|
|
|
 XTM 23 & XTM 23-W
Small package, Xtreme Security, Xtreme Performance for small organizations that need Xtreme value!
The XTM 23 model is ideal for Remote offices, small businesses/organizations, and wireless hotspots with up to 50 users looking for strong security, flexible management, and advanced networking and need an affordable, all-in-one security solution.
WatchGuard® XTM 2 Series appliances deliver a new class of performance driven security for small businesses. Network protection is stronger than ever, with full HTTPS inspection and VoIP support.
The XTM 2 Series comes with three 1-Gigabit Ethernet ports for faster link speeds and is also available in a wireless model that includes dual-band 802.11n technology for greater wireless speed and responsiveness.
An XTM 2 Series appliance can be used as a stand-alone security solution for a small business/organization, and makes an ideal endpoint for connecting a secure VPN tunnel back to a WatchGuard XTM or WatchGuard Firebox network.
The WatchGuard XTM 23 model ships with the Fireware® XTM Pro operating system.
___________________________________________________________________________________
When it comes to purchasing an XTM 23 or XTM 23-W (wireless) appliance you have several options, each with their own pro's and con's. Option 1 (Appliance Only), Option 2 (Appliance bundled with LiveSecurity), Option 3 (Appliance bundled with XTM Security Suite), and Option 4 (Trade-up Options). Then you have various subscriptions, model upgrade paths to the XTM 23/23-W, add-ons, and accessories available to you as well.
Option 1: Appliance Only (Wired or Wireless)
Pro's for this use:
-
Can use as a very basic firewall is that is all you want and not concerned about increasing security at the gateway.
-
Can use as a VPN Appliance where you have to VPN into Headquarter's Firewall to access the Internet.
-
Use the XTM 22-W as a wireless access point only.
-
The XTM 23/23-W models ships with Fireware® XTM Pro operating system.
-
Can upgrade to the XTM 23/23-W by simply purchasing a license key. No need to trade-up to a new box. Keep the same box, apply the key and you move up the XTM 23/23-W with all the extra features and benefits associated that model.
Con's for this use:
- Only have very basic firewall security . . . may not allow you to meet PCI/DSS, HIPPA, or any number of data protection regulations unless you are using it as only a VPN appliance to access the Internet through headquarter's firewall.
- Support is limited to 90-days. Must renew by expiry date or you will have to purchase a . . .
- 1-year Renewal + Reinstatement fee OR
- 2 or more year Renewal to avoid Reinstatement fee.
- To add-on XTM security Suite, any of the individual security services, and or support subscriptions at a later date will be more expensive than purchasing the bundled options that are available.
Back to Top
Option 2: Appliance bundled with LiveSecurity (1, 2, or 3-year Options)
Pro's for this use:
-
You can purchase the appliance bundled with 1, 2, or 3-year of LiveSecurity® Support (upgradeable to LiveSecurity® Gold) which includes your:
-
Advanced hardware replacement in case of a failure,
-
12x5 Technical Support with 4-hour response (up to 5 incidents per subscription year on the web or phone),
-
Security Alerts,
-
Firmware/Software Updates, and
-
Online Training & Tools
-
LiveSecurity Support is a renewable subscription.
-
Can use as a simple basic firewall but will have support in case you need it or need to replace the hardware quickly in case of a failure.
-
Can use as a VPN Appliance where you have to VPN into Headquarter's Firewall to access the Internet and still have support in case you need it or need to replace the hardware quickly in case of a failure.
-
Can use the XTM 23-W as a wireless access point only and still have support in case you need it or need to replace the hardware quickly in case of a failure.
-
The XTM 23/23-W models ships with Fireware® XTM Pro operating system.
-
Can upgrade to the XTM 23/23-W by simply purchasing a license key. No need to trade-up to a new box. Keep the same box, apply the key and you move up the XTM 23/23-W with all the extra features and benefits associated that model.
Con's for this use:
-
Though you have LiveSecurity Support, you still only have very basic firewall security which may not allow you to meet PCI/DSS, HIPPA, or any number of data protection regulations.
-
You do not have any gateway security (i.e. XTM Security Suite).
-
To add-on XTM security Suite or any of the individual security services at a later date is more expensive than purchasing the XTM Security bundled options that are available and that inlcude the support.
