WatchGuard's Firebox Peak X5500e is a strong, manageable firewall and the fastest in our test, but complexity and weak attack protection hold it back
When we first began working with the Firebox, we got very frustrated with all of the reboots we had to suffer through while making what we considered minor changes (IP, subnet mask, and so on). But that's because we didn't yet understand WatchGuard's client-server attitude toward configuration. Clearly enterprise in nature, the thick configuration utility wants you to check your configuration changes before you commit them. It's not a handy Web utility that could accidentally paint you into a corner. It wants you to make your changes as a single update so that individual changes can be considered before you hit the return key.
With the Firebox, you could easily have an entire lab configuration (sandbox) to do some initial testing, then pre-edit the changes necessary to drop the config into production. By the same token, you could remove a troubled unit from production and flip it into a lab setting to confirm or deny problems. WatchGuard allows you to save configuration files and swap between them really easily, regardless of whether you're touching the original serial number that the configuration was built on.
WatchGuard's client server approach started us thinking about how well the Firebox line fits regardless of your company size. From the SMB-oriented single console to a team approach with undocked windows spread across the front wall of a NOC, you could find a version of WatchGuard's hardware and combination of software that should fit your needs. This is a stratified product line with software upgrades within the hardware platform allowing you to fit the cost of the unit to your immediate needs but still permitting an easy upgrade path. From smaller Edge units to the Core SMB units all the way to the larger Peak units, the Firebox product line has granular layers allowing a much closer fit to individual company needs. The same stratification can work just as well within a highly distributed enterprise; with varying levels of authority, I could easily see firewall management becoming a team sport.
GUI or CLI?
While we were, in general, impressed by the WatchGuard, it wasn't perfect. The most significant hassle, though, came from the manufacturer's packaging rather than the basic system design; there was no software at all on the CD-ROM, nor were you able to download it from the Firebox's console. You must be able to download it from the WatchGuard site, and the first setup must be on an Internet-connected link since the system wants to do "activation." We asked about this and got the impression from WatchGuard that there is a way around this if you're using it on an isolated network, but that way is not covered in the startup guide (nor is it freely offered by the company's technical support).
Once we got past WatchGuard's system maintenance window and were able to download the Firebox Manager, it wasn't too bad to get through the initial setup. We were advised, though, to not use both the GUI and the CLI since the configs are stored differently. We were told to use one or the other -- a shame since, on so many systems, the GUI is perfect for simple configuration touch-ups while the CLI is there for the heavy lifting. For initial setup, we used the front-panel buttons to give the Firebox an IP address, then connected using the Firebox Manager. You can also do it using the included serial cable to avoid the pain of countless arrow pushes to change the IP address.
You may still be better off sticking with Win7 or Win8.1, given the wide range of ongoing Win10...
Microsoft buried a Get Windows 10 ad generator inside this month's Internet Explorer security patch for...
Here’s the best of the best for Windows 10. Sometimes good things come in free packages
The creator of Linux talks in depth about the kernel, community, and how computing will change in the...
The latest additions to Google's mobile OS should give you plenty to chew on
The open source operating system celebrates its 25th anniversary this month
Google's gRPC aims to oust JSON for exchanging data between HTTP-connected services