FIREBOX® VCLASS
WATCHGUARD® FIREBOX® VCLASS
ENTERPRISE-LEVEL SECURITY
The Firebox Vclass brings high-speed network security to enterprise-class businesses, remote offices, service providers, and data
centers. Firebox Vclass combines, firewall security, VPN support, intrusion prevention functionality, and powerful traffic management
with Fast Ethernet and Gigabit Ethernet connections. Our intelligent security ASIC architecture delivers scalable support for up to
40,000 VPN tunnels. An install wizard and device discovery utility shortens installation time to minutes. Firebox Vclass appliances
include an intuitive, multi-platform Java-based GUI management console for flexible and effective centralized management.
All Firebox Vclass models are fully IPSec-compliant, with built-in core software and management tools that provide consistent
network infrastructure security. Every Firebox Vclass appliance includes comprehensive management and monitoring software, a
one-year limited hardware warranty, and a renewable initial term of our innovative LiveSecurity Service, proactive support that
keeps your system current and armed against the latest threats.
FIREBOX® VCLASS SECURITY FEATURE HIGHLIGHTS
Firebox Vclass combines security strengths –
such as intrusion prevention at the application layer
(layer 7), firewall protection at layers 3 and 4,
throughput from 20 Mbps to 1.1 Gbps, and support
for up to 40,000 VPN tunnels – with powerful
networking features that include QoS and
Server Load Balancing.
INTRUSION PREVENTION
WatchGuard has been building intrusion prevention technology
into our security appliances since 1997. Today we offer a mature,
integrated set of intrusion prevention functions with our Firebox
Vclass appliances.
■ Intrusion Prevention is a vital part of layered network security
to reduce network and data vulnerability, and increase the ROI
of any security solution. Our built-in intrusion prevention
functionality is managed from the same award-winning system
that supports our firewall and VPN technology.
■ Application Layer (Layer 7) Inspection via proxies. Complete
data packets, including header and payload, are thoroughly
inspected, and dangerous content discarded – additional security
without performance compromise. Firebox Vclass models include
HTTP and SMTP proxies.
■ Malicious Source IP Address Blocking prevents intruders
from making further connection attempts for a user-defined
period of time.
■ Protocol Anomaly Detection enforces protocol standards.
■ Packet Reassembly ensures entire packet contents are inspected.
■ Built-in Intrusion Prevention Technology eliminates the
need for additional hardware or software.
■
■
■
■
■
■
■
HIGH PERFORMANCE ASIC PROCESSOR
INTRUSION PREVENTION FUNCTIONALITY
SCALABLE TO 40,000 VPN TUNNELS
SECURE, CENTRALIZED JAVA-BASED MANAGEMENT
GIGABIT ETHERNET INTERFACES
SUPPORT THROUGH LIVESECURITY SERVICE
Integrates Intrusion Prevention with existing Intrusion
Detection (passive detection) systems for active protection
against hostile actions.
FIREWALL SECURITY
■
■
■
Dynamic Stateful Packet Filtering monitors network traffic
and denies or allows it based on the active security policy.
Network Address Translation (NAT) hides internal IP
address information from the outside world for added security,
simplifies management of IP addresses and reduces the need
for public IP addresses. Firebox Vclass models support Static,
Dynamic, Virtual IP NAT and IPSec NAT-Traversal.
Predefined Firewall Services simplify configuration and
administration. Firebox Vclass models include more than 70
predefined firewall services.
VPN SUPPORT
■
■
VPN Tunnel Switching reduces the complexity of creating and
managing VPN tunnels and policies, using hub and spoke topology.
VPN Tunnel Management provides central management
with extensive real-time viewing options for instant traffic
analysis of VPN tunnel networks.
■
■
Mobile User VPN with VPN authentication gives enterprise
remote users secure IPSec-compliant VPN connections and a
personal firewall with configurable access rules and security
levels.
PKI Authentication authenticates VPN traffic and remote users
using an industry-standard authentication method.
of McAfee VirusScan ASaP licenses. Additional licenses
are available from your reseller.
SERVICES
■
NETWORKING
■
■
■
■
■
■
■
■
■
Multi-Tenant Managed Security for Service Providers
allows secure, centralized creation and management of security
policies for up to 200 tenants with Firebox V200, V100 and V80
using VLAN technology. Firebox V60 and V60L support 10 tenants.
VLAN Tagging tells switches to communicate and create VLANs.
Firebox Vclass appliances tag VLAN Ethernet packets so a device
receiving a tagged packet can determine to which VLAN the
packet belongs.
Quality of Service (QoS) Port Shaping meters traffic for
smooth flow and reduces packet loss by configuring ports to
accommodate the varying abilities of network devices. Not
available on Firebox V200
QoS Traffic Shaping prioritizes traffic according to importance
and reduces packet loss. Not available on Firebox V200.
High Availability Active/Passive allows you to install a second,
standby Firebox Vclass appliance for failover protection in the
event the primary appliance fails for any reason.
