Contents
WatchGuard Firebox X6500e UTM
(Credit: WatchGuard)
WatchGuard cannot be faulted for consistency. Over the past seven years Enex has tested numerous WatchGuard products, every one of them bright red. You just can't miss them in a datacentre. The last three iterations of WatchGuard's Firebox have been housed in uncannily similar chassis.
WatchGuard has also been consistent and retained its "golden screwdriver" approach to upgrades. Users are able to purchase upgrades via software "feature keys", unlocking additional functionality and performance already installed, without needing to upgrade any of the device hardware.
The Firebox X6500e is the middle child in the "Peak" family, sitting between the X5500e and the X8500e(-F) siblings. WatchGuard pitches this device at enterprises with 400-2000 users, touting a RRP price between AU$19,348 and AU$31,000 (dependent on functionality). The unit supplied to the lab retailed for AU$24,863.
Like most modern security appliances, WatchGuard's X6500e offers more functionality than just the humble firewall. As a unified threat management (UTM) device, it addresses a myriad of security threats including spyware, viruses, spam, blended threats, content filtering, web exploits, SQL injections, buffer overflows, DoS/DDoS and plenty more. The device is capable of an impressive range of functions.
Physically the X6500e incorporates eight 10/100/1000 network ports and a DB9M port for console access at the front of the unit, along with four additional status LEDs indicating power, storage, arm/disarm and expansion functions.
Both sides of the chassis feature good ventilation grilles with three decent fans operating at the rear of the unit. There are two user-accessible modular bays, a power switch and the power supply (using standard IEC cable) also at the rear. Surprisingly, however, the unit has no options for a redundant power supply. In a device such as this — aimed at the enterprise market (and considering the asking price) — it is something you should expect.
WatchGuard's claims about this product's top features include zero-day protection out of the box, and support for up to 2 gigabit per second firewall throughput. Firebox X Peak is built on application proxy firewall technology — reputed to be more secure than stateful packet filtering. WatchGuard also describes layers of anti-spyware to meet compliance standards and protect sensitive corporate data.
Networking is solid with the Firebox X6500e. Multi-gigabit firewall throughput and eight 10/100/1000 Ethernet ports support high-speed local area infrastructures and gigabit-wide area connections.
Another consistency in this product line, WatchGuard retains its WatchGuard System Manager (WSM) software in the Firebox X6500e. This application needs to be installed onto the administrator's machine before accessing the Firebox — a process that is not particularly user friendly. So while the X6500e is possibly more secure than other devices with an open web port on the internal network (allowing web-based configuration), it is still something that an administrator needs to learn and become confident with.
When a new Firebox is first commissioned the administrator must complete a complex process: initialising the device in a safe mode, running a set-up wizard from their administrative PC (including uploading the device's feature key into the system) and setting up initial and temporary networks and access passphrases. Only then can an administrator launch the WSM and access the device.
WSM is also able to act as a centralised system for multiple Firebox products. Once accessed WSM enables the administrator to perform key tasks, primarily connecting to and configuration of the device using the Fireware Policy Manager, but will also include accessing the monitoring system (known as Firebox System Manager). Although complicated, once comfortable with WatchGuard's management systems most engineers should be able to navigate easily.
Watchguard System Manager, Firebox System Manager, Firewall Policy Manager applications. (Credit: CBS Interactive)
WatchGuard's Firebox X6500e is a well-featured security appliance. It provides adequate levels of connectivity suitable for the majority of users. The feature key model is a great solution to provide easy feature upgrades. This offsets its relatively high initial price, and makes it suitable for enterprises expecting growth in the future.
Its warranty is provided via an annual renewal of WatchGuard's LiveSecurity subscription, which also includes an advanced hardware warranty. Product support methods are web and phone support from 8am to 8pm, Monday to Friday.
| The bottom line | If your enterprise is planning growth, then the simple feature key upgrades may offset the high initial cost of the product by saving you time and cost sourcing and replacing equipment. |
|---|---|
| Vendor | WatchGuard |
| Price | AU$24,863 |
| Warranty & support | Annual renewal of LiveSecurity Subscription, which includes advanced hardware warranty. Web and phone support from 8am to 8pm, Monday to Friday. |
| The good | Consistent between revisions |
| Licence key model upgrades | |
| Feature rich | |
| The bad | Relatively expensive |
| Complicated application-based configuration/administration/management | |
| Limited support methods | |
| No redundant power supply option |
I'm amazed that you didn't bother to test the platform with the most impressive security track record known to man - OpenBSD.
It's easy to configure. There are no licensing costs. The rule set for PF is human readable. It supports IPv6.