WatchGuard XTM 830
March 01, 2013
$17,740, includes one year of support
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Outstanding feature set, powerful hardware, flexible device management options.
- Weaknesses: Expensive, requires client-server application to use some advanced features.
- Verdict: Well worth the expense for larger enterprises. Recommended.
While best known for its firewalls, WatchGuard is no slouch in the UTM space. As we detail below, its XTM 830, somewhat pricey, provides an excellent enterprise-grade perimeter defense against viruses, spam and other unwelcome traffic - and includes a number of other features all in one easy-to-administer device.
We began the setup process, as is usual for these types of devices, by connecting a specified interface to our LAN. After setting our workstation IP to fall within the default device network, we were able to access the product's web interface. Upon logging in with the default username and password, we were presented with a first-run setup wizard, which stepped us through a basic device configuration. After configuring the WAN and LAN interfaces - setting admin and read-only passwords, location information and time settings - we were given the option to activate the device online. Completing the activation process (a simple, one-click affair) unlocked all of our licensed features and this ended the configuration wizard. The elapsed time from unboxing the product to having a functioning perimeter gateway was approximately 10 minutes.
The XTM 830 is a centrally managed UTM with a rich feature set. While most device features are easily managed through its excellent web interface, the device's true power is only unlocked by setting up the WatchGuard System Manager, a client-server application which enables management of all WatchGuard devices in one's environment. The firewall works, as expected, with support for comprehensive rule sets, static network address translation (NAT) mapping and other standard features. Its signature-based IPS breaks threats out into critical, high, medium, low, and informational categories, and the signature database can be regularly updated on a predetermined schedule. Additionally, support is built in for signature exceptions, and notifications can be configured to be delivered via email or a simple network management protocol (SNMP) trap.
The WebBlocker feature is a content-filtering system that can be configured to use one of two website categorization database services: either the default, cloud-based Websense service or up to five locally hosted WebBlocker servers. User/group-oriented filtering rules are made possible through the device's AD/LDAP integration support, and RADIUS and SecureID are offered also.
WatchGuard has a reputation with us for providing excellent documentation and this product's documentation falls right in line with that expectation. Installation, quick start, and two versions of the administration guides, tailored to either the device's web interface or administered through WatchGuard System Manager, are available as downloadable PDFs from WatchGuard's support site. These are superbly organized with bookmarks, hotlinks, screen shots and diagrams where appropriate. The administration guides are also available as a web document hosted on the product's support site.
The XTM 830 is a pricey $17,740, which includes one year of plus-level support. This may be upgraded to gold for $2,430. Standard (12/5) support afterward costs $2,725 per year and gold is priced at $5,145 for one year.
Sign up to our newsletters
SC Magazine Articles
- Impact of Linux bug 'grinch' spans servers, workstations, Android devices and more
- House, in rush vote, passes Intelligence Authorization Act
- More than 100K WordPress sites compromised by malware due to plugin vulnerability
- Phishing email contains Word doc, enabling macros leads to malware infection
- U.S. accounts for most Mac OS X attacks and websites seeded with malware
- White House calls Sony hack a "serious national security matter," gov't mulls proper response
- 'Spark' shares traits with Alina, JackPOS, uses AutoIt differently
- California nonprofit sues San Diego Police Department over stingray documents
- Critical 'Misfortune Cookie' bug puts millions of internet-connected routers at risk
- Securing the enterprise with the five W's of access