WatchGuard XTM 2520

As far as UTM devices go, the W atchGuard XTM 2520 looks to have all bases covered

The web UI is well laid out and snappy to use

The web UI is well laid out and snappy to use

If, as we are often led to believe, colour really is an indication of speed then the WatchGuard XTM 2520 would have to be the fastest hardware firewall solution on the planet. Or at least, in the rack.

And if its specs are any indication, it might not be far off – in addition to 12 10/100/1000 ports the XTM 2520 also sports four 10 Gigabit SFP+ optical links, for a staggering 35Gbps combined throughput for the firewall component, according to WatchGuard. The 2520’s speed varies depending on which other services you use, and decline as you might expect for more demanding loads.

Still, as an example, it has a claimed throughput of 9.6Gbps for the anti-virus component. For a single device guarding an enterprise network that can sustain 2.5 million concurrent sessions, it’s certainly no slouch.

And that’s firmly the target for WatchGuard’s UTM products. While it has a range of units for different business levels, the XTM 2520 is billed and built for large networks and the enterprise.

In the case of the XTM 2520 it bundles a range of enterprise-focused features, but also allows you to configure and pay for only what you need. The standard base unit with a one-year subscription to core services costs $65,995, and bundles in intrusion prevention (including spoofing attacks and DDOS); the Webblocker with URL filtering; spamBlocker anti-spam via SMTP and POP3; Anti-Virus (also includes anti-malware, and is based on an AVG engine); Application Control (for example, to filter P2P programs or Facebook applications); and the Reputation Enabled Defence engine, a cloud-based reputation scanning service able to filter out known malicious sites before reaching other protective layers like the AV component, thereby reducing network and processing load.

It also includes access to WatchGuard’s LiveSecurity offering, which includes software updates, technical support and warranty service.

One advantage of combining the firewall with these services into a single device is the ability to leverage firewall features (such as packet inspection). For example, the antivirus component working with the application control layer to identify threats coming in—beyond the usual suspects of HTTP, FTP, POP3 and similar protocols. And to be sure, it’s these services that allow the XTM 2520 to shine. Without them it’s still a fully-functional and versatile firewall box, but being able to integrate and easily manage these services into a single unit is what WatchGuard is known for.

Under the hood the device runs a multi-core Intel CPU paired with 32GB RAM, plenty for caching and running the various services. The device boots from flash memory and also sports a traditional spinning-platter disk. The disk is not used in the current version of firmware but it’s there to be ready for future upgrades and functions.

WatchGuard has been able to cram a lot into a single rack unit of space, so if you are deploying devices in pairs, this saving adds up.

Four 40mm fans at the rear that pull air out for cooling, three of these are from an airflow tunnel over a passive heatsink on the CPU. The fourth fan pulls air out from the main enclosure, along with the two fans in the two 275W power supply units (one redundant).

As you’d expect all ports are accessible from the front panel, along with a serial to USB connection that can be used to configure the unit as an alternative to connecting via the network. It also sports a small LCD and buttons to cycle through system load, temperature, memory usage and basic stats such as the unit’s serial number.

Software wise the XTM 2520 runs what WatchGuard calls Fireware XTM, which is actually a customised version of secure Linux. Indeed, CLI access is provided for commandline junkies if the appropriate firewall rules are setup to allow SSH. Configuring and managing the XTM 2520 is done either through WatchGuard’s System Manager software, or directly through a browser using its Web UI.

Here the interface is well laid out and snappy to use, with sections for managing the firewall, Authentication, VPNs, network settings and general system management and reporting. Adding policies to the firewall is easy with a range of pre-configured port filters for the all the usual suspects from SSH and FTP to Citrix and even X11 for Unix systems.

Reporting is quite extensive too, and allows you to not only set refresh intervals for system resources but also for viewing routes, authenticated users, blocked sites, interface activity, traffic management and more. Helpfully, most of these screens have a ‘Copy’ button to copy data to the clipboard too.

Finally, subscriptions to WatchGuard’s services are also easily managed, both in their configuration for which there is plenty of depth and for the addition and status of paid services, including how many days you have remaining to each subscription.

Overall the XTM 2520 is a beast of a machine with an extensive feature list aiming to be your one-stop-shop for network security. Trade-ups are available as is three year bundle pricing and, because service subscriptions are transferable, there are some savings to be had if you need a second unit. With this option of Hardware-only, the XTM 2520 device with just a one-year subscription to LiveSecurity for maintenance can be had for $48,890.

Join the CSO newsletter!

Error: Please check your email address.

Tags firewallwatchguard XTM2250

More about Citrix Systems Asia PacificFacebookIntelLinuxSSHWatchguard

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ashton Mills

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place