Datasheet WatchGuard® XTM 5 Series Recommended for small to mediumsized businesses WatchGuard XTM 5 Series appliances deliver a new class of performance- With a WatchGuard® XTM 5 Series solution, your network is: driven security for growing businesses. The 5 Series offers up to 2.3 Gbps firewall throughput and security features including full HTTPS inspection SECURE ■ Application-layer content inspection recognizes & blocks threats that stateful packet firewalls cannot detect. ■ Wide-ranging proxy protection comes from robust security on HTTP, HTTPS, FTP, SMTP, POP3, DNS, TCP/UDP. ■ A suite of security subscriptions boosts protection in critical attack areas for complete threat management. security can move up to greater ■ Provides integrated SSL VPN for simple, anywhere-anytime network access. performance, more users, and additional ■ Includes Skype blocking – first of the next generation of built-in application-blocking capabilities. and VoIP support. Organizations that want room to easily scale their network security and networking features to FAST and EFFICIENT meet escalating demands, without ■ Up to 2.3 Gbps firewall throughput and up to 750 Mbps VPN throughput keep data moving. ■ Best UTM throughput in its class, even with strong security enabled. ■ Gigabit Ethernet ports support high-speed LAN backbone infrastructures and gigabit WAN connections. solution integrates complete protection ■ Active/active high availability with load balancing ensures maximum network uptime. while slashing the time and cost ■ Scriptable CLI supports interoperability and allows easy integration into existing infrastructure. costly hardware replacements. Why buy an all-in-one solution? An all-in-one XTM network security associated with managing multiple ■ single-point security products. All Interactive, real-time monitoring and reporting – at no additional charge – give an unprecedented view into network security activity so you can take immediate preventive or corrective actions. security capabilities work together for ■ Intuitive management console centrally manages all security functions. a holistic, comprehensive approach ■ Role-based access control (RBAC) allows lead administrators to create custom roles for granular control. to network protection. Your IT staff ■ Drag-and-drop Branch Office VPN setup – three clicks and your remote office is connected. has more time to focus on other areas FLEXIBLE of network administration, and your business saves money on support and ■ hardware costs. Call setup security for VoIP means you don’t need to “wire around the firewall” to take advantage of the big cost savings that VoIP can generate. ■ WAN and VPN failover increase performance, redundancy, and reliability. ■ Multiple VPN choices deliver flexibility in remote access. ■ To maximize port utilization, any of the seven ports can be configured as Internal, External, or Optional. ■ Networking features, such as transparent bridge mode and multicast over VPN, allow you to add security without needing to change existing network infrastructure. SCALABLE ■ This WatchGuard security appliance “can handle the growth. It’s an excellent piece of hardware.” Frank Curello Chief Executive Officer GameWear Earth-friendly technology ■ ■ ■ Upgrade to a higher model within the line for more performance and capacity with a simple license key. Pair with WatchGuard XCS appliance for focused emphasis on messaging and content security. Move up to the “Pro” version of the Fireware XTM operating system for advanced networking features, including active/active high availability, VLAN support, multi-WAN and server load balancing, dynamic routing, and QoS. Add powerful security subscriptions to block spam, control dangerous and inappropriate web surfing, prevent network intrusions, and stop viruses, spyware, trojans, and other malware at the gateway. PREPARED FOR TOMORROW’S CHALLENGES ■ No need to compromise protection for strong performance or vice versa. Multi-layered, interlocking security protects the network while throughput remains high. ■ Advanced networking features ensure reliability and the flexibility to meet changing business requirements. ■ Secure remote connectivity keeps mobile workforce online and productive. ■ Security and reporting tools, included at no extra cost, support industry and regulatory compliance. WatchGuard® Technologies, Inc. XTM 5 Series XTM 505 XTM 510 XTM 520 XTM 530 Throughput & Connections Firewall throughp ut* 850 Mbps 1.4 Gbps 1.9 Gbps 2.3 Gbps VPN throughput* 210 Mbps 350 Mbps 550 Mbps 750 Mbps Aggregate XTM throughput* 275 Mbps 400 Mbps 600 Mbps 800 Mbps Interfaces 10/100 1 copper 1 copper 1 copper 1 copper Interfaces 10/100/1000 6 copper 6 copper 6 copper 6 copper I/O interfaces 1 Serial/2 USB 1 Serial/2 