Introducing the “Welcome to Xojo” Bundle!

New to Xojo and looking for guidance? We've put together a terrific bundle to welcome you! Xojo Bundle

This bundle includes six back issues of the magazine -- all of year 20 in printed book and digital formats -- plus a one-year subscription (beginning with 21.1) so you'll be learning all about Xojo for the next year. It's the perfect way to get started programming with Xojo. And you save as much as $35 over the non-bundle price!

This offer is only available for a limited time as supplies are limited, so hurry today and order this special bundle before the offer goes away!

Article Preview

Buy Now

Issue 4.6


Firebox x500

Issue: 4.6 (July/August 2006)
Author: Brian Rathbone
Article Description: No description available.
Article Length (in bytes): 4,282
Starting Page Number: 9
Article Number: 4605
Related Web Link(s):


Full text of article...

Many software developers and small businesses, especially those that produce socket-based software, quickly outgrow SOHO routers. This presents a problem for those who don't have extensive router and firewall experience and also lack the resources to hire a firewall expert or procure fully managed services. What many desire is a product that is easy to configure and support, has ample documentation, and allows a cost effective upgrade path for when their needs grow. The Firebox x500 is all that and more.

The x500 is a combination router, firewall, switch, proxy server, and VPN gateway. The unit is configured through a GUI interface that allows for offline changes that can be uploaded to the Firebox at a later time. The main limitation of this software is that it is only available for Windows.

Once the initial configuration is complete, the management software provides configurable logging capabilities and real-time traffic reporting. By default, sites that repeatedly attempt to connect to denied ports will be automatically blocked, but this functionality can be disabled if desired, or specific sites can be added to an exception list. During my tests, I found that sites in the exception list were still being blocked, and I had to either allow the offending traffic or disable the automatic site blocking in order to prevent my remote users from getting locked out.

The Policy Manager allows you to create traffic rules to allow or deny different types of traffic to and from certain networks or specific hosts. There are even built in proxies that can be used for common protocols like HTTP and FTP. The proxies offer some advantages over regular filters in that they can be used to monitor user activities.

Several types of Network Address Translation (NAT) are supported. One to one NAT allows multiple static IP addresses to be mapped to internal hosts. Dynamic NAT provides one to many translation of a single, outside IP address to multiple internal addresses for outbound communication. Static NAT provides inbound port-mapping functionality. All of these NAT types can be used simultaneously, and service based NAT is also available to handle situations where multiple trusted networks exist and some addresses should not be masqueraded under certain circumstances.

The x500 can be upgraded up to model x2500 through software -- just purchase an upgrade and enter the license number in Policy Manager. Additional features, such as high-availability mode, can make the upgrade worthwhile. While testing with a pair of x700s in high-availability mode, I pulled the power cable out of my primary x700 during a high-activity period, fully expecting my Citrix users to get disconnected. To my surprise, the x700s had been synchronizing session data, and no persistent connections were lost.

While administration of the x500 requires a considerable amount of networking knowledge, it is far less daunting than managing competing products that offer only a command line interface. Several of my emails to Watchguard technical support appear to have been ignored, but the online materials and forums yielded solutions in their stead.

End of article.