WatchGuard XTM 2520

As far as UTM devices go, the W atchGuard XTM 2520 looks to have all bases covered
The web UI is well laid out and snappy to use

The web UI is well laid out and snappy to use

If, as we are often led to believe, colour really is an indication of speed then the WatchGuard XTM 2520 would have to be the fastest hardware firewall solution on the planet. Or at least, in the rack.

And if its specs are any indication, it might not be far off – in addition to 12 10/100/1000 ports the XTM 2520 also sports four 10 Gigabit SFP+ optical links, for a staggering 35Gbps combined throughput for the firewall component, according to WatchGuard. The 2520’s speed varies depending on which other services you use, and decline as you might expect for more demanding loads.

Still, as an example, it has a claimed throughput of 9.6Gbps for the anti-virus component. For a single device guarding an enterprise network that can sustain 2.5 million concurrent sessions, it’s certainly no slouch.

And that’s firmly the target for WatchGuard’s UTM products. While it has a range of units for different business levels, the XTM 2520 is billed and built for large networks and the enterprise.

In the case of the XTM 2520 it bundles a range of enterprise-focused features, but also allows you to configure and pay for only what you need. The standard base unit with a one-year subscription to core services costs $65,995, and bundles in intrusion prevention (including spoofing attacks and DDOS); the Webblocker with URL filtering; spamBlocker anti-spam via SMTP and POP3; Anti-Virus (also includes anti-malware, and is based on an AVG engine); Application Control (for example, to filter P2P programs or Facebook applications); and the Reputation Enabled Defence engine, a cloud-based reputation scanning service able to filter out known malicious sites before reaching other protective layers like the AV component, thereby reducing network and processing load.

It also includes access to WatchGuard’s LiveSecurity offering, which includes software updates, technical support and warranty service.

One advantage of combining the firewall with these services into a single device is the ability to leverage firewall features (such as packet inspection). For example, the antivirus component working with the application control layer to identify threats coming in—beyond the usual suspects of HTTP, FTP, POP3 and similar protocols. And to be sure, it’s these services that allow the XTM 2520 to shine. Without them it’s still a fully-functional and versatile firewall box, but being able to integrate and easily manage these services into a single unit is what WatchGuard is known for.

Under the hood the device runs a multi-core Intel CPU paired with 32GB RAM, plenty for caching and running the various services. The device boots from flash memory and also sports a traditional spinning-platter disk. The disk is not used in the current version of firmware but it’s there to be ready for future upgrades and functions.

WatchGuard has been able to cram a lot into a single rack unit of space, so if you are deploying devices in pairs, this saving adds up.

Four 40mm fans at the rear that pull air out for cooling, three of these are from an airflow tunnel over a passive heatsink on the CPU. The fourth fan pulls air out from the main enclosure, along with the two fans in the two 275W power supply units (one redundant).

As you’d expect all ports are accessible from the front panel, along with a serial to USB connection that can be used to configure the unit as an alternative to connecting via the network. It also sports a small LCD and buttons to cycle through system load, temperature, memory usage and basic stats such as the unit’s serial number.

Software wise the XTM 2520 runs what WatchGuard calls Fireware XTM, which is actually a customised version of secure Linux. Indeed, CLI access is provided for commandline junkies if the appropriate firewall rules are setup to allow SSH. Configuring and managing the XTM 2520 is done either through WatchGuard’s System Manager software, or directly through a browser using its Web UI.

Here the interface is well laid out and snappy to use, with sections for managing the firewall, Authentication, VPNs, network settings and general system management and reporting. Adding policies to the firewall is easy with a range of pre-configured port filters for the all the usual suspects from SSH and FTP to Citrix and even X11 for Unix systems.

Reporting is quite extensive too, and allows you to not only set refresh intervals for system resources but also for viewing routes, authenticated users, blocked sites, interface activity, traffic management and more. Helpfully, most of these screens have a ‘Copy’ button to copy data to the clipboard too.

Finally, subscriptions to WatchGuard’s services are also easily managed, both in their configuration for which there is plenty of depth and for the addition and status of paid services, including how many days you have remaining to each subscription.

Overall the XTM 2520 is a beast of a machine with an extensive feature list aiming to be your one-stop-shop for network security. Trade-ups are available as is three year bundle pricing and, because service subscriptions are transferable, there are some savings to be had if you need a second unit. With this option of Hardware-only, the XTM 2520 device with just a one-year subscription to LiveSecurity for maintenance can be had for $48,890.