WatchGuard Firebox X15w review
The distinctive Firebox X Edge products from WatchGuard are primarily aimed at small businesses looking for an all-in-one network security solution. However, they’re also designed to integrate with the company’s new Peak and Core appliances, with a view to providing secure VPN tunnels to the head office network for remote workers and offices.
The Firebox X15w on review delivers a fine range of features for the price. These include an SPI firewall, 802.11b/g wireless operations, integral Ethernet switch, optional web-content filtering and anti-virus measures. Build quality and design are very good. The X15w comprises a solid metal box with plenty of status indicators on the front panel. You get seven switched Fast Ethernet ports, and the primary RJ-45 WAN port can be used to connect an ADSL or cable modem. The eighth LAN port is essentially a DMZ, as this optional network can be used to limit access from the WAN or wireless networks.
A second WAN port is provided for the optional failover feature, and there’s also a serial port for a secondary fall-back modem connection. The X15w supports static addressing and PPPoE. During testing, we successfully achieved Internet access on the X15w via a LAN connection to a proxy server using just DHCP. We also had no problems testing an ActionTec intelligent ADSL modem connected to the WAN port.
Installation is easy enough. First you point a browser at the unit’s default LAN address and access it securely over HTTPS. A quick-start wizard gets basic port configuration, time zones and Internet access out of the way and then you move to the main interface. This hasn’t changed much over the past couple of years, but it doesn’t need to, as it has always been simple to use. It opens with a comprehensive system page showing the status of each interface, the firewall and the various features and licences. The appliance enforces a limit of 25 wired and wireless connections to the WAN, but this can be increased by entering a new licence key.
The firewall defaults to blocking all unsolicited inbound WAN traffic, but you can easily add extra filters to incoming and outgoing connections for blocking or allowing specific services. Wireless security is good, with WEP/WPA encryption, MAC address restrictions and SSID masking on offer. You can also restrict wireless users to Internet access only by blocking them from seeing the internal network. VPN support is a cut above the rest too. You can create tunnels with other IPsec-compliant routers, while mobile workers can call in safely once they’ve downloaded and installed the MUVPN client software.
The optional WebBlocker service is hosted by SurfControl and offers 14 undesirable content categories. You can also enforce authentication from any client requesting Internet access. During testing we found this component worked a lot better than many other SME security services, rarely missing a trick. Clients who try to access a banned site are redirected to the appliance and curtly advised of their transgression.
Small businesses that want more from their security appliance should consider the Firebox X15w. It does cost more than the majority of budget-priced boxes from companies such as Netgear and D-Link, but you do get a good range of security features, and the web content filtering option looks particularly good value.