Transcript
WatchGuard®
Firebox® X Edge
PRODUCT DATASHEET
firewall protection • Strong for small offices and telecommuters zero day attack • Built-in prevention to stop new threats updated • Continually security subscriptions provide up-to-the-minute protection VPN services via • Secure IPSec, SSL, and PPTP protocols management • Intuitive dramatically streamlines administration
• team of security • Global experts are there when you
Upgradeable to protect your security investment
need them
Earth-friendly technology
Strong, Reliable Protection for Small Business Networks Small business networks need the same comprehensive protection that larger companies rely on, without the complexity. Now this can easily be achieved with the Firebox® X Edge e-Series firewall/VPN appliance from WatchGuard. The Firebox X Edge is a complete unified threat management (UTM) solution that blocks zero day attacks, spyware, viruses, trojans, spam, and blended threats to ensure that your data is safe. The easy-toconfigure branch office and VPN tunnels provide encrypted remote access to network resources, while its flexible networking features allow traffic and bandwidth prioritization for maximum efficiency and network performance. With its intuitive web-based user interface, the Edge is an excellent choice for businesses with limited IT resources, and comes in both wired and wireless models to meet your specific network requirements.
Proactive Zero Day Attack Prevention
Comprehensive Networking Capabilities
The robust network protection provided by the Firebox X Edge is based on sophisticated proxy technologies. They supply built-in, proactive defenses to block many kinds of attacks including buffer overflows, DNS poisoning, DoS, and DDoS. This unique level of zero day protection is far superior to products that rely solely on packet filter and signature-based technology to stop known threats. It puts strong defenses in place from the moment you turn on your Firebox.
Get the reliable, flexible networking options you need to ensure that your small business, remote offices, and branch offices are always secure and connected.
Added Protection in Critical Attack Areas Powerful security subscriptions provide additional layers of network protection. Fully integrated on the Edge and continually updated, they work cooperatively with the built-in defenses for a complete unified threat management solution.
• • •
spamBlocker Blocks nearly 100% of unwanted email and the malware it carries in real time, regardless of content, format, or language of the message WebBlocker Increases productivity and decreases security risks by blocking HTTP and HTTPS access to malicious or inappropriate web content Gateway AntiVirus/Intrusion Prevention Service Stops known spyware, trojans, viruses, and policy violations at the gateway
Centralized Management for Multiple Appliances When you deploy multiple Edge appliances as endpoints on a Firebox® X Peak™ or Core™ network, the Edge can be centrally managed using WatchGuard System Manager (WSM). WSM streamlines VPN and configuration management, allowing you to set unified security policies across the entire network, push appliance software updates to all managed Edges, and effortlessly create drag-and-drop VPN tunnels. WSM also provides comprehensive logging, flexible security policies, and real-time monitoring tools.
Secure, Efficient Traffic Management
•• • • •
Provide security for multiple external IP addresses Get support for Dynamic NAT, 1:1 NAT, and PAT Minimize network downtime with WAN failover to a secondary port or to a dial-up connection through the serial port Maximize connectivity with full VPN failover
Dependable, Configurable Quality of Service (QoS) Set priorities to dynamically allocate bandwidth so mission-critical and time-sensitive traffic, such as VoIP, takes precedence over less-critical traffic
Unmatched Ease of Use Firebox X Edge is managed with an intuitive webbased interface. Easy to set up and maintain, it reduces network administration time for the IT expert, while providing indispensable ease of use for novice administrators.
Flexible Wireless Security Wireless models include an 802.11b/g wireless access point with WPA, WPA2, and WEP security options. Three distinct wireless security zones (VAPs) give administrators precise control over Internet access privileges for different user groups
•
Protecting Your Security Investment As business needs grow, you can move up to the capacity and security features of a higher model in the line or add Edge Pro advanced appliance software by applying a simple software license key. That’s it – there’s no additional hardware to buy.
Firebox®X Edge
Keep Your Small Business Network Secure and Connected
Protect Your Network’s Perimeter
Managing a small business network is challenging. With a host of malicious threats on the Internet, you need solid network protection that includes proactive attack prevention – something a mere router cannot provide. Your solution needs to integrate multi-layered defenses that combat spam, spyware, viruses, and web-based exploits. Small businesses also have to deal with many of the concerns that large enterprises face, including the demands of multiple applications, high-volume traffic, and secure connectivity for remote users. If you’re coping with typical small business resource constraints, you’ll also want an affordable solution that has genuine ease of use, and can efficiently scale with your business as it grows.
