Watchguard Hardware Firewall - XTM 25 AND 3-YR LIVESECURITY
WatchGuard® XTM 2 Series
recommended for small businesses, remote offices, and wireless spots
■ Application-layer content inspection recognizes & blocks threats that stateful packet firewalls cannot detect.
■ Powerful subscription-based security services boost protection in critical attack areas for multiple
layers of defense. By partnering with leading technology providers, WatchGuard is able to integrate
best-of-breed security components into one UTM platform for stronger security at big cost savings.
– APT Blocker is a cloud-based service that uses a combination of sandboxing and full system emulation
to detect and block highly sophisticated Advanced Persistent Threats (APTs).
– Application Control keeps unproductive, inappropriate, and dangerous applications off-limits.
– Intrusion Prevention Service (IPS ) delivers in-line protection from malicious exploits, including
buffer overflows, SQL injections, and cross-site scripting attacks.
– WebBlocker controls access to sites that host objectionable material or pose network security risks.
– Gateway AntiVirus (GAV) scans traffic on all major protocols to stop threats.
– spamBlocker delivers continuous protection from unwanted and dangerous email.
– Reputation Enabled Defense ensures faster, safer web surfing with cloud-based reputation look-up.
– Data Loss Prevention (DLP) automatically inspects data in motion for corporate policy violations.
■ Multiple VPN choices (IPSec, SSL, L2TP) for secure remote access include support for Android and Apple
easY to manaGe
■ Interactive, real-time monitoring and reporting – at no additional charge – give an unprecedented
view into network security activity so you can take immediate preventive or corrective actions.
■ WatchGuard Dimension™, a public and private cloud-ready visibility solution, instantly turns raw
data into security intelligence.
■ RapidDeploy™ enables quick, secure configuration at remote locations without technical staff.
■ Intuitive management console centrally manages all security functions.
■ WAN and VPN failover provide redundancy for increased reliability.
■ Extend best-in-class UTM security to the WLAN by adding WatchGuard’s Wireless Access Points.
■ Drag-and-drop Branch Office VPN setup – three clicks and your remote office is connected.
HiGHest utm performance in tHe industrY
■ Firewall throughput of up to 540 Mbps and UTM throughput of 108 Mbps to keep traffic moving.
■ No need to compromise protection for strong performance or vice versa. Multi-layered, interlocking
security protects the network while throughput remains high.
■ Gigabit Ethernet ports support high-speed LAN backbone infrastructures & gigabit WAN connections.
wired or wireless – Your cHoice
■ Wireless models include optional dual-band 802.11/n technology for much more responsive
wireless network connection and expanded range. 2.4 GHz or less crowded 5 GHz band.
■ Multiple security zones give administrators precise control over Internet access privileges for
different user groups.
■ Wireless guest services segment the Internet for customers/guests.
XTM 2 Series XTM 25/25-W* XTM 26/26-W*
Firewall throughput 240 Mbps 540 Mbps
VPN throughput 40 Mbps 60 Mbps
AV throughput 95 Mbps 142 Mbps
IPS throughput 100 Mbps 226 Mbps
UTM throughput 80 Mbps 108 Mbps
Interfaces 10/100/1000 5 copper 5 copper
I/O interfaces 1 SRL/1 USB 1 SRL/1 USB
New connections per second 3,000 3,000
VLANs 50 50
Authenticated users limit 500 500
Wireless Available* 802.11a/b/g/n 802.11a/b/g/n
Branch Office VPN 10 40
Mobile VPN IPSec 5/10 (incl/max) 5/40 (incl/max)
Mobile VPN SSL/L2TP 11 25
Firewall Stateful packet inspection, deep packet inspection, proxy firewall
Application proxies HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3
Threat protection DoS attacks, fragmented & malformed packets, blended threats & more
VoIP H.323, SIP, call setup and session security
Filtering options Browser Safe Search, YouTube for Schools
Security subscriptions Application Control, IPS, WebBlocker, Gateway AV, Data Loss Prevention,
spamBlocker, Reputation Enabled Defense, APT Blocker
VPN & Authentication
Encryption DES, 3DES, AES 128-, 192-, 256-bit
IPSec SHA-1, SHA-2, MD5, IKE pre-shared key, 3rd party cert
Single sign-on Supports Windows, Mac OS X, mobile operating systems
Authentication RADIUS, LDAP, Windows Active Directory, VASCO, RSA SecurID, internal
Logging and notifications WatchGuard, Syslog, SNMP v2/v3
User interfaces Centralized console (WSM), Web UI, scriptable CLI
Reporting WatchGuard Dimension includes 70 pre-defined reports, executive
summary and visibility tools
Security ICSA Firewall, ICSA IPSec VPN, CC EAL4+, FIPS 140-2
Safety NRTL/C, CB
Network IPv6 Ready Gold (routing)
Hazardous substance control WEEE, RoHS, REACH
Routing Dynamic (BGP4, OSPF, RIP v1/v2), Policy-based VPN
High availability Active/passive
QoS 8 priority queues, DiffServ, modified strict queuing
IP address assignment Static, DHCP (server, client, relay), PPPoE, DynDNS
NAT Static, dynamic, 1:1, IPSec traversal, policy-based
Other features Port Independence, multi-WAN failover, transparent/drop-in mode