Option 3: Appliance bundled with XTM Security Suite (1, 2, or 3-year Options)
Pro's for this use:
-
You can purchase the appliance bundled with 1, 2, or 3-year of XTM Security Suite which includes your:
-
Gateway Anti-virus,
-
Intrusion Prevention Service (Now More Robust),
-
-
-
spamBlocker,
-
WebBlocker, and
-
LiveSecurity® Support (upgradeable to LiveSecurity® Gold) includes
-
Advanced hardware replacement in case of a failure,
-
12x5 Technical Support with 4-hour response (up to 5 incidents per subscription year on the web or phone),
-
Security Alerts,
-
Firmware/Software Updates, and
-
Online Training & Tools
- XTM Security Suite is a renewable subscription.
-
Can use as a full blown firewall with VPN features and meet the various data protection regulations that exist.
-
Less expensive to purchase the XTM Security Suite bundled on the unit than to purchase the appliance only or appliance bundled with LiveSecurity and then add-on the security features individually that you want.
-
The XTM 23/23-W models ships with Fireware® XTM Pro operating system.
-
Can upgrade to the XTM 23/23-W by simply purchasing a license key. No need to trade-up to a new box. Keep the same box, apply the key and you move up the XTM 23/23-W with all the extra features and benefits associated that model.
Con's for this use:
Option 4: Trade-up from an Older WatchGuard or Qualifying Competitor's Appliance
If you have an earlier model of WatchGaurd than the XTM Series or a qualifying competitive appliance, then you can trade up to a WatchGuard XTM firewall appliance.
Why trade up to an XTM Appliance?
The reasons why you want to trade up to an XTM model are very simple . . .
Increased Speed
With the use of multi-core processors it allows the appliance to handle all the processes that are being asked of it much quicker. This means a more efficient network and more productive employees and that leads to . . .
Increased Security
When it comes to processing potential threats, the faster an appliance can do so, the more threats it can process through its system, and the quicker it can shut those threats down and allow good things to pass through. That means your network is more secure and once again, provides a more efficient network and more productive employees because you lessen the likelihood that a threat will get through the system and thus causing disruption or even a shut down of the network. This increased security is also due to the . . .
Better Operating System
& New Security Features
The XTM line runs on the 11.x Operating System (O/S), an O/S that is much better that what the older units ran on. The highest O/S level any earlier models can rise up to is the 10.x. What's the difference? Besides some standard operating differences, the 11.x O/S allows the XTM line to take advantage of some new security features that are currently in play and others that will show up in the future that the Firebox e-Series, Firebox, and earlier models cannot take advantage of. The current new features are Reputation Enabled Defense, Application Control, and a more robust Intrusion Prevention Service.
Subscriptions, Upgrades, Add-ons, & Accessories
Subscriptions to LiveSecurity (1, 2, or 3-year options), XTM Security Suite (1, 2, or 3-year options), and the individual security features of the XTM Security suite (1-year options only) are available as add-on renewable subscriptions. All subscriptions purchased as part of a bundle with the XTM appliance are renewable also.
Upgrades Available:
- Upgrade your XTM 21/21-W or XTM 22/22-W to the XTM 23/23-W through the purchase and application of a license key and gain all the features and benefits of the XTM 23/23-W model.
Add-ons such as Mobile VPN (IPsec) licenses allow you to increase your IPsec VPNs up to the maximum allowed for the XTM 23/23-W. You can purchase these in 5, 10, 20, or 55 packs for the XTM 23/23-W. The XTM 23/23-W comes with 5 Mobile VPN license and maxes out at 55.
Accessories such as wallmount brackets, power supply, and wireless antennae are available for purchase as you need them.
With an XTM 2 Firewall appliance your network is . . .
SECURE
- Application-layer content inspection recognizes and blocks threats that stateful packet firewalls cannot detect.
Wide-ranging proxy protection comes from robust security on HTTP, HTTPS, FTP, SMTP, POP3, DNS, TCP/UDP.
Security subscriptions boost protection in critical attack areas for complete unified threat managment.
Includes Skype blocking – the first of a new generation of built-in application-blocking capabilities.
Delivers integrated SSL VPN for simple, anywhere-anytime network access.
EFFICIENT
- Scriptable CLI supports interoperability and allows easy integration into existing infrastructure for quick, direct connection.
- Interactive, real-time monitoring and reporting – at no extra charge – give an unprecedented view into network security activity, so you can take immediate preventive or corrective actions.