Extending the robust network security at your central office to branch offices and remote users shouldn’t be a resource burden for your IT department. You need the same powerful protection at your network perimeter, while being able to manage the entire system from one central location. For maximum efficiency and cost-effectiveness, all components of your security solution must interoperate seamlessly, giving you the ability to set uniform security policies for the entire network that can be globally updated with a few mouse clicks. Meanwhile, the appliance at your branch office, whether wired or wireless, must have advanced networking features to guarantee that inter-office traffic and bandwidth are prioritized and managed.
The solution: Firebox X Edge from WatchGuard – designed to meet the needs of the small business network.
The solution: Firebox X Edge from WatchGuard – the ideal solution for extending the power of your Firebox X Peak or Firebox X Core from the central office to your branch offices and remote users.
TM
Why choose the Firebox X Edge for your small business?
Why choose the Firebox X Edge for your remote/branch offices?
• • •
•
Strong security out of the box, with smart default settings and configuration wizards to give you solid protection from day one
Unified threat management capabilities, including zero day protection, anti-spyware, anti-spam, anti-virus, intrusion prevention, and URL filtering deliver powerful, multi-layered defenses at the perimeter of your network
•
Fully integrated anti-spam, anti-spyware, anti-virus, intrusion prevention, and URL filtering security subscriptions provide comprehensive unified threat management to keep your network safe
Centralized configuration management provided by WatchGuard System Manager (WSM) on your Firebox X Peak or Core appliance dramatically streamlines administration of your remote/branch offices
•
Secure your inter-office connectivity with easy-to-configure branch office VPN tunnels. With WSM, you can create drag-and-drop VPN tunnels in three simple steps, saving valuable setup and maintenance time
•
Appliance software updates can be pushed to your remote Edge appliances with WSM so security policies are quickly and universally enforced, and appliance software is always current
•
Advanced networking features on the Firebox X Edge include 1:1 NAT, Dynamic NAT, Port Address Translation (PAT), and multiple external IP support for reliable, flexible networking options
• •
QoS with dynamic traffic management ensures bandwidth is managed and that time-sensitive traffic, such as VoIP, is prioritized over less-critical traffic
•
Remote users can connect securely using IPSec, SSL, or PPTP protocols
• • • • • •
Easy to set up and manage using an intuitive, web-based user interface. You don’t have to be an IT expert to get up and running quickly
Reliable, flexible networking options for the stand-alone office, including 1:1 NAT, Dynamic NAT, PAT, and multiple external IP support Traffic management and Quality of Service (QoS) capabilities to ensure that mission-critical traffic, such as VoIP, is prioritized over managed bandwidth Reduced network downtime with WAN failover capabilities in the event of a line disconnection to the primary WAN port Wireless security and guest services, allowing businesses to provide controlled Internet access to guest users without compromising security Secure access to critical network resources for off-site workers, using mobile IPSec and SSL VPN. Single sign-on provides easy user login Increase capacity and networking/security capabilities as your needs grow using a simple software license key – no new hardware required
Accommodate network guests without compromising security Wireless guest services provide secure and controlled Internet access, using the wireless access point on the Edge appliance
Firebox®X Edge Specifications
Firebox® X10e
Firebox® X10e-W Firebox® X20e
Firebox® X20e-W
Firebox® X55e
Firebox® X55e-W
WG50010
WG50011 N. America WG50012 Int’l WG50015 China WG50012-JP Japan to X20e-W or X55e-W
WG50021 N. America WG50022 Int’l WG50025 China WG50022-JP Japan to X55e-W
WG50055
WG50056 N. America WG50057 Int’l WG50060 China WG50057-JP Japan N/A