High Availability Active/Active (optional for Firebox V100
and V80, included with V200) lets you install a second, active
Firebox appliance for redunancy protection and increased
throughput. Both units must be the same model.
Dynamic Routing algorithms compare available traffic options,
adjust routing patterns in the network, and dynamically select
the best route to a destination.
Network Diagnostic tools such as Tcpdump, Traceroute,
Netstat, Ping, and ARP help simplify management.
Server Load Balancing distributes traffic across multiple
servers for smooth network operation.
DESKTOP SECURITY
■
■
■
Mobile User VPN with VPN authentication gives enterprise
remote employees secure 3DES VPN IPSec communications.
Personal Firewall gives mobile users configurable access rules
and security levels for protection against attacks through
remote-to-corporate VPN tunnels.
McAfee® VirusScan® ASaP from WatchGuard and McAfee
Security. Your Firebox Vclass comes with a limited number
■
■
■
LiveSecurity® Service keeps your security system
up-to-date. Every Firebox Vclass includes a renewable
subscription to our LiveSecurity Service, backed by worldclass security experts, technical support representatives, and
trainers. You receive threat alerts and responses, software
updates, support flashes, editorials, technical support, and
online self-help tools.
LiveSecurity Service Gold (optional) is available to all
Firebox Vclass LiveSecurity subscribers. This program offers
expanded service levels including 24/7 technical support, target
one-hour maximum response time, and direct access to our
Priority Support Team.
Limited Hardware Warranty Extension Program (optional) allows
you to extend your original limited hardware warranty.
WatchGuard Training (optional) offers a broad spectrum of
online and classroom courses, certification programs, and
publications.
FIREBOX® VCLASS MANAGEMENT
Firebox VcontrollerTM management software for individual
Firebox Vclass appliances includes an intuitive Java®-based
GUI and a powerful command line interface (CLI). Vcontroller
management software comes with every Firebox Vclass model.
■ The Install Wizard simplifies Firebox Vclass installation.
■ Monitoring, Logging, and Alarms cover an extensive array
of system activities. Logs may be sent to a log file server
for archiving or analysis by third parties such as WebTrends®.
■ Device Discovery provides a simple step-by-step process to
locate and configure all appliances within the same subnet
range as the management console.
■ Policy Checker ensures that policies are implemented in the
correct order, preventing inadvertent overrides.
■ Optional WatchGuard Central Policy Manager (CPM)
simplifies policy deployment and analysis for multiple Firebox
Vclass installations by allowing you to manage your entire
infrastructure from a central console. A powerful, highly scalable
global management platform for large enterprises, data centers,
and service providers, WatchGuard CPM features drag-anddrop VPN configuration, simplified management of meshed
VPN topologies, consistent global policy deployment, and realtime monitoring.
WATCHGUARD® ENTERPRISE NETWORK SECURITY
LiveSecurity Service
HEADQUARTERS
INSET: QoS
WatchGuard CPM centralized management features include
real-time monitoring, global policy distribution
and drag-and-drop deployment.
VPN
■
WEIGHTED
FAIR QUEUEING
■
DIFFSERVE
■
TOS
MARKING
HTTP
CENTRAL
POLICY
MANAGER
L 2/3 Switch
TELNET
SECURITY
ADMIN
FIREBOX V100
SMTP
FTP
BRANCH OFFICE
BR
Router
HA ACTIVE/ACTIVE
LOAD SHARING
L 2/3 Switch
FIREBOX V100
Corporate
Servers
Router
File
Server
File
Server
L 2/3 Switch
Web
Servers
DMZ 1
FIREBOX V80
PROTECTED BY
SERVERLOCK
Router
INTERNET
REMOTE USER
■
IPSEC
VPN CLIENT
■
PERSONAL
FIREWALL
■
ANTI-VIRUS
SOFTWARE
Load Balancing
for up to 16
servers
Email
Servers
DMZ 2
SITE TO SITE
VPN TOPOLOGY
Cable/xDSL
modem
FIREBOX V10
REMOTE SITE
ENCRYPTED TRAFFIC
FIREBOX® VCLASS PRODUCT LINE
Firebox® V200
Firebox® V100
Firebox® V80
Firebox® V60
Firebox® V60L
Firebox® V10
Enterprise, Data
Center, and ISP
Environments
Large Enterprises,
Service Providers,
and Data Centers
Large Enterprises
Large/Midsize
Enterprises
Midsize Enterprises
Enterprise
Telecommuting
4RU Enclosure
1RU Enclosure
1RU Enclosure
1RU Enclosure
1RU Enclosure
Desktop Enclosure
Multiple T3 or
OC-3 Connections
Multiple T3 or
