy configuration, actions are assigned. These include functions such as exceptions, alarms and logging requests. Firewall rules are then used to apply each proxy and its associated actions to selected network interfaces.
WatchGuard’s application awareness makes the XTM appliances stand out, since it allows admins to control Facebook and other social networking sites. It can be linked with Active Directory authentication, so you can fine-tune access on a per-user basis and decide who can log in, edit their profile, access webmail, view video, transfer files, play games or chat.
Web-content filtering requires a separate Windows system to host the WebBlocker URL category database, although we found a basic Windows 7 PC can run this happily. The same system will be needed to run the logging and reporting servers as well, but these also have a light footprint.
With WebBlocker there are 56 categories of URL that can be blocked, and we found very little sneaked past it. The Commtouch hosted anti-spam service is no lightweight, either: when tested previously, it delivered a detection score of 99% in our live tests.
Along with a performance boost over the older Series 5 XTM appliances, the latest WatchGuard Fireware 11.6.1 firmware adds new features. WebBlocker database updates are now fully automated, the web interface offers a handy policy checker service, and the appliance supports even more VPNs than before.
Larger businesses with branch offices can use WatchGuard’s System Manager tools for remotely managing multiple appliances. These now allow you to schedule feature key synchronisations, reboots and OS upgrades across groups of appliances.
High UTM performance usually comes with an equally high price, but the XTM 515 bucks the trend. It’s far better value than most competing products and offers a superb range of security measures.
Author: Dave Mitchell
no mention of its VPN capabilities - number of licenses included, protocols supported etc.
Also, does it need to have the monitoring services loaded on servers on the network, like earlier Watchguards?
By big_D on 4 Feb 2013
Here are teh vpn details;
VPN Throughput 250 Mbps
Branch Office VPN Tunnels (Max.) 65
Mobile VPN with SSL/L2TP (Incl/Max) 65
Mobile VPN with IPSec Client Licenses (Bundled) 75
Mobile VPN with IPSec Tunnels (Max.) 75
As for your question on the monitoring software. If you want logging and reporting then yes you will need to install it on a windows base machine.
By Watchguard on 5 Feb 2013
thank you. That is much appreciated.
By big_D on 5 Feb 2013
RE: VPN [@Watchguard; @big_D]
Please also note that by "VPN tunnels" in the licensing, WatchGuard means each individual route within the tunnel setup. E.g. in the tunnel config, adding the route " Local 192.168.1.0/24 Remote 10.0.1.0/24 " consumes one "tunnel" license. This is very good to keep in mind; I've burned myself on this before. Thank goodness they have a really fast upgrade model. ;)
By AriinPHD on 8 Feb 2013
- BBC admits £100 million IT project was a "waste"
- IBM's Watson answers customers' questions
- New CEO reorganises Intel to target "new devices"
- Dell profits slide 79% amid buyout talks
- Forget cloud subscriptions: users prefer standard licences
- McAfee: cloud storage could help spread viruses
- Analysts question Windows 8 as UK PC shipments slump
- Google pools storage across Gmail and Drive
- Ofcom accused of killing off VoIP competition
- ShoreTel dock turns iPhones and iPads into desk phones
- Is it worth upgrading a media centre to Windows 8?
- Flickr redesign: is it enough to tempt photographers back?
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Software subscriptions return us to a life of servitude
- How to get a job in cloud computing
- Are today's tech start-ups simply get-rich-quick schemes?
- Choosing the right tablet for business
- Best free antivirus for 2013
- The best business broadband: how to choose the right package
- Choosing your web hosting package: space, bandwidth, service-level agreements and email handling
- Windows Server 2012 features in-depth
- How to protect your business against spear phishing
- How to install virtual servers with Hyper-V
- The ICO's shame-faced u-turn on cookies
- Start8 and ModernMix: making Windows 8 work on a desktop
- How to boost your mobile reception
- How to fix Facebook: Social Fixer
- Taking the stress out of WordPress updates
- Where to download free web fonts
- Turn your tablet into a Sky+ remote control
- How to measure the success of a new IT system
- Three years on: the state of the tablet market
- Windows 8: what works and what doesn't
There are dozens of exciting prizes up for grabs on PC Pro Competitions. All our competitions are free to enter. Try your luck.ENTER NOW