Model Upgradeable to X20e or X55e Firewall Throughput† 100 Mbps VPN Throughput† 35 Mbps Gateway AntiVirus/IPS with anti-spyware Optional Spam Blocking with virus outbreak detection Optional URL Filtering for HTTP and HTTPS Optional Serial Ports 1 Interfaces 10/100 6 Security Zones (incl.) 2 Concurrent Sessions 6,000 Nodes Supported (LAN IPs) 15 (upgradeable to 20) Branch Office VPN Tunnels 5 Mobile VPN Tunnels - IPSec (incl/max) 1/11 Mobile VPN Tunnels - SSL (incl/max) 1/11 Mobile VPN Tunnels - PPTP (incl/max) 10/10 Local User Authentication DB Limit 200 Edge Pro Advanced Appliance Software* Optional VPN Failover Included
WG50020
to X55e
N/A
100 Mbps 35 Mbps Optional Optional Optional 1 6 2 8,000 30 15 5/25 1/25 10/10 200 Optional Included
100 Mbps 35 Mbps Optional Optional Optional 1 6 2 10,000 Unlimited 25 5/55 55/55 10/10 200 Included Included
†
Throughput rates will vary depending on environment and configuration *Edge Pro advanced appliance software includes WAN failover, support of multiple WANS, load balancing across multiple WANs, policy-based routing, and the maximum supported SSL VPN tunnels
Features Security Features
••
Stateful Packet Firewall Outbound Deep Application Inspection • HTTP • FTP • POP3 Inbound Deep Application Inspection • SMTP Protocol Anomaly Detection Pattern Matching Fragmented Packet Reassembly Protection Malformed Packet Protection Static Blocked Sources List
• •• •• • VPN (DES, 3DES, AES) •• Encryption IPSec •• •• •
• SHA-1, MD5 • IKE - Pre-Shared Key, Firebox Certificate, 3rd Party Certificates (X.509) IPSec Passthrough Dead Peer Detection (RFC 3706) Hardware-based Encryption SSL Support PPTP Support (10 users)
User Authentication
• XAUTH • LDAP •• •• ••
• Windows® Active Directory RADIUS® Local Authentication Windows® NT Windows® 2000 Windows® 2003 Single sign-on
IP Address Assignment
••• Redundancy Features Failover** •• WAN WAN Failover to Serial Modem** • VPN Failover Traffic Management and Prioritization Traffic Prioritization •• Policy-based VPN Traffic Prioritization Marking Support • Full• Diffserv • IP Services of Service (4 Prioritization Queues) • Quality • Interactive Static PPPoE Client DHCP Server, Client, Relay
• High • Medium • Low Outgoing Load Balancing**
• Static NAT NAT ••• Dynamic 1:1 NAT NAT Traversal •• IPSec Policy-based PAT (Port Address Translation) External IP Addresses •• UpStaticto 8Routes DNS •• Dynamic VoIP and Video Conferencing Support Modes of Operation 3-Port Switch (Layer 2) •• Integrated Routed Mode (Layer 3) Advanced Networking
**Available with Edge Pro advanced appliance software upgrade for X10e, X10e-W, X20e, and X20e-W. Edge Pro comes with X55e and X55e-W models.
Management Software GUI •• Web WatchGuard System Manager (WSM) v9.1 or higher
Logging/Reporting Security and Activity Reports •• WSM Web-based Security Subscription Activity Reports Syslog •• WebTrends® Compatible Reports (available to WSM users) Reports (available to WSM users) •• HTML Encrypted Log Channel Appliance Software • v10 or higher Wireless Security Capabilities Guest Services •• Wireless 802.11b/g •• 3WPAVirtual Access Points (VAPs) •• WPA2 WEP Certifications ICSA Labs Certified: IPSec •• West Coast Labs Checkmark • Firewall Level 1, VPN, Web Filtering, Intrusion Prevention, Anti-Spam
Support & Maintenance Hardware Warranty •• 1-Year Initial 90-Day or 1-Year LiveSecurity® Service Subscription
Firebox®X Edge Dimensions and Power Appliance Dimensions Wired
7.4" x 6.5" x 1.4" (18.8 x 16.5 x 3.6 cm)
Wireless (antennae extended)
10.6" x 6.5" x 7.3" (26.9 x 16.5 x 18.5 cm)
Packaging Dimensions Wired
13.3" x 11.9" x 4.4” (33.8 x 30.2 x 11.2 cm)
Wireless
13.3" x 11.9" x 4.4” (33.8 x 30.2 x 11.2 cm)
1.8 lbs (0.8 Kg)
Wireless
1.9 lbs (0.9 Kg)
Total Weight Wired
3.3 lbs (1.5 Kg)
Wireless
3.8 lbs (1.7 Kg)
100-240 VAC Autosensing
Power Consumption
U.S.: 12 Watts Rest of World: 172 Cal/min or 41 BTU/hr
Rack Mountable
No
Environmental
Appliance Weight Wired
AC Power
WEEE Weight
Operating Temperature
32 – 113° F (0 – 45° C)
Non-operating Temperature
-40 – 158° F (-10 – 70° C)
Operating Humidity
10 - 85%
Non-operating Humidity
5 - 90% Non-condensing at 131° F (55° C)
Non-operating Random Vibration
7 - 28 Hz 0.001 to 0.01 G2 per Hz
Wired
2.0 lbs (0.9 Kg)
Operating Mechanical Shock
20 G with 11 Msec duration 1/2 sine wave
Wireless
2.1 lbs (1.0 Kg)
WEEE/RoHS Compliant
Yes
Back
Back
Firebox X Edge
Firebox X Edge Wireless
Ready to Upgrade to Edge Pro?
One Solution, One License, One Great Price.