- Interactive, real-time monitoring and reporting – at no extra charge – give an unprecedented view into network security activity, so you can take immediate preventive or corrective actions.
- Intuitive management console centralizes con gurations and streamlines remote management.
- Three 1-GbE interfaces allow faster link speeds, which is particularly useful for trusted LAN.
- Drag-and-drop Branch O- ce VPN setup – three clicks and your remote o- ce is connected.
- Role-based access control (RBAC) allows top administrator to create custom roles for granular control.
FLEXIBLE
-
Call setup security for VoIP means you don’t need to “wire around the firewall” to take advantage of the big cost savings that VoIP can generate.
-
WAN and VPN failover increase performance, redundancy, and reliability.
-
Multiple VPN choices deliver flexibility in remote access.
-
Includes PPPoE options for modem setup and scheduled redial for predictable PPPoE session restarts where regional providers require them, without the disruption of a full appliance reboot.
-
Advanced networking features, like transparent bridge mode and multicast overVPN, allow you to add security without needing to change existing network infrastructure.
WIRED OR WIRELESS - IT'S YOUR CHOICE!
-
Wireless models include optional dual-band 802.11n technology for much more responsive wireless network connection and expanded range.
-
Allows users to access 2.4 GHz or less crowded 5GHz band.
-
Three distinct wireless security zones give administrators precise control over Internet access privileges for different user groups.
-
Wireless guest services segment the Internet for customers/guests.
CAPABLE
-
Multi-layered, interlocking security protects the network.
-
Secure remote connectivity keeps mobile workforce productive.
-
Intuitive, centralized management gives you the control you need to manage e- ciently.
-
Choice of wired or wireless models to suit your speci c business requirements
-
Security and reporting tools support industry and regulatory compliance.
Model Comparisons & Specifications
|
Firewall Model |
XTM 21 / XTM 21-W |
|
XTM 23 / XTM 23-W |
| Ideal For: |
Remote offices, small businesses with up to 10 users that need and easy-to-manage solution at a great price |
Remote offices, small business, wireless hotspots with up to 25 users that want an affordable, all-in-one security solution |
Remote offices, small businesses, wireless hotspots with up to 50 users looking for strong security, flexible management , and advanced networking. |
| Upgradeable? |
Yes: Upgrade to a higher model within the XTM 2 Series line by purchasing and applying a simple license key. No costly hardware redeployment necessary. |
N/A |
|
Throughput and Connections |
|
Firewall Throughput* |
110 Mbps |
150 Mbps |
195 Mbps |
|
VPN Throughput* |
35 Mbps |
55 Mbps |
55 Mbps |
| XTM Thourghput* |
18 Mbps |
30 Mbps |
40 Mbps |
|
Interfaces:
10/100
10/100/1000
I/O (USB) |
3
3
2 |
3
3
2 |
3
3
2 |
|
Serial Ports |
1 |
| DMZs |
6 |
|
Nodes Supported (LAN IPs) |
|
|
Concurrent Sessions:
Bi-directional:
Uni-directional: |
10,000
20,000 |
20,000
40,000 |
30,000
60,000 |
|
VLANs (bridging, tagging, routed mode) Incl./Max. |
20/50** |
50 |
|
Local User Database |
100 |
200 |
200 |
|
VPN Tunnels (Included/Max) |
|
Branch Office VPN |
5 |
20 |
50 |
|
Mobile VPN with SSL Incl. / Max. |
1/11** |
1/25** |
55 |
|
Mobile VPN with IPSec. Incl. / Max.
