WatchGuard Firebox Peak X5500e firewall
WatchGuard Firebox: Fiery performer at a nice price
- Client/server-based management system allows true offline editing of configuration, high throughput even when handling attacks, can turn on additional in-the-box features through licensing
- Blocked only a third of the attacks in our test, complex user interface, desperately needs wizards for common setup tasks (public server, VPN), must be online for initial setup, to download updates and user interface
WatchGuard Firebox Peak X5500e isn't easy to set up, but its use of XML configuration files works wonders for managing configuration across any number of devices and locations. Apart from complex initial configuration, this is a highly manageable, enterprise-grade, proxy-based firewall with impressive throughput, granular control, and an excellent price.
Price$ 5,990.00 (AUD)
Note: Pricing for this product is in US$.
WatchGuard's Firebox Peak X5500e is a strong, manageable firewall and is fast compared to other firewalls we've tested, but complexity and weak attack protection hold it back
In the WatchGuard Firebox, we encountered a system significantly different from the other three boxes in this test. The differences were as fundamental as the number of processor cores and the whitelist/blacklist balance, and they extended all the way out to the complexity of the user interface. If you're looking for an easy-to-configure box that works with minimal admin interaction, then the Firebox is not the system for you. If, on the other hand, you need a high-performance, highly secure firewall, and you are willing to invest in a learning curve and a rather complex configuration process, then our experience indicates that Firebox should be on your short list of systems to consider.
WatchGuard splits management and administration functions across two different applications. In this case, the complexity serves a good purpose: System administrators can edit the XML rules files offline, then push the new configuration to the box when the new rule set is complete (and debugged). We were able to watch this feature in action as the WatchGuard engineers modified and pushed configuration files almost constantly during our testing. (This wasn't a bad thing. WatchGuard was the first company to come in for testing and served as guinea pig as we did final debugging on the test scripts.)
The good news is that swapping entire configuration profiles is no more difficult than making subtle rule changes. The bad news is that making changes to a single rule isn't a lot simpler than pushing an entirely new configuration profile. Still, in either case, the Firebox's unique process means troubleshooting and performance tweaking are much easier and more convenient than they might have been; we could work on a new configuration while the previous version was still under testing.
Security as process
It's important to note that, unlike the other products in this test, WatchGuard's is very much a client-server architecture. While there are many times when the architecture makes very little difference, WatchGuard's approach can be an advantage when it comes to things like verifying regulatory compliance. For example, the WatchGuard engineer working with us had a folder on his machine noting every configuration we had tinkered with. In one instance, we went back a couple of weeks to try out a previous configuration with a new version of the Ixia test tool. While the other products could hold multiple configurations, and yes, you could save them off to your workstation, WatchGuard makes it easy enough that the XML code could easily be dropped into a bug tracker or version tracker for quality control and compliance verification.
Join the PC World newsletter!
Most Popular Reviews
- 1 Huawei P10 smartphone review
- 2 Huawei P10 Plus phone: Full, in-depth review
- 3 Motorola Moto G5 smartphone review
- 4 Oppo A57 phone: full, in-depth review
- 5 Moto G5 Plus phone: full, in-depth review
Latest News Articles
- Microsoft shows the power of its Pen with a new Whiteboard app and other upgrades
- Wanawiki is the WannaCry fix that might save affected PCs—if you work fast
- Microsoft redesigns OneNote UI to make it more universally accessible
- Google's Standalone VR and VPS address the clutter and clumsiness of virtual reality
- The WannaCry ransomware might have a link to North Korea
PCW Evaluation Team
- LG 2017 OLED TV range full review: W7 Signature Wallpaper, G7, E7 and C7 UHD TVs
- Huawei P10 smartphone review
- Huawei P10 Plus phone: Full, in-depth review
- What's the difference between an Intel Core i3, i5 and i7?
- Laser vs. inkjet printers: which is better?
- FTSocial Media Executive / Specialist (Facebook) - online gamblingNSW
- CCInfrastructure Test ManagerNSW
- FTlevel 2/3 SupportVIC
- CCSystems Analyst- Port MacquarieQLD
- FTDigital Business Analyst | Online BookingQLD
- FTOAM Specialist | 3-6mth ContractVIC
- FTTest AnalystNSW
- FTProject Manager / Web DeveloperVIC
- FTSenior Citrix Engineer / LeadNSW
- FTSenior IT Project ManagerSA
- CCIT Security Risk AnalystVIC
- FTDigital Developer | LAMP Stack | Digital AgencyNSW
- FTProject CoordinatorVIC
- CCPHP DeveloperNSW
- CCPega DeveloperSA
- TPAndroid DeveloperNSW
- FTICT SpecialistNSW
- CCGIS Consultant/ Developer - BRISBANENSW
- FTGraduate Technical ConsultantACT
- FTICT Transformation Integration ManagerNSW
- CCChange AnalystVIC
- FTEnterprise Architect - Network and TelecommunicationsNSW
- TPSenior Web DeveloperQLD
- FTEnterprise ArchitectVIC
- CCProcess Improvement Specialist - TelcoVIC