IT Pro Verdict
The X750e Firewall appliance offers an impressive range of features for the price. Strong policy based security is enhanced with web content filtering and the improved reporting tools are particularly good, although the number of services that have to be run on other systems does complicate management.
WatchGuard may be focusing heavily this year on its new range of SSL-VPN appliances, but its well established Firebox firewall and VPN appliances have been receiving some extra attention as well. In this exclusive review we bring you low-down on its Core X750e, which targets SMBs looking for an all-in-one security solution.
A key feature of all Firebox models is their ability to grow easily with demand. The X750e represents the mid-ground of the Core Family but you can start off with the X550e and purchase extra licenses to take its performance up to that of an X750e and then on to the X1250e. WatchGuard offers plenty of other upgrade options as you can turn the X750e into a full UTM appliance providing anti-virus, anti-spam, IPS and web content filtering.
If you want all your security services completely centralised on the appliance then look away now as WatchGuard uses a significantly different modus operandi where a number of services have to be run from other systems on the LAN. The WebBlocker content filtering service runs on any Windows system on the LAN for which the appliance proxies all HTTP traffic. It also handles category database updates itself and we were disappointed to see that this process can still only be automated using the Windows Task Scheduler.
To store spam and infected messages you need to set up a quarantine server whilst reporting and logging also have their own servers as well. All four services can be run from a single system but it's possible to distribute them across the network. To ensure you have the latest version, WatchGuard doesn't include the software but expects you to download the WatchGuard System Manager (WSM) from its web site. We found installation easy enough and opted to run the lot on a single Windows Server 2003 R2 system.
Appliance installation is also painless as after booting it into safe mode you download and deploy the latest FireWare software image. This also sets up a basic network configuration and the system defaults to allowing outbound traffic and blocking unsolicited inbound traffic. You can also run the appliance in router mode where it has different subnets on each of its network ports.
Drop-in mode makes for a much easier installation although all ports on the appliance must have the same IP address assigned to them. The disadvantages here are this method doesn't support WatchGuard's Multi-WAN round robin balancing mode or port failover.
For testing, we opted for routed mode and placed the appliance between our LAN and Internet router. Initial contact to the X750e is made via the WSM utility, which is designed to manage multiple FireBox appliances and provides details on the status of each network port along with traffic throughput.
Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.
Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.