|
1/11** |
5/25** |
5/55 |
| PPTP |
50 |
50 |
50 |
|
Security |
|
Firewall |
Stateful packet inspection, deep packet inspection, proxy firewall |
|
Application Proxies |
HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3 |
|
Threat Protection |
Blocks spyware, DoS attacks, fragmented packets, malformed packets, blended threats and more |
| Intrusion Prevention |
DOS, DDOS, PAD, port scanning, spoofing attacks, address space probes, and more |
|
VoIP |
H.323. SIP, call setup & session security |
|
Security Subscriptions |
WebBlocker, spamBlocker, Gateway AntiVirus, Intrusion Prevention Service (available as individual options or bundled as a group on appliance) |
|
VPN & Authentication |
|
Encryption |
DES, 3DES, AES 128-, 192-, 256-bit |
|
IPSec |
SHA-1, MD5, IKE pre-shared Key, 3rd party cert import |
|
SSL |
Thin client, Web exchange |
|
PPTP |
Server & Passthrough |
|
VPN Failover |
Yes |
|
Single Sign-On |
Transparent Active Directory Auth. |
|
XAUTH |
Radius, LDAP, Windows Active Directory |
|
Other User Authentication |
VASCO, RSA SecurID, web-based, local |
|
Networking |
|
Operating System |
Fireware XTM, upgradeable to XTM Pro. |
XTM Pro |
|
IP Address Assignment |
Static, DynDNS, PPPoE, DHCP (server, client, relay) |
|
Routing |
Fireware XTM: Static
Upgrade to Fireware XTM Pro: Policy-based |
Policy-based |
|
QoS |
8 priority queues, diffserv, modified strict queuing |
|
NAT |
Static, dynamic, 1:1, IPSec traversal, policy-based |
|
Other Features |
Fireware XTM: Port Independence & Transparent/drop-in mode
Upgrade to Fireware XTM Pro: Multi-WAN load balancing & Multi-WAN failover |
|
Wireless Models |
|
Radio Specs |
Dual Band 802.11a/b/g/n - allows users access 2.4 GHz or less crowded 5GHz band |
|
Channel Data Rate |
In general, the available data rates for an IEEE 802.11a/b/g/n device range from 1 Mbps in the worst conditions to over 200 Mbps in the best conditions. |
|
Antennae |
Three 2.0 dBi swivel-mount whip antennas. The whip antenna has a radiation pattern similar to a sphere that is depressed in the center. |
|
Virtual Assist Points |
3 |
| Wireless Guest Services |
Yes |
|
Management - Centralized (Multibox) Management. Optional licenses enable Drag and Drop VPN and one-touch Edge updates. |
|
Management Platform |
WatchGuard System Manager (WSM) v.11 or higher |
|
Alarms & Notifications |
SNMP v2/v3, Email, Management System Alert |
|
Server Support |
Logging, Reporting, Quarantine, WebBlocker, Management |
|
Web UI |
Support Windows, Mac, Linux, and Solaris OS |
|
CLI |
Includes direct connect and scripting |
|
Support & Maintenance |
|
LiveSecurity Service |
30-days initial with appliance only. Units bundled with LiveSecurity available with 1, 2, or 3-year subscription. Incudes hardware replacement, 12x5 technical support with 4-hour response time, firmware/software updates, threat alerts. Option to renew for 1, 2, or 3 years. |
|
Hardware |
|
Product
Dimensions |
Wired: 7.4"x6.125"x1.25" (19.1x15.6x3.2 cm)
Wireless: (Antennae Extended) 10.5"x7.75"x5" (26.7x19.7x12.7 cm) |
|
Shipping Dimensions |
13.25"x10.5"x3.4" (33.7x26.7x8.6 cm) |
|
Shipping Weight |
Wired: 3.2 lbs (1.45 Kg) Wireless: 3.6 lbs (1.6 Kg) |
|
AC Power |
100-240 VAC autosensing |
|
Power Consumption |
Wired: Max 23.3 Watt (80 BTU) Wireless: 24.0 Watt (82 BTU) |
|
Rack Mountable |
No (Wall mount bracket included) |
| Certifications |
| Security |
ICSA, FIPS 140-2 and EAL4+ in progress |
| Safety |
NRTL/C, CB |
| Hazardous Substance Compliance |
WEEE, RoHS, REACH |
* Throughput rates will vary based on environment & configuration
** Maximum number available with upgrade to Fireware XTM Pro
|
|
|
 |
|
 |
|
 |
|
Check Out the:
Videos: Fireware XTM vs. the Other Guy
White Paper: Practical Advantages of Fireware® XTM for Hands-On IT Administrators
______________
XTM 2 Series Quick Facts:
Application-layer content inspection recognizes & blocks threats that stateful packet firewalls cannot detect.
802.11n wireless allows users to access 2.4 GHz or less crowded 5 GHz band.
To maximize port utilization, any of the ten ports can be configured as Internal, External, or Optional.
Multiple VPN choices for flexibility in remote access.
Upgrade to a higher model within the series for more performance and capacity with a simple license key. XTM 23 is the highest model within the XTM 2 Series you can upgrade in this way.
|
|
|
|
|
APC