Watchguard | Firebox SOHO 6 | FIREBOX® SYSTEM

FIREBOX® SYSTEM
THE WATCHGUARD® FIREBOX® SYSTEM
HIGH PERFORMANCE NETWORK SECURITY FOR SMALL TO MID-SIZED BUSINESSES
The WatchGuard Firebox System is a powerful security solution that gives you integrated firewall protection and VPN support.
Firebox Systems are easy to install and can be securely managed from a central location anywhere on the Internet. Every Firebox
System includes a Firebox appliance, comprehensive management and monitoring software, a one-year hardware warranty, and
a renewable LiveSecurity® Service subscription to keep your system up to date.
FIREBOX SYSTEM SECURITY FEATURE HIGHLIGHTS
WatchGuard’s award-winning Firebox System includes
a wide array of security features to meet the needs
of small and medium-sized businesses, central offices,
and VPN hubs.
FIREWALL SECURITY
n Firewall Software includes stateful packet filtering and
application proxies* that examine entire data streams to detect
and remove dangerous attachments. The Firebox System
includes SMTP, HTTP, DNS, and FTP proxies, and PPPoE/DHCP
support for DSL or cable connections.
n Firewall User Authentication* enforces access policies based
on users or groups. The Firebox System authenticates against
the built-in WatchGuard authentication server, Windows NT®,
RADIUS® , SecurID® , and CRYPTOCard®.
n Network Address Translation hides internal IP addresses for
increased security, simplifies IP address management, and
reduces the need for public IP addresses. Firebox III models
support Dynamic, Static, and One-to-One NAT.
n Web Content Filtering controls Web access for users or
groups, using a regularly updated database. WatchGuard’s
WebBlocker™ (optional with Firebox SOHO models included with
all Firebox III models) manages Web usage in a small or remote
office.
n High Availability (optional for Firebox III models) allows you
to install a standby Firebox appliance for failover protection.
The standby unit must be the same model as the original unit.
n
n
n
n
n
POWERFUL APPLICATION PROXIES
SIMPLIFIED VPN MANAGEMENT
SECURE REMOTE MANAGEMENT
BUNDLED SECURITY SOLUTIONS
PROACTIVE SUPPORT THROUGH
LIVESECURITY SERVICE SUBSCRIPTION
VPN SUPPORT
Streamlined VPN routes VPN traffic to multiple endpoints
using a single VPN tunnel.
n Mobile User VPN gives remote employees secure IPSeccompliant VPN connections and a personal firewall with
configurable access rules and security levels. Mobile User VPN
software runs on any Windows® 98/2000/XP or Windows NT
workstation. Firebox models 1000 and 2500 include a 5-user
license. Firebox 4500 includes a 20-user license.
n VPN User Authentication* enforces VPN policies based on
users or groups, authenticating against the built-in WatchGuard
authentication server, Windows NT, and RADIUS.
n PKI Certificates* issued by the WatchGuard internal certificate
authority, authenticate VPN Tunnels.
n
* Not supported on Firebox SOHO models
DESKTOP SECURITY
n McAfee® VirusScan® ASaP from WatchGuard and McAfee
Security. Your Firebox product comes with a limited number
of McAfee VirusScan ASaP licenses. Additional licenses are
available from your WatchGuard reseller. When you buy antivirus protection through WatchGuard, you receive anti-virus
n
central management and expertise through your LiveSecurity
Service subscription.
SpamScreen® (optional) screens junk e-mail.
SECURITY SERVICES
n LiveSecurity Service keeps your security system up-to-date.
Every WatchGuard Firebox System includes a renewable
subscription to our LiveSecurity Service, which is backed by
a team of world-class security experts, technical support
representatives, and trainers. Your subscription includes threat
alerts and responses, software updates, support flashes, expert
editorials, technical support, and online self-help tools.
n LiveSecurity Service Gold (optional) offers service levels
that meet the needs of heavily Internet-dependent customers.
