WatchGuard Firebox Peak X5500e firewall
WatchGuard Firebox: Fiery performer at a nice price
Note: Pricing for this product is in US$.
- Client/server-based management system allows true offline editing of configuration, high throughput even when handling attacks, can turn on additional in-the-box features through licensing
- Blocked only a third of the attacks in our test, complex user interface, desperately needs wizards for common setup tasks (public server, VPN), must be online for initial setup, to download updates and user interface
WatchGuard Firebox Peak X5500e isn't easy to set up, but its use of XML configuration files works wonders for managing configuration across any number of devices and locations. Apart from complex initial configuration, this is a highly manageable, enterprise-grade, proxy-based firewall with impressive throughput, granular control, and an excellent price.
Price$ 5,990.00 (AUD)
WatchGuard's Firebox Peak X5500e is a strong, manageable firewall and is fast compared to other firewalls we've tested, but complexity and weak attack protection hold it back
In the WatchGuard Firebox, we encountered a system significantly different from the other three boxes in this test. The differences were as fundamental as the number of processor cores and the whitelist/blacklist balance, and they extended all the way out to the complexity of the user interface. If you're looking for an easy-to-configure box that works with minimal admin interaction, then the Firebox is not the system for you. If, on the other hand, you need a high-performance, highly secure firewall, and you are willing to invest in a learning curve and a rather complex configuration process, then our experience indicates that Firebox should be on your short list of systems to consider.
WatchGuard splits management and administration functions across two different applications. In this case, the complexity serves a good purpose: System administrators can edit the XML rules files offline, then push the new configuration to the box when the new rule set is complete (and debugged). We were able to watch this feature in action as the WatchGuard engineers modified and pushed configuration files almost constantly during our testing. (This wasn't a bad thing. WatchGuard was the first company to come in for testing and served as guinea pig as we did final debugging on the test scripts.)
The good news is that swapping entire configuration profiles is no more difficult than making subtle rule changes. The bad news is that making changes to a single rule isn't a lot simpler than pushing an entirely new configuration profile. Still, in either case, the Firebox's unique process means troubleshooting and performance tweaking are much easier and more convenient than they might have been; we could work on a new configuration while the previous version was still under testing.
Security as process
It's important to note that, unlike the other products in this test, WatchGuard's is very much a client-server architecture. While there are many times when the architecture makes very little difference, WatchGuard's approach can be an advantage when it comes to things like verifying regulatory compliance. For example, the WatchGuard engineer working with us had a folder on his machine noting every configuration we had tinkered with. In one instance, we went back a couple of weeks to try out a previous configuration with a new version of the Ixia test tool. While the other products could hold multiple configurations, and yes, you could save them off to your workstation, WatchGuard makes it easy enough that the XML code could easily be dropped into a bug tracker or version tracker for quality control and compliance verification.
Best Deals on PCWorld
- NotebooksView all »
- TabletsView all »
- Mobile PhonesView all »
- Printers & ScannersView all »
- Networking, Wireless & VoIPView all »