Edge Pro is an advanced appliance software upgrade* for the Firebox X10e, X10e-W, X20e, and X20e-W. Activated with a simple license key, Edge Pro delivers enhanced networking and security features. Load balancing increases reliability by ensuring traffic is distributed evenly across multiple ISP connections Policy-based routing allows preferential treatment to mission-critical services and applications WAN failover minimizes network downtime Edge Pro also automatically increases the number of SSL VPN tunnels to expand your secure remote access options.
Get everything you need for comprehensive unified threat management for your small business/remote office with the Firebox X Edge e-Series UTM Bundle. An exceptional value, each package includes: Firebox X Edge e-Series appliance Gateway AV/IPS (1 year) spamBlocker (1 year) WebBlocker (1 year) LiveSecurity Service (1 year)
• • •
• • • • •
From initial purchase through ongoing security management, the Firebox X Edge e-Series UTM Bundle streamlines network security management while providing powerful network protection. Buy together and save!
*Edge Pro is included with Edge X55e and X55e-W appliances.
FREE! 30-day trials Get free 30-day trials of Gateway AntiVirus/IPS, spamBlocker, and WebBlocker with the purchase of a Firebox X Edge. Contact your reseller for details.
For more information on Firebox X Edge, visit www.watchguard.com/appliances
ADDRESS: 505 Fifth Avenue South, Suite 500, Seattle, WA 98104 • WEB: www.watchguard.com • U.S. SALES: 1.800.734.9905 • INTERNATIONAL SALES: +1.206.613.0895 No express or implied warranties are provided for herein. All specifications are subject to change and any expected future products, features or functionality will be provided on an if and when available basis. ©2008 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard Logo, Firebox, LiveSecurity, Core, and Peak are either trademarks or registered trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. All other trademarks and tradenames are the property of their respective owners. Part No. WGCE66389_012508
IPSec
Firewall Level 1
VPN
Web Filtering
Intrusion Prevention
Anti-Spam
WatchGuard®
LiveSecurity®Service
SERVICE DATASHEET
n Hardware warranty with
advance hardware replacement included
n LiveSecurity phone techs
target a 4-hour response time in every international time zone
n Software downloads bring
you the latest updates, feature enhancements, and new capabilities
n Advance hardware
replacement saves you time and money
n Online self-help offers
technical research and product training
Earth-friendly technology
The best support offering in the industry
Faster Responses, Smarter Support WatchGuard® knows just how important support is when you are trying to secure your network with limited resources. You require greater knowledge and assistance in a world where security is becoming more critical, and LiveSecurity® Service gives you the backup you need, starting with an initial LiveSecurity subscription* that supports you from the moment you register your WatchGuard appliance. Our integrated security appliances and services are backed by superior support designed to protect your network, save valuable time, and maximize your security investment. We’ll assist you in understanding what’s happening in your network, and show you what to do to ensure that all the components of your security system work together to protect your organization. And we’re standing by if you need reinforcements.
Hardware Warranty Having an active LiveSecurity subscription extends the one-year warranty that is included with each WatchGuard security appliance.** Not only that, LiveSecurity provides advance hardware replacement, which means that should there ever be a hardware failure, WatchGuard will ship a replacement in advance of receiving the returned appliance to minimize downtime.
Software Updates and Enhancements There's no such thing as “set it and forget it” security. LiveSecurity gives you ongoing software updates to ensure your security is always working in top form. Unlike other security vendors, we give you more than just the standard fixes. You get feature enhancements, full-rev updates, and new capabilities as long as your subscription is active. Obtaining software updates is easy, with no additional cost or paperwork. Simply download them from the LiveSecurity home page, and you're up to date!
Your Early Warning System The heart of LiveSecurity is the WatchGuard Rapid Response Team. This group of seasoned experts closely monitors daily security developments and emerging hacker techniques, delivering timely, concise security intelligence directly to your email inbox. These are more than just automated alerts. They provide relevant information that will help you stay ahead of attackers, with specific commentary on how your WatchGuard systems can block or reduce the risk.
The LiveSecurity team targets a 4-hour response time n
Practical: LiveSecurity alerts always list specific steps you can take to address a new threat
Superior Customer Care and Expert Technical Support Twenty-four hours is a long time when your network is at risk, but that’s the response time many security companies think is reasonable. WatchGuard Technical Support responds quickly — within 4 hours in most cases. In addition, our support team is available 12 hours every day in every international time zone. Priority queuing for critical issues is also available.
“WatchGuard customer support is head and shoulders above the rest.”
