The intruder at the gate

By Matt Tett, Technology & Business Magazine

26 September 2005 12:58 PM

Tags: network, security, firewall, t&b, technology & business magazine, intrusion, detection, yes



		Contents Introduction CyberGuard SG710 Fortinet Fortigate 200A Juniper IDP 200 SonicWALL 5060 WatchGuard X1000 Tier-3 Huntsman Specifications How we tested Test Analysis Editor's choice About RMIT

WatchGuard Firebox X1000
WatchGuard has a great range of products, the beauty is that each device can be upgraded without removing or replacing any hardware -- simply purchase an upgrade key and the equipment's firmware is updated.

The front of the device includes six copper network ports, a serial/console port, four configuration buttons, a small backlit LCD, and 12 status indicators (10 of them showing each of the network port's connection speed). The remaining two show power and Arm/Disarm. The rear of the unit has a standard IEC power connector and switch.

The configuration and administration is performed via a client-based application -- WatchGuard System Manager. We were supplied with WSM 8.0 and once installed, we were guided through a quick setup wizard that covers things such as the licence key and initial port setup -- PPPoE on WAN if applicable. Administration comes via WSM and is a straight-forward menu system. On the topic of logging, amongst the usual formats Firebox logs can also be output in XML (with Fireware Pro) and WebTrends (WELF) format. When the Firebox System Manager is launched, a graphical representation is shown of traffic load as well as port status and other key system details.

The WatchGuard IDS system primarily revolves around blocking traffic and packets that can be defined in the Setup-Intrusion Prevention settings under the Fireware Policy Manager application. This includes selecting and setting parameters for a variety of common scans and attacks such as port and address space probes, and flood and spoofing attacks.

There is also a default policy for preventing denial-of-service (DS) attacks by simply limiting the quota of connections per second allowed to clients and servers on the network. The signature file settings can also be set here, but the actual updating is either automatic (if the administrator chooses), or manually via the Firebox System Manager application Security Service tab. Clients can also be notified if their connection is disabled by the appliance.

Also under the IPS settings is an option to setup blocked sites and ports. The blocked site is an IP-based system and can either be a Host IP, Network IP, or a Host Range. Blocked ports are simply individual ports, however, these can be set to automatically block sites that try to use the blocked ones.

Overall the Firebox X1000 is a very well-designed security appliance, with a configuration system slightly different from the run-of-the-mill browser-controlled systems. The WatchGuard system is slightly more complex but adds flexibility and can offer increased security.

Product	Firebox X1000
RRP	AU$6,513
Price range	AU$3,102 (x500) to $12,100 (x2500)
Vendor	WatchGuard
Phone	02 8912 2199
Web	www.watchguard.com

Interoperability
Very good levels of logging and reporting, configuration and management console takes a while to get used to.
Futureproofing
Very good futureproofing available with the Watchguard family of devices requiring no hardware replacement to upgrade.
ROI	½
Great pricing.
Service
12 months warranty seems about average for these types of devices, extended warranty is available.
Rating