Tony Sarno18 April 2008, 8:48 AM
A powerful router and firewall for your SMB network
The WatchGuard Firebox X Edge e-Series of security appliances is made up of three major models: x10e, x20e and x55e. These models are designed to provide security in a small business network. The cheapest model, x10e, is designed mainly for smaller single-location businesses. It only supports up to 15 users.
X20e can be used in larger branch offices. It supports up to 30 users. Finally, the x55e, which is the subject of this review, can be used in even larger environments. It doesn’t come with a user limit. It’s more powerful than x10e and x20e and more expensive. The two lesser models, however, are upgradeable to x55e.
The e-Series, like any other respectable Unified Threat Management (UTM) solution, supports additional online security subscriptions. These include a spam blocker, a gateway antivirus with an Intrusion Prevention System (IPS) and a web blocker with HTTPS URL filtering. Subscriptions come in 90-day or one-year blocks. If you decide to invest in a UTM device such as X55e you should consider investing in a security subscription. It’s a good way to protect your network from viruses, trojans, spam and attacks.
The firewall throughput of x55e is 100Mbit/s while its VPN throughput is 35Mbit/s. The device has a serial port, two WAN ports, one OPT/DMZ port for an optional network and three LAN ports. According to WatchGuard’s official data sheet, 10,000 concurrent sessions are supported by x55e as well as 25 VPN tunnels. X20e and X10e support 8,000 and 6,000 concurrent sessions and 15 and five branch office VPN tunnels respectively.
In terms of security x55e includes the obligatory Stateful Packet Inspection (SPI) firewall and the more interesting fragmented packet reassembly protection and protocol anomaly detection technologies. The proxy policy filters allow further monitoring and examination of HTTP, SMTP, POP3 and FTP connections.
Network features such as policy-based routing, WAN failover, multi-WAN load sharing and balancing come as standard in x55e. In comparison, these features do not come as standard with x10e or x20e but can be acquired by upgrading to Edge Pro — WatchGuard’s security appliance software.
Traffic management such as policy-based traffic and VPN traffic prioritisation is controllable in x55e. When it comes to VPN, apart from the standard 25 branch office tunnels, the system comes with 5 IPSec Client licences for mobile VPN. 55 Mobile VPN tunnels with SSL are possible. In terms of encryption DES, 3DES and AES are available to the user. For authentication IPSec via SHA-1, MD5, IKE and third party certificates are available. Encryption is thankfully done in hardware.
The system supports static and DHCP (server, client and relay) IP address assignment. Static and Dynamic NAT is supported, as well as IPSec NAT traversal. The device’s logging and reporting features are satisfactory. There are two methods that can be employed to keep log files with Firebox X Edge. One is to use a WatchGuard Log Server — a component of the WatchGuard System Manager. Another is to use syslog — a log interface for UNIX.
We had no problems setting up and using X55e. Its web-based GUI interface was intuitive and simple to use. The system provides a lot of detailed information about its status ranging from memory and running processes to hostile sites, connection, VPN statistics and traffic prioritisation. The firewall was easy to configure and the Documentation was clear.
There are a few wizards available to the user for configuring WAN failover options, conducting setup of primary interfaces and defining policies for network traffic filtering. These are not going to be too useful for skilled network administrators, but they could help those of us with a little less experience.
WatchGuard’s Firebox x55e is a solid router and firewall that stands up well with the competition. In some ways it’s not as powerful as, for example, D-Link’s DFL-260 (reviewed last issue, page 64) but it’s still a very good device. Check it out the next time you go shopping.