WatchGuard Firebox Peak X5500e firewall
WatchGuard Firebox: Fiery performer at a nice price
- Client/server-based management system allows true offline editing of configuration, high throughput even when handling attacks, can turn on additional in-the-box features through licensing
- Blocked only a third of the attacks in our test, complex user interface, desperately needs wizards for common setup tasks (public server, VPN), must be online for initial setup, to download updates and user interface
WatchGuard Firebox Peak X5500e isn't easy to set up, but its use of XML configuration files works wonders for managing configuration across any number of devices and locations. Apart from complex initial configuration, this is a highly manageable, enterprise-grade, proxy-based firewall with impressive throughput, granular control, and an excellent price.
Price$ 5,990.00 (AUD)
When we first began working with the Firebox, we got very frustrated with all of the reboots we had to suffer through while making what we considered minor changes (IP, subnet mask, and so on). But that's because we didn't yet understand WatchGuard's client-server attitude toward configuration. Clearly enterprise in nature, the thick configuration utility wants you to check your configuration changes before you commit them. It's not a handy Web utility that could accidentally paint you into a corner. It wants you to make your changes as a single update so that individual changes can be considered before you hit the return key.
With the Firebox, you could easily have an entire lab configuration (sandbox) to do some initial testing, then pre-edit the changes necessary to drop the config into production. By the same token, you could remove a troubled unit from production and flip it into a lab setting to confirm or deny problems. WatchGuard allows you to save configuration files and swap between them really easily, regardless of whether you're touching the original serial number that the configuration was built on.
WatchGuard's client server approach started us thinking about how well the Firebox line fits regardless of your company size. From the SMB-oriented single console to a team approach with undocked windows spread across the front wall of a NOC, you could find a version of WatchGuard's hardware and combination of software that should fit your needs. This is a stratified product line with software upgrades within the hardware platform allowing you to fit the cost of the unit to your immediate needs but still permitting an easy upgrade path. From smaller Edge units to the Core SMB units all the way to the larger Peak units, the Firebox product line has granular layers allowing a much closer fit to individual company needs. The same stratification can work just as well within a highly distributed enterprise; with varying levels of authority, I could easily see firewall management becoming a team sport.
GUI or CLI?
While we were, in general, impressed by the WatchGuard, it wasn't perfect. The most significant hassle, though, came from the manufacturer's packaging rather than the basic system design; there was no software at all on the CD-ROM, nor were you able to download it from the Firebox's console. You must be able to download it from the WatchGuard site, and the first setup must be on an Internet-connected link since the system wants to do "activation." We asked about this and got the impression from WatchGuard that there is a way around this if you're using it on an isolated network, but that way is not covered in the startup guide (nor is it freely offered by the company's technical support).
Once we got past WatchGuard's system maintenance window and were able to download the Firebox Manager, it wasn't too bad to get through the initial setup. We were advised, though, to not use both the GUI and the CLI since the configs are stored differently. We were told to use one or the other -- a shame since, on so many systems, the GUI is perfect for simple configuration touch-ups while the CLI is there for the heavy lifting. For initial setup, we used the front-panel buttons to give the Firebox an IP address, then connected using the Firebox Manager. You can also do it using the included serial cable to avoid the pain of countless arrow pushes to change the IP address.
Even with the extensive testing (accompanied by the necessary extensive configuration and management that goes with spending weeks on a device's console), we weren't able to work with every single feature on each system. The supercool feature that we couldn't try out on the WatchGuard was the drag-and-drop VPN setup. As long as the console is able to get an encrypted link to both firewalls, you can do a drag and drop from the branch office to the home office for VPN setup.
Speed to burn
With a proxy-oriented architecture such as the Firebox's, you expect to take a hit in absolute packet-passing performance. Typically what you lose in throughput you gain in security, thanks to the proxy's ability to obscure the details of the devices inside the network from the outside world, making it nearly impossible for external devices to connect to them directly. So we were surprised to discover that the Firebox was the fastest UTM in our test -- faster even than the SonicWall, which costs three times as much.
Join the PC World newsletter!
Epson WorkForce ET-4550
Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop
UE Boom 2 Bluetooth speaker
Smart LED Bulb LB130
Samsung portable 1TB T3 drive
Linksys AC5400 MU-MIMO Gigabit router
Lexar® JumpDrive® S57 USB 3.0 flash drive
Epson EcoTank Expression ET-2500
Lexar® JumpDrive® S45 USB 3.0 flash drive
Logitech G403 Prodigy mouse
Acer Swift 7
Epson WorkForce DS-360W
Huawei Mate 9
3SIXT Ultra HD Sports Action Camera
Google Daydream VR headset
Lexar® Portable SSD
Belkin MIXIT Metallic Lightning to USB Cable
HD Pan/Tilt Wi-Fi Camera with Night Vision NC450
Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards
Dell XPS 13 laptop
Blade 28 backpack by Arc’teryx
Lexar® JumpDrive® C20c USB Type-C flash drive
HP Pavilion x360 13”
Surface Pro 4
Garmin Fenix Chronos smartwatch
Audio-Technica ATH-ANC70 Noise Cancelling Headphones
Dell Inspiron 5000 series 2-in-1
Most Popular Reviews
- 1 Huawei Mate 9 full in-depth smartphone review
- 2 ZTE Axon 7 review: Is ZTE dumping old stock on Australia?
- 3 Oppo R9s smartphone full review
- 4 Huawei Nova Plus smartphone review
- 5 Google Pixel XL full, in-depth smartphone review: Phones just got smarter
Latest News Articles
- Israeli soldiers hit in cyberespionage campaign using Android malware
- Hacker hijacks thousands of publicly exposed printers to warn owners
- Malicious online ads expose millions to possible hack
- San Francisco’s Muni transit system reportedly hit by ransomware
- How to make home IoT more secure: Assume the worst
PCW Evaluation Team
I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.
Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!
For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.
First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.
For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.
- How to quit Pokemon Go (or to start enjoying it again)
- Huawei Mate 9 full in-depth smartphone review
- Time to ditch Foxtel and the iQ3: How to replace Foxtel packages with cheaper alternatives
- What's the difference between an Intel Core i3, i5 and i7?
- Laser vs. inkjet printers: which is better?
- TPImplementation Business Partner - Business ModernisationNSW
- FTOnline Solutions AnalystNSW
- FTSenior Database AdministratorVIC
- CCSecurity Analyst - multiple rolesACT
- CCDesktop Engineer l WollongongNSW
- TPService Desk ManagerVIC
- TPSpatial Science OfficerQLD
- FTSenior Business Project ManagerNSW
- CCTechnical Consultant - ITSM/HP Service ManagerACT
- FTSenior Software Engineer x 2 - Positive Vetting, NV2 or NV1 required!!!!SA
- CCServiceNOW DeveloperNSW
- FTMid-Level Software Engineer x 2 - Adelaide Based (PV, NV2 or NV1 required)VIC
- TPIT Project Manager - Office relocationVIC
- TPEnvironment Specialist(DevOps)QLD
- FTSenior Business AnalystNSW
- FTSenior Software Engineer x 2 - Adelaide Based (PV, NV2 or NV1 required)Other
- TPDigital Process Business Analyst - Digital Transformation**NSW
- FT.Net Azure DeveloperSA
- FTMonitoring Tools Support l NimSoft , SMARTS, ehealth, TivoliNSW
- FTChief Architect - Public SectorACT
- FTSenior Software EngineerVIC
- TPOrganisational Change Manager - ICT Services TransformationQLD
- FTIt Security and process analystNSW
- CCSOE EngineerACT
- FTPerformance TesterACT