LiveSecurity keeps you informed with alerts that are: n n n
Timely: When new threats arise, you're among the first to know Concise: You'll know within seconds what the issue is and how important it is to you Comprehensive: LiveSecurity reports cover substantive network security issues for Microsoft® Windows®, Macintosh®, and UNIX®/Linux
Kyle Young, senior technical analyst, Houston Community Call Center
LiveSecurity offers a variety of technical support services to meet your needs, from VPN installation services to a premium program for companies requiring 24/7 support and a 1-hour response time. Results-driven WatchGuard support engineers take ownership of your problem and partner with you to help resolve issues, even if the trouble isn’t caused by our product.
*When you purchase a Firebox X e-Series security appliance, you can select the LiveSecurity subscription option that best fits your budget cycle and renewal schedule – an appliance with a full one-year subscription to LiveSecurity, or an appliance with an initial 90-day subscription. **Hardware warranty sold separately for SOHO, SOHO6, Firebox®III, and Vclass products
LiveSecurity®Service Expert Guidance
n
Today’s network security environment changes so quickly that if you blink, you can start falling behind. By taking advantage of LiveSecurity instruction, you'll be better equipped to handle security issues as they arise. No other security vendor does as much to educate you in the role of security-savvy network administrator. n
n
n n
n
SecurityWise Training Courses: Improve your organization's network security by heightening your users' security awareness, behaviors, and sense of personal responsibility Video training: Sometimes the best way to learn is to see it for yourself; these videos show examples such as how to upgrade your product, ways to defend against rootkits, and more Advanced FAQs: Get important information about configuration options and operation of systems and products Interactive User Forum: Post issues and get help from other users and WatchGuard staff
LiveSecurity®: Your On-Demand Security Expert
Latest Product Resources: Receive all–hours access to user guides and online help Searchable Knowledge Base: Access support resources such as FAQs, tutorials, and online help systems, plus information on known issues and fixes
Warranties That Work for You All WatchGuard hardware comes with a 1-year limited hardware warranty to keep your firewall in top shape and keep your network protected. When your year is up, extend your warranty easily by renewing your LiveSecurity subscription through an authorized WatchGuard reseller. For details on warranties, visit www.watchguard.com/products/warranty.asp. For more information on the Out of Warranty Advance Replacement Program, visit www.watchguard.com/support/warrantyout.asp. To purchase or renew a 1-year LiveSecurity subscription, contact your WatchGuard reseller, or use your WatchGuard log-in to visit our online store at https://www.watchguard.com/store/default.asp.
Hardware Replacement n Advance Replacement n Convenient & Timely
Early Warning System
Evolving Defense n Software Updates n Feature Enhancements
LiveSecurity®
n Up-to-the-Minute Security Alerts n Informative Articles
Service
Security Instruction n Online Knowledge Base n Training Videos
LiveSecurity Service — Get it! Don’t face network security alone. Get the best backup in the industry with a LiveSecurity subscription. WatchGuard knows what you're up against, and has support options for every need. Contact your reseller or call WatchGuard at 1.800.734.9905 (U.S./Canada) or +1.206.613.0895 to subscribe today.
Superior Customer Care n Expert Support n Fast Response Time
NEW!
Subscription Options
When you purchase a Firebox X e-Series security appliance, you can select the LiveSecurity subscription option that best fits your budget cycle and renewal schedule – an appliance with a full one-year subscription to LiveSecurity, or an appliance with an initial 90-day subscription.
Got it? Don’t Lose it! Is your LiveSecurity subscription about to expire? Don’t wait — damage to your network is costlier than a subscription renewal. Play it safe with up-to-theminute security warnings, software updates, technical support, advance hardware replacement, training and tutorials, and self-help resources. Contact your reseller or call WatchGuard at 1.800.734.9905 (U.S./Canada) or +1.206.613.0895 to renew today. ADDRESS: 505 Fifth Avenue South, Suite 500, Seattle, WA 98104 • WEB: www.watchguard.com • U.S. SALES: 1.800.734.9905 • INTERNATIONAL SALES: +1.206.613.0895 WEB: U.S. SALES: ADDRESS: 1.800.734.9905 505 Fifth Avenue South www.watchguard.com No express or implied warrantiesE-MAIL: are provided for herein. All specifications are subject to change and any expected future products, features or functionality will be provided on an if and when INTERNATIONAL SALES: Suite basis. 500 ©2007 WatchGuard available Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard Logo, Firebox, LiveSecurity, and Stronger Security, Simply Done are either trademarks or
[email protected] Seattle,trademarks WA 98104 registered of WatchGuard Technologies, Inc. in the United +1.206.613.0895 States and/or other countries. All other trademarks and tradenames are the property of their respective owners. Part No. WGCE66407_073107
