Article Preview
Buy Now
REVIEW
Firebox x500
Issue: 4.6 (July/August 2006)
Author: Brian Rathbone
Article Description: No description available.
Article Length (in bytes): 4,282
Starting Page Number: 9
Article Number: 4605
Related Web Link(s):
http://www.watchguard.com/
Full text of article...
Many software developers and small businesses, especially those that produce socket-based software, quickly outgrow SOHO routers. This presents a problem for those who don't have extensive router and firewall experience and also lack the resources to hire a firewall expert or procure fully managed services. What many desire is a product that is easy to configure and support, has ample documentation, and allows a cost effective upgrade path for when their needs grow. The Firebox x500 is all that and more.
The x500 is a combination router, firewall, switch, proxy server, and VPN gateway. The unit is configured through a GUI interface that allows for offline changes that can be uploaded to the Firebox at a later time. The main limitation of this software is that it is only available for Windows.
Once the initial configuration is complete, the management software provides configurable logging capabilities and real-time traffic reporting. By default, sites that repeatedly attempt to connect to denied ports will be automatically blocked, but this functionality can be disabled if desired, or specific sites can be added to an exception list. During my tests, I found that sites in the exception list were still being blocked, and I had to either allow the offending traffic or disable the automatic site blocking in order to prevent my remote users from getting locked out.
The Policy Manager allows you to create traffic rules to allow or deny different types of traffic to and from certain networks or specific hosts. There are even built in proxies that can be used for common protocols like HTTP and FTP. The proxies offer some advantages over regular filters in that they can be used to monitor user activities.
Several types of Network Address Translation (NAT) are supported. One to one NAT allows multiple static IP addresses to be mapped to internal hosts. Dynamic NAT provides one to many translation of a single, outside IP address to multiple internal addresses for outbound communication. Static NAT provides inbound port-mapping functionality. All of these NAT types can be used simultaneously, and service based NAT is also available to handle situations where multiple trusted networks exist and some addresses should not be masqueraded under certain circumstances.
The x500 can be upgraded up to model x2500 through software -- just purchase an upgrade and enter the license number in Policy Manager. Additional features, such as high-availability mode, can make the upgrade worthwhile. While testing with a pair of x700s in high-availability mode, I pulled the power cable out of my primary x700 during a high-activity period, fully expecting my Citrix users to get disconnected. To my surprise, the x700s had been synchronizing session data, and no persistent connections were lost.
While administration of the x500 requires a considerable amount of networking knowledge, it is far less daunting than managing competing products that offer only a command line interface. Several of my emails to Watchguard technical support appear to have been ignored, but the online materials and forums yielded solutions in their stead.
End of article.