LiveSecurity Service Gold includes 24/7 technical support,
target one-hour maximum response time, and direct access
to our Priority Support Team.
n Limited Hardware Warranty Extension Program allows
you to extend your original hardware warranty for an
additional year.
n WatchGuard Training (optional) offers a broad spectrum of
online and classroom courses, certification programs, and
publications to anyone who wants to learn more about network
security and WatchGuard products.
FIREBOX SYSTEM MANAGEMENT HIGHLIGHTS
WatchGuard’s award-winning management software simplifies
the creation and administration of complicated security policies.
Our flexible software suite lets you manage securely from a
central location inside or outside your trusted network, even
from your laptop!
n
The Firebox Secure Management Software secures
management sessions using 3DES encryption, which allows
you to configure network security with confidence from inside
or outside your trusted network.
n
n
n
VPN Manager creates VPN tunnels between central and
branch offices in three easy steps, dramatically reducing the
complexity of multi-site VPN management. Configure security
policies to limit network access and ensure secure VPN
Extranets. A VPN Manager 4-node license is included with
Firebox models 1000, 2500, and 4500. VPN Manager is not
supported on the Firebox 700.
Centralized Logging and Log Failover Capability gives you
reliable encrypted logs, ensures that traffic data is always
available, and gives you a view of all installed devices from a
single management station. Syslog (UDP) and reliable encrypted
TCP-based logging allow the export of logs to third party
reporting applications such as WebTrends®.
Monitoring and Reporting let you closely scrutinize your
network traffic. Reports can be generated based on a wide
range of criteria.
FIREBOX SYSTEM OPTIONS
There are several optional products that further enhance Firebox
System security solutions.
n VPN Manager
n McAfee VirusScan ASaP
n LiveSecurity Service Gold
n SpamScreen
n WatchGuard Mobile User VPN
n High Availability
n WebBlocker™ for Firebox SOHO models
n Limited Hardware Warranty Extension Program
n WatchGuard Training
FIREBOX SYSTEM CERTIFICATION
WatchGuard’s VPN and firewall technologies comply with
published standards, making our products easy to integrate into
existing security solutions. The WatchGuard Firebox System is
certified to the ICSA firewall and IPSec VPN standards, as well
as the Common Criteria EAL-2 standard.
WATCHGUARD® NETWORK SECURITY
WatchGuard LiveSecurity Service
TRAVELING EMPLOYEE
ANTI-VIRUS
SOFTWARE
FIREBOX 4500
Router
File
Server
DMZ
Switch/
Hub
Mgmt
Server
INTERNET
Web
Server
MOBILE USER VPN,
PERSONAL
FIREWALL
E-mail
Server
APPLOCK/WEB
SERVERLOCK
Network
Administrator
Router
FIREBOX
SOHO 6tc
CORPORATE HEADQUARTERS
FIREBOX 1000
Switch/
Hub
ANTI-VIRUS SOFTWARE
File
Server
BRANCH OFFICE
Print
Server
SERVERLOCK
TELECOMMUTER
FIREBOX III AND FIREBOX SOHO PRODUCT LINES
Firebox 4500
Firebox 2500
Firebox 1000
Firebox 700
Firebox SOHO 6/
SOHO 6tc
Central Office,
VPN Hub
Medium Business,
Web Business
Mid-Size Business or
Branch Office
Smaller Business or
Remote Office
Smaller Stand-Alone
or Remote Office
5,000 Authenticated
Users
5,000 Authenticated
Users
1,000 Authenticated
Users
250 Authenticated
Users
10 Users (Upgradeable
to 50 Users)
T3/E3 or Multiple
T1/E1 Connection
T3/E3 or Multiple
T1/E1 Connection
ISDN or T1
Connection
ISDN or Fractional
T1 Connection
DSL/Cable/ISDN
Connections
Wire-Speed VPN
Support
High Volume Web
Traffic
User License
Unlimited
Unlimited
Unlimited
Unlimited
10 Upgradeable to 50
Stateful Packet Filter
Throughput
200 Mbps
200 Mbps
200 Mbps
150 Mbps
75 Mbps
HTTP Proxy Throughput
60 Mbps
52 Mbps
43 Mbps
43 Mbps
N/A
3DES Encryption
Throughput
100 Mbps
75 Mbps
60 Mbps
5 Mbps
20 Mbps
Maximum Number of
Branch Office VPNs
3000*
2000*
1300*
150*
1 w/o VPN Manager
5 with VPN Manager
Maximum Number of
Mobile User VPNs
3000*
2000*
1300*
150*
5
Interfaces
3 RJ-45 10/100 Fast
Ethernet
3 RJ-45 10/100 Fast
Ethernet
3 RJ-45 10/100 Fast
Ethernet
3 RJ-45 10/100 Fast
Ethernet
5 RJ-45 10BaseT
Ethernet
LiveSecurity Service
Initial Subscription
Included
Initial Subscription
Included
Initial Subscription
Included
Initial Subscription
Included
Initial Subscription
Included
Recommended For
DSL/Cable/ISDN
Connections
*The total number of Branch Office plus Mobile User VPN tunnels.
