WatchGuard's Firebox Peak X5500e is a strong, manageable firewall and the fastest in our test, but complexity and weak attack protection hold it back
WatchGuard Firebox Peak X5500e isn't easy to set up, but its use of XML configuration files works wonders for managing configuration across any number of devices and locations. Apart from complex initial configuration, this is a highly manageable, enterprise-grade, proxy-based firewall with impressive throughput, granular control, and an excellent price.
In the WatchGuard Firebox, we encountered a system significantly different from the other three boxes in this test. The differences were as fundamental as the number of processor cores and the whitelist/blacklist balance, and they extended all the way out to the complexity of the user interface. If you're looking for an easy-to-configure box that works with minimal admin interaction, then the Firebox is not the system for you. If, on the other hand, you need a high-performance, highly secure firewall, and you are willing to invest in a learning curve and a rather complex configuration process, then our experience indicates that Firebox should be on your short list of systems to consider.
WatchGuard splits management and administration functions across two different applications. In this case, the complexity serves a good purpose: System administrators can edit the XML rules files offline, then push the new configuration to the box when the new rule set is complete (and debugged). We were able to watch this feature in action as the WatchGuard engineers modified and pushed configuration files almost constantly during our testing. (This wasn't a bad thing. WatchGuard was the first company to come in for testing and served as guinea pig as we did final debugging on the test scripts.)
[ When is a UTM not a UTM? Read the overall results of the InfoWorld Test Center's great UTM challenge. Read the other reviews: Astaro Security Gateway 425 | SonicWall NSA E7500 | ZyXel ZyWall USG1000. Compare the UTMs feature by feature. ]
The good news is that swapping entire configuration profiles is no more difficult than making subtle rule changes. The bad news is that making changes to a single rule isn't a lot simpler than pushing an entirely new configuration profile. Still, in either case, the Firebox's unique process means troubleshooting and performance tweaking are much easier and more convenient than they might have been; we could work on a new configuration while the previous version was still under testing.
Security as process
It's important to note that, unlike the other products in this test, WatchGuard's is very much a client-server architecture. While there are many times when the architecture makes very little difference, WatchGuard's approach can be an advantage when it comes to things like verifying regulatory compliance. For example, the WatchGuard engineer working with us had a folder on his machine noting every configuration we had tinkered with. In one instance, we went back a couple of weeks to try out a previous configuration with a new version of the Ixia test tool. While the other products could hold multiple configurations, and yes, you could save them off to your workstation, WatchGuard makes it easy enough that the XML code could easily be dropped into a bug tracker or version tracker for quality control and compliance verification.
|Test Center Scorecard|
|WatchGuard Firebox Peak X5500e||6||6||8||9||9||9||8|
This weekend's Windows 10 upgrade has users angry, and it's unclear if the ploy will continue
Speaking at the O'Reilly Fluent conference, Eich also endorsed the Service Workers mobile app...
You don't need a tinfoil hat, either. Opportunists have exploited consumer fears to create an industry...
Learn how to harness microservices to modify, scale, and update your apps constantly to meet changing...
Enterprise employees use mobile apps every day to get their jobs done, but when malicious actors start...
'Zero ratings' let users stream some sites without incurring bandwidth charges, but not others. So what...