OC-3 Connections
T3, Fast Ethernet,
and OC-3 Connections
T3, Fast Ethernet,
and OC-3 Connections
T3, Fast Ethernet
Connections
DSL/Cable/ISDN
Connections
Multi-Gigabit Firewall
with up to 40,000
VPN tunnels
Gigabit Firewall
with up to 20,000
VPN Tunnels
Wire-Speed Firewall
with up to 8,000
VPN Tunnels
Wire-Speed Firewall
with up to 400
VPN Tunnels
Wire-Speed Firewall
with up to 150
VPN Tunnels
Firewall and VPN
Remote Office
User License
Unlimited
Unlimited
Unlimited
Unlimited
250
10 (upg. to 25 or
unlimited)
Firewall Throughput
2 Gbps
600 Mbps
200 Mbps
200 Mbps
100 Mbps
75 Mbps
VPN Throughput
1.1 Gbps
300 Mbps
155 Mbps
100 Mbps
50 Mbps
20 Mbps
Max Branch Office VPNs
40,0001
20,0001
8,0001
4001
50
10
Max Mobile User VPNs
40,0001
20,0001
8,0001
4001
100
0
Interfaces
2 Fiber Gigabit
2 Dedicated HA Ports
2 Fiber Gigabit
2 Dedicated HA Ports
4 10/100
2 Dedicated HA Ports
4 10/100
2 Dedicated HA Ports
4 10/100
2 Dedicated HA Ports
2 10/100
LiveSecurity® Service
90-Day
90-Day
90-Day
90-Day
90-Day
90-Day
Mobile User VPN Licenses
202
202
202
202
202
N/A
High Availability - A/P
Included
Included
Included
Included
Optional
N/A
McAfee® VirusScan® ASaP
Annual Subscription
5 Node License2
5 Node License2
5 Node License2
5 Node License2
5 Node License2
1 Node License2
Recommended For
1The total number of Branch Office plus Mobile User VPN tunnels.
Management
Features
(ALL MODELS)
■
Install Wizard
■
Active Tunnel Display
■
Device Discovery
■
Continuous
Real-Time Graphs
■
Security Policy Manager
■
■
■
■
Policy Checker
(Auditing)
Network
Diagnostic Tools
2Activate your WatchGuard security appliance through LiveSecurity® Service to get this incredible value!
Notification
■
Intrusion Prevention,
Application Proxies
■
PKI Support
■
PPPoE and DHCP Support†
■
Alarm Definition and Control
■
Predefined Services
■
Spoof Detection
Dynamic Routing
■
Port and Site Blocking
■
Traffic Shaping
■
Synflood Protection
■
QoS†
■
DDoS, DoS Prevention
Server Load Balancing*
■
■
Hacker Defense
■
High Availability,
Active/Active**
■
Stateful Packet Filtering
■
Multi-Tenant Security*
■
Branch Office VPN
■
VLAN Support*
■
VPN Tunnel Switching*
■
■
Mobile User VPN*
Static, Dynamic,
Virtual IP NAT*
■
Remote Access
Authentication*
Command Line
Interface
■
High Availability,
Active/Passive ***
■
*Not included for Firebox® V10 Models **Optional for Firebox® V100 and V80 only ***Optional for Firebox® V60L †Not available on Firebox® V200
FIREBOX® VCLASS
CERTIFICATION
WatchGuard’s VPN and
Firewall technologies comply
with published standards,
making our products easy to
integrate into existing
security solutions.
The WatchGuard Firebox Vclass
is certified to the
ICSA Firewall and IPSec
VPN standards.
ABOUT WATCHGUARD® TECHNOLOGIES, INC.
WatchGuard is a leading provider of stronger, smarter network security solutions for small
to midsize enterprises worldwide. WatchGuard's Firebox System and Firebox Vclass product
lines are designed to deliver powerful firewall and VPN performance, outstanding security
and networking features, scalability and flexibility in an affordable solution. Every WatchGuard
product comes with an initial subscription to the company's innovative LiveSecurity Service,
which helps customers maintain strong security and protect against emerging threats by
providing timely security intelligence, expert information and systematic updates. For more
information, please call 206-521-8340 or visit www.watchguard.com.
FOR MORE INFORMATION
Please visit us on the Web at www.watchguard.com or contact your reseller for more information.
ADDRESS:
505 Fifth Avenue South
Suite 500
Seattle, WA 98104
WEB:
www.watchguard.com
E-MAIL:
information@watchguard.com
U.S. SALES:
+1.800.734.9905
INTERNATIONAL SALES:
+1.206.521.8340
FAX:
+1.206.521.8342
© 2003 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, RapidStream, Firebox,
ServerLock, AppLock, Vcontroller and LiveSecurity are either registered trademarks or trademarks
of WatchGuard Technologies, Inc. and/or its affiliates in the United States and/or other countries.
Check Point is a trademark of Check Point Software Technologies Ltd. McAfee and VirusScan are
registered trademarks of Network Associates, Inc. and/or its affiliates in the United States and/or
other countries. All other trademarks and tradenames are the property of their respective owners.
Part No. WGCE65907-0903