Management
Firebox III Models
n QuickSetup Wizard
n Security Policy Manager
n VPN Manager, 4-node
(N/A on FB700)
n Real-Time Monitoring
n HostWatch™
n Historical Reporting
n Secure Encrypted Failover
Logging
n Colorized Logging
n Notification
Features
Firebox SOHO Models
Easy Setup
n Secure Remote
Management
n Secure Encrypted
Logging
n Internet Sharing
n
Firebox III Models
n Stateful Packet Filtering
n Application Proxies
(SMTP, HTTP, DNS, FTP)
n Mobile User VPN
n Branch Office VPN
n Static and Dynamic NAT
n One-to-One NAT
n Firewall Authentication
n PKI with Internal
Certificate Authority (CA)
n
n
n
n
n
n
n
n
VPN Authentication
(Windows NT, RADIUS,
PKI, WG Server)
Web Content Filtering
Scan and Spoof Detection
Port and Site Blocking
Synflood Protection
Anti-Virus
DHCP Support (client and
server)*
PPPoE Support (client)*
Firebox SOHO Models
Stateful Packet Filtering
n Branch Office VPN
(Optional with SOHO 6,
included with SOHO 6tc)
n Mobile User VPN
(Optional)
n Static and Dynamic NAT
n Web Content Filtering
(Optional)
n Anti-Virus
n
* Limits several features
TECHNOLOGY & BUSINESS
#1 Editor’s Choice
December 2001
PC MAGAZINE’s
i3 Award
May 2001
COMMUNICATION NEWS
Editor’s Choice
December 2000
SC MAGAZINE’s
Best Buy Award
June 2000
PC MAGAZINE’s
Editors’ Choice Award
June 2000
NETWORK NEWS
Recommended
April 2000
FIREBOX® SYSTEM
CERTIFICATION
WatchGuard’s VPN and
firewall technologies comply
with published standards,
making our products easy
to integrate into existing
security solutions. The
WatchGuard Firebox System
is certified to the ICSA
firewall and IPSec VPN
standards, as well as the
Common Criteria EAL-2
standard.
ABOUT WATCHGUARD®
WatchGuard (Nasdaq: WGRD) is a leading provider of dynamic, comprehensive Internet
security solutions designed to protect enterprises that use the Internet for e-commerce and
secure communications. Thousands of enterprises worldwide use WatchGuard’s awardwinning products and services. These products include our Firebox firewall and VPN
appliances for access control and secure communications, and our ServerLock technology
and anti-virus solution for content and application security for servers and desktops.
Centralized point-and-click management makes it easy for even the non-security professional
to install, configure and monitor our security solutions. Our innovative LiveSecurity Service
also enables our customers, with minimal effort, to keep their security systems up-to-date
in a continuously changing environment.
ADDRESS:
505 Fifth Avenue South
Suite 500
Seattle, WA 98104
WEB:
www.watchguard.com
E-MAIL:
information@watchguard.com
U.S. SALES:
1.800.734.9905
INTERNATIONAL SALES:
+1.206.521.8340
FOR MORE INFORMATION
Please visit us on the Web at www.watchguard.com or contact your reseller for more information.
© 2000 - 2002 WatchGuard Technologies. All rights reserved. WatchGuard, Firebox, ServerLock, AppLock,
LiveