WatchGuard XTM 1520, 1525, and 2520 Next-Generation Firewalls ®

et
he
Datas
WatchGuard® XTM 1520, 1525, and 2520
Next-Generation Firewalls
The XTM 1520, 1525, and 2520 are nextgeneration firewalls that provide unparalleled
visibility into real-time and historical user,
network, and security activities.
Application Control:
• P
rovides global and policy-based monitoring
and blocking of over 1,800 unique web and
business applications for greater productivity
and enhanced security.
• E mpower administrators to exercise fine-grained
control over hundreds of applications, and
understand which applications are being used
and by whom, by using over 2,500 signatures
and advanced behavioral techniques.
• With this fully integrated security subscription, IT Administrators can enforce acceptable
use policies for users and groups by category,
application, and application sub-functions. For
example, they can define a policy that allows the
marketing department to access Facebook, but
not Facebook games.
Intrusion Prevention Service:
• Identify malware and allow, block or log
questionable traffic based on type, user/group,
protocol and severity.
• S can all protocols, including HTTP, HTTPS, FTP,
TCP, UDP, DNS, SMTP and POP3 to block network, application, and protocol-based attacks.
• U
pdate signatures without interruption as new
threats emerge.
The WatchGuard next-generation firewall (NGFW) series
includes three high performance platforms, the XTM
1520, 1525, and 2520, which provide fully extensible,
enterprise-class protection and productivity safeguards.
Both are targeted toward headquarters, data centers and
managed security service providers.
WatchGuard’s flagship, next-generation products provide true line-speed security
inspection on all traffic and support multi-gigabit packet filtering throughput. In
addition, this next-generation line provides application control; connects offices via
unique drag-and-drop VPN; connects people via SSL, L2TP, and IPSec VPN; and gives
businesses unparalleled visibility into real-time and historical user, network, and
security activities. With WatchGuard solutions, businesses can define, enforce, and
audit strong security and acceptable use policies, resulting in increased employee
productivity and less risk to critical intellectual property or customer data.
This all-in-one solution integrates IPS, Application Control, and other optional security
services, and LiveSecurity to save the time and money associated with managing
multiple single-point security products.
Support:
• W
atchGuard provides LiveSecurity® Plus with
every NGFW Bundle and Security Bundle for
24x7 technical support, hardware warranty, and
software updates. Customers can upgrade to
LiveSecurity Gold or LiveSecurity Platinum for
extended protection.
• A
dvance Hardware Replacement (RMA) program
that ships a replacement via pre-paid, next-day
air freight in advance of receiving the returned
appliance.
• U
pgrade to Premium 4 Hr RMA (available in
select regions) and within 4 hours of approval by
WatchGuard support, replacement appliances
are delivered on-site.
WatchGuard® Technologies, Inc.
XTM 1520, 1525, and 2520 Technical Specifications
XTM 1520
XTM 1525
XTM 2520
Throughput and Connections
Next-Generation Security
Firewall
Stateful Packet Inspection, Deep Application
Inspection, Proxy Firewall
Firewall throughput
14 Gbps
25 Gbps
35 Gbps
Application Proxies
HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3
VPN throughput
10 Gbps
10 Gbps
10 Gbps
Threat Protection
AV throughput
Blocks spyware, DoS attacks, fragmented & malformed
packets, blended threats & more
8 Gbps
9 Gbps
9.7 Gbps
VoIP
H.323. SIP, Call Setup/Session Security
IPS throughput
11 Gbps
13 Gbps
15 Gbps
UTM throughput
6.7 Gbps
6.7 Gbps
up to 10 Gbps
Security Subscriptions
Application Control, Intrusion Prevention Service,
Gateway AntiVirus, Reputation Enabled Defense,
spamBlocker, WebBlocker
1-Gigabit interfaces
14
6
12
VPN & Authentication
10-Gigabit fiber interfaces
–
4
4
Encryption
DES, 3DES, AES 128/192/256-bit
IPSec
SHA-1, MD5, IKE pre-shared key, 3rd party cert
L2TP
Works with most native OS clients
PPTP
Server & Passthrough
VPN Failover
Yes
SSL
Thin client
Single Sign-On
Transparent Active Directory Authentication
XAUTH
Radius, LDAP, Secure LDAP, Windows Active Directory
Other User Authentication
VASCO, RSA SecurID, Web-based, Local, Microsoft
Terminal Services and Citrix
I/O Interfaces
Nodes supported (LAN IPs)
New connections per second
Concurrent connections
(bi-directional)
VLAN support
User authentication
1 Serial / 2 USB
1 Serial / 2 USB
1 Serial / 2 USB
Unrestricted
Unrestricted
Unrestricted
70,000
70,000
70,000
2,000,000
2,000,000
2,500,000
2,000
3,000
4,000
Unrestricted
Unrestricted
Unrestricted
Networking
VPN Tunnels
Branch Office VPN
10,000
10,000
Unrestricted
Mobile VPN Tunnels:
IPSec / SSL / L2TP
15,000
20,000
Unrestricted
Dimensions & Power
Product Dimensions
16.5 x 17 x 1.75 in
(42 x 43 x 4.4 cm)
22 x 17 x 1.75 in
(56 x 43 x 4.4 cm)
Shipping Dimensions
22 x 22.5 x 5.25 in
(56 x 56.5 x 13.3 cm)
28.5 x 21 x 5 in
(72 x 53 x 13 cm)
20 lbs. ( 9 kg)
36 lbs. ( 16 kg)
100-250 VAC Autosensing
Redundant
100-250 VAC
Autosensing
U.S. 250 Watts (max), 854 BTU/hr (max)
U.S. 250 Watts (max),
854 BTU/hr (max)
1U rack mount kit
1U rack mount kit
with slide rack rail
Shipping Weight
AC Power
Power consumption
Rack Mount (included)
Storage
Memory (RAM)
Hard Drive*
16 GB total
32 GB total
250GB
500GB
Environment
Temperature - Operating
32° to 113° F (0° to 45° C)
Temperature - Storage
-40° to 158° F (-40° to 70° C)
Relative Humidity - Operating
10% to 85% non-condensing
Relative Humidity - Storage
10% to 95% non-condensing
Altitude - Operating
Altitude - Storage
*Hard drives included for future capabilities.
Operating System
Fireware® XTM Pro
IP Address Assignment
Static, DynDNS, PPPoE, DHCP (server, client, relay)
Routing
Static, dynamic (BGP4, OSPF, RIP v1/v2), policy-based
QoS
8 priority queues, diffserv, modified strict queuing
VLAN Support
Bridging, tagging, routed mode
High Availability
Active/passive, active/active with load balancing
NAT
Static, dynamic, 1:1, IPSec NAT traversal, Policy-based
NAT, Virtual IP
Link aggregation
802.3ad dynamic, static, active/backup
Other Networking
Port independence, WAN failover, load balancing,
transparent/drop-in mode
Management
Management Platform
WatchGuard System Manager v.11.6.4 or higher
Alarms and Notifications
SNMP v2/v3, Email, Mgmt. System Alert
Server Support
Logging, Reporting, Quarantine, WebBlocker,
Management
Web UI
Supports Windows, Mac, Linux, and Solaris OS with
most common browsers
CLI
Includes direct connect and scripting
Certifications
WEEE/RoHS
Compliant
Yes
Security
Pending: ICSA Firewall, ICSA VPN, EAL4+, FIPS 140-2
Safety
NRTL/C, CB, CE
Network
IPv6 Ready Gold (routing)
0 to 9,843 ft at 95° F (3,000 m at 35° C)
0 to 15,000 ft at 95° F (4,570 m at 35° C )
U.S. SALES 1.800.734.9905
International Sales +1.206.613.0895 www.watchguard.com
No express or implied warranties are provided for herein. All specifications are subject to change and expected future products, features or functionality will be provided on an if and when available basis. © 2013 WatchGuard Technologies, Inc. All rights reserved. WatchGuard,
the WatchGuard logo, Fireware, and LiveSecurity are registered trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. All other tradenames are the property of their respective owners. Part No. WGCE66739_020113