From here, you then select your appliance and load the FireBox System Manager (FSM), which opens with an informative display using a star-shaped graphic to show traffic passing between the external interface and all the others plus colour coded bars for general traffic and the load on the appliance. It also provides some useful graphs and charts of traffic activity and bandwidth usage and you can see which clients have been blocked by the appliance. There's also a section for all the extra UTM features where you can run manual updates for the anti-virus, anti-spam and IPS features.
Next, you go to the separate Policy Manager, which can be fired up directly from either the WSM or FSM. This provides the tools to configure security and your choices range from application proxies, packet filtering and custom rules. The application proxies are WatchGuard's ace feature as these provide Layer 7 content inspection, anti-virus and IPS facilities and make the Fireboxes very versatile.
For messaging security you configure the POP3 and SMTP proxies where you can put thresholds on the maximum message sizes, apply anti-virus scanning and control what file attachments types are allowed in or out. For the latter you have the option to allow an attachment than matches your pattern, block it, or ask for it to be scanned for viruses. The Lock option could prove useful as this wraps an attachment so only the administrator can open it.
The SpamBlocker service can be activated for both messaging proxies although only the SMTP proxy supports the quarantine server. WatchGuard has teamed up with CommTouch which works alongside a number of ISPs allowing it to passively monitor mail messages and compute hashes for each one. This enables it to identify spam very quickly as it simply compares hashes with its own servers. Messages that trigger a response will receive either a confirmed spam, bulk and suspect message categorisation and you can use these to apply actions such as allowing, tagging, denying, dropping or quarantining.
SurfControl looks after web content filtering duties and the number of categories available has gone from 40 up to 54 and the appliance can now handle HTTP and HTTPS URLs. The web proxies are easy enough to configure for blocking specific categories and we were able to send our clients customised web warning pages when they accessed blocked sites. We found SurfControl's performance to be impressive in the lab with very little slipping though its net.
Gateway anti-virus measures are handled by the open source ClamAV and can be configured for SMTP, POP3, HTTP, FTP, DNS and TCP-UDP proxies. The latter proxy can also be used for application blocking where it enables you to control the use of IM and P2P apps, although only five choices are provided for each category.
During testing we found the various features on the FireBox reasonably easy to configure and liked the fact that the application proxies make it particularly versatile. Distributing some services such as web content filtering and message quarantining does fly in the face of the concept of an appliance based solution but SMBs looking for a complete security solution will find the FireBox Core X750e particularly good value.
Verdict
The X750e Firewall appliance offers an impressive range of features for the price. Strong policy based security is enhanced with web content filtering and the improved reporting tools are particularly good, although the number of services that have to be run on other systems does complicate management.
Chassis: 1U rack
Processor: 1.3GHz Celeron M 320
Memory: 512MB 533MHz DDR2, 128MB CompactFlash
Accelerator: Cavium Nitrox Lite chip
Network: 8 x Gigabit Ethernet
OS: WatchGuard FireWare 10
Other: WatchGuard and Firebox System Manager utilities and WebBlocker, Report, Logging and Quarantine servers included
