| |||
|
|
||
|
|||
| |
|
Home > Security News > WatchGuard offers 'excellent' UTM product |
| |
|
|
|
|
| Security News: |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|
|||||||||||||||||||
Category: Unified Threat Management
WatchGuard's unified threat management (UTM) appliances are a one-stop shop for border security needs, especially for a small- to medium-sized business. We evaluated the Firebox X1250e, which features eight 10/100 interfaces, stateful packet inspection, application proxies, remote-user and site-to-site VPN, and optional modules for gateway antivirus, antispyware and antispam protection, plus URL filtering. Configuration/Management: A
The management interface is one of the best we've seen. The rules setup is logical and does not require knowing any cryptic languages. The proxies and other features are well integrated, and can be configured and enabled/disabled easily for each rule. Effectiveness: B+
Application proxies for HTTP, FTP, SMTP and DNS, and a generic TCP proxy allow the firewall to inspect traffic and deny or allow the request based on your policy. For example, we set up a rule in the FTP proxy to deny "get" requests. The rule worked as intended and wouldn't allow any file downloads. The controls are granular; you can, for example, block the download of certain extensions, and block or allow HTTP requests or content types in the HTTP proxy. Firebox's IPS capabilities are strong. By default, it will block anyone trying to port-scan or send suspicious packets through the device; our port scans got us quickly blacklisted. We set up a Web site behind the Firebox and attacked it using Metasploit, but all our attacks were stopped. The antivirus module is based on open-source ClamAV, which we've found to be a competent antivirus. One issue here is that you can only use the antivirus through the HTTP and SMTP proxies, so, for instance, there is no way to scan files going through the FTP proxy. The VPN uses IPSec and PPTP, supporting remote user and branch connections. Back-end authentication can be implemented through Firebox itself, RADIUS, Active Directory, LDAP or RSA Security's SecurID. The VPN client only works with Windows--a restriction for some shops, which can use the less secure PPTP option. The antispam filtering, provided by Commtouch, picked up spam that even our tuned SpamAssassin filter missed. While Firebox's URL filtering module features many categories and blacklisted sites, it was possible to get around some by using the IP address. Reporting: B+
However, the reporting gives you an excellent breakdown of device statistics, traffic stats, and IPS alerts, and a report of hits on any rules you have in place (such as users trying to visit blocked Web sites. There are also extensive real-time monitoring capabilities including traffic and bandwidth monitors, device statistics (memory usage, processes running) and a list of authenticated users. Verdict
Testing methodology
This product review originally appeared in the January 2007 edition of Information Security magazine. |
|
|
||||||||||||||||||
| ||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
| |||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