USB 1 Serial/2 USB 1 Serial/2 USB Nodes supported (LAN IPs) Unrestricted Unrestricted Unrestricted Unrestricted 40,000 50,000 100,000 350,000 75 75 75 75 WSM licenses (incl) 4 4 4 4 Local user database 500 500 1,000 2,500 Powered by Fireware® XTM Pro Concurrent connections (bi-directional) VLANs bridging, tagging, routed mode VPN Tunnels Branch Office VPN 65 75 200 600 Mobile VPN IPSec (incl/max) 5/75 25/100 50/300 400/1,000 Mobile VPN SSL 1/65 1/75 1/300 1/600 Security Features Firewall Stateful packet inspection, deep packet inspection, proxy firewall Application proxies HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3 Threat protection Blocks spyware, DoS attacks, fragmented packets, malformed packets, blended threats, and more H.323. SIP, call setup and session security VoIP Security subscriptions WebBlocker, spamBlocker, Gateway AV, Intrusion Prevention Service, Reputation Enabled Defense (available in Security Bundle) VPN & Authentication Encryption DES, 3DES, AES 128-, 192-, 256-bit IPSec SHA-1, MD5, IKE pre-shared key, 3rd party cert VPN failover SSL Every XTM 5 Series appliance ships with the Fireware® XTM operating system. As network requirements become more complex, it’s easy to upgrade to the Pro version of the OS with a simple software license key. Networking Features Routing Fireware XTM Fireware XTM PRO Static, dynamic routing (RIP) Dynamic (BGP4, OSPF, RIP v1/2), Policy-based High Availability – Active/passive, active/ active with load balancing NAT Static, dynamic, 1:1, IPSec traversal, policy-based Virtual IP for server load balancing SSL 1 SSL tunnel available Maximum number of SSL tunnels available Other Features Port Independence, transparent/drop-in mode, multi-WAN failover Server load balancing, multi-WAN load balancing Buy the Bundle and Get the Works! Get everything you need for complete threat management at a great price with the Security Bundle. Includes choice of 5 Series appliance, plus WebBlocker, spamBlocker, Gateway AV, Reputation Enabled Defense, Intrusion Prevention Service, and LiveSecurity® Service with 24/7 tech support. How to Order the Security Bundle Yes WatchGuard XTM 5 Series Security Bundle SKUs Appliance with 1-year subscriptions Appliance with 2-year subscriptions Appliance with 3-year subscriptions Thin client, Web exchange XTM 505 Security Bundle WG505031 WG505032 WG505033 PPTP Server and Passthrough XTM 510 Security Bundle WG510031 WG510032 WG510033 Single sign-on Transparent Active Directory Authentication XTM 520 Security Bundle WG520031 WG520032 WG520033 XAUTH Radius, LDAP, Windows Active Directory XTM 530 Security Bundle WG530031 WG530032 WG530033 Other user authentication VASCO, RSA SecurID, web-based, local Management Management platform WatchGuard System Manager (WSM) Product Dimensions 11.25” x 17” x 1.75” (28.6 x 43.2 x 4.4 cm) Alarms and notifications SNMP v2/v3, Email, Management System Alert Shipping Dimensions 21” x 18” x 5.25” (53.3 x 45.7 x 13.3 cm) Server support Shipping Weight 16.1 lbs (7.3 Kg) Web UI Logging and Reporting with Server Health status, Quarantine, WebBlocker, Management Supports Windows, Mac, Linux, and Solaris OS AC Power 100-240 VAC Autosensing Command line interface Includes direct connect and scripting Power Consumption U.S. 50 Watts (max), 171 BTU (max) Rack Mountable 1U rack mount kit included Standard Networking QoS 8 priority queues, DiffServ, modified strict queuing IP address assignment Static, DynDNS, PPPoE, DHCP (server, client, relay) Support and Maintenance LiveSecurity® Service Dimensions and Power Power Lights Hardware warranty, 12/5 or 24/7 technical support with 4-hour response time, software updates, threat alerts Certifications Security ICSA, FIPS 140-2 and EAL4+ in progress Safety NRTL/C, CB Control of hazardous substances WEEE, RoHS, REACH *Throughput rates will vary based on environment and configuration. Contact your WatchGuard reseller or call WatchGuard directly (1.800.734.9905) for help determining the right model for your network. Network Interfaces Power Supply LCD Display LCD Navigation Buttons Cooling Fans On/Off Switch Address: 505 Fifth Avenue South, Suite 500, Seattle, WA 98104 • Web: www.watchguard.com • U.S. Sales: 1.800.734.9905 • International Sales: +1.206.613.0895 No express or implied warranties are provided for herein. All specifications are subject to change and expected future products, features or functionality will be provided on an if and when available basis. ®2010 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, Fireware, and LiveSecurity are either trademarks or registered trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. All other tradenames are the property of their respective owners. Part No. WGCE66678_052410 WatchGuard® Technologies, Inc.