WatchGuard XTM 830
March 01, 2013
$17,740, includes one year of support
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Outstanding feature set, powerful hardware, flexible device management options.
- Weaknesses: Expensive, requires client-server application to use some advanced features.
- Verdict: Well worth the expense for larger enterprises. Recommended.
While best known for its firewalls, WatchGuard is no slouch in the UTM space. As we detail below, its XTM 830, somewhat pricey, provides an excellent enterprise-grade perimeter defense against viruses, spam and other unwelcome traffic - and includes a number of other features all in one easy-to-administer device.
We began the setup process, as is usual for these types of devices, by connecting a specified interface to our LAN. After setting our workstation IP to fall within the default device network, we were able to access the product's web interface. Upon logging in with the default username and password, we were presented with a first-run setup wizard, which stepped us through a basic device configuration. After configuring the WAN and LAN interfaces - setting admin and read-only passwords, location information and time settings - we were given the option to activate the device online. Completing the activation process (a simple, one-click affair) unlocked all of our licensed features and this ended the configuration wizard. The elapsed time from unboxing the product to having a functioning perimeter gateway was approximately 10 minutes.
The XTM 830 is a centrally managed UTM with a rich feature set. While most device features are easily managed through its excellent web interface, the device's true power is only unlocked by setting up the WatchGuard System Manager, a client-server application which enables management of all WatchGuard devices in one's environment. The firewall works, as expected, with support for comprehensive rule sets, static network address translation (NAT) mapping and other standard features. Its signature-based IPS breaks threats out into critical, high, medium, low, and informational categories, and the signature database can be regularly updated on a predetermined schedule. Additionally, support is built in for signature exceptions, and notifications can be configured to be delivered via email or a simple network management protocol (SNMP) trap.
The WebBlocker feature is a content-filtering system that can be configured to use one of two website categorization database services: either the default, cloud-based Websense service or up to five locally hosted WebBlocker servers. User/group-oriented filtering rules are made possible through the device's AD/LDAP integration support, and RADIUS and SecureID are offered also.
WatchGuard has a reputation with us for providing excellent documentation and this product's documentation falls right in line with that expectation. Installation, quick start, and two versions of the administration guides, tailored to either the device's web interface or administered through WatchGuard System Manager, are available as downloadable PDFs from WatchGuard's support site. These are superbly organized with bookmarks, hotlinks, screen shots and diagrams where appropriate. The administration guides are also available as a web document hosted on the product's support site.
The XTM 830 is a pricey $17,740, which includes one year of plus-level support. This may be upgraded to gold for $2,430. Standard (12/5) support afterward costs $2,725 per year and gold is priced at $5,145 for one year.
SC Magazine Articles
- USAA members hit with multiple phishing attacks
- Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak
- Trust exercise: Symantec's new website security expert is reaching out to hacker community
- Three zero-days found in iOS, Apple suggests users update their iPhone
- Two-thirds of IT security pros surveyed expect a breach to hit their company, report
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Wendy's POS breach 'considerably' bigger than first thought
- No hacking required: Israeli researchers show how to steal data through PC components
- Don't connect your charging cell to a computer or you may get hacked!