Most wireless (and wired) routers marketed for small businesses today offer some degree of firewall protection, and some even allow for a basic level of VPN tunneling. Few, however, offer more than a handful of options to secure and properly configure your network security. With Firebox Edge X5, WatchGuard promises you an all-in-one wireless firewall and VPN appliance that does it all. It’s a promise that it strives hard to meet.
What It Is: Seeing Red
The Firebox is all about security. The first visual cue about the device’s purpose is its distinctive red color (which is common on WatchGuard’s security appliances). The color obviously doesn’t make the product any more secure, but it certainly does make a strong first impression and differentiates it (visually) from the typical grey/black/silver/white schemes you find with most networking gear. In our test environment a few people noticed it simply because of its color. If only looks alone could stop bad traffic.
Fire-engine red color aside, the WatchGuard Firebox Edge X5w is a serious firewall and VPN security appliance. The X5w is the entry-level device in the Firebox X Edge line, which is specifically geared for edge-of-network applications for small businesses of varying sizes. The X5w is a 9-port appliance (the 10th port requires an additional license to activate) that allocates six 10/100 ports the “trusted” network, one for the “optional” (essentially a DMZ) network and one enabled WAN port. An SPI firewall is also part of the mix, helping to keep the bad traffic out of your network.
VPN figures strongly into the appeal of the X5w thanks to its easy-to-use and easy-to-set-up IPsec capabilities that features both Data Encryption Standard and 3DES. The X5w is enabled for two branch office VPN tunnels and optionally up to 11 mobile user VPN tunnels.
Configuration: You Make the Call
Setting up the X5w can be as easy or as complex as you want to make it. That is, the device has a layered browser-based management interface, which looked easy enough at first. However, as we dug deeper, we quickly realized the complexity and power that the X5w offers. The start System Status page offers (as you’d expect) an overview of all Firebox features (user licenses, managed and manual VPN, Mobile Use VPN, Trusted, Optional and External network configuration and status as well as firewall status).
You can dig deeper on any of those or use the side tab menu (Network, Firebox Users, Administration, Firewall, Logging, WebBlocker, VPN, Wizards and Authenticate User) for even more control and options. While all this may sound a bit overwhelming, the well-designed user interface never lets it look too daunting.
On the theme of easy and comprehensive, WatchGuard has also thrown in a Quickstart Guide that lives up to its name. There’s also one of the most comprehensive and insightful user guides that we’ve come across from a networking appliance manufacturer. The documentation is a textbook on what networking is about and how to use the Firebox edge to make your network secure for your own particular needs and requirements.
The capability to segregate your network into different areas of trust (and thus permissions and access) is not a new concept, but it is one that hasn’t always been all that easy to execute. Most of the SMB-focused devices will let you set up a DMZ of sorts, but it usually end there. The division of optional (mixed trust), trusted and external with bridges between them is a subtle yet powerful concept that is well executed and implemented on the Firebox.
For example, you can set rules that restrict traffic between the optional and trusted networks as well as limit wireless users to either of those trust zones. In terms of both user license and features, WatchGuard makes the X5w an upgradeable device. However, it is bit annoying that optional items such as WebBlocker and WAN failover are included on the user interface, but you need to pay extra to get them to work.
The only other nitpick we have about this excellent device relates to service and update discovery. WatchGuard includes 90 days of its LiveSecurity service with the X5w, but in our experience, the only “contact” we had was via e-mail. Certainly we could easily have gone to the WatchGuard support site, but we would have preferred an RSS or some other feed directly into the management user interface.
Also, the interface doesn’t tell you if you’re running the latest firmware. Sure, it’ll tell you what version you’re running but when you click update, you’re left with a blank dialogue box that you need to fill with an update file that you’re supposed to go and get yourself from WatchGuard. Again, this is easily done, but it would have been a whole lot easier if the software update actually directly validated the version in use and automatically downloaded and/or prompted the user for the relevant update.
Keep the Fires Outside Your Network
All told, WatchGuard’s Firebox X5w Edge Wireless is one of the most powerful and full featured SMB firewall and VPN appliances that we’ve tested. In more than two months of regular use and testing in different environments, it performed exceedingly well. Out of the box it worked better than any other solution we’ve tried. Though with its configuration options and add-ons that we have yet to fully use in an actively trafficked environment, it’s likely that we have not fully recognized all the benefits that it offers. That’s a good thing. Each time we encounter a new networking or security conundrum, we can go back to WatchGuard and see if the Firebox has a setting (or solution) that will address the issue.
If you own or run a small business and are looking to step up from a retail-store-bought broadband router/firewall to a commercial-grade solution, the Firebox X5w Edge Wireless is a great choice.Price: $569
- IPsec VPN
- Easy to use Management UI
- Commercial grade firewall and security
- Not all features enabled without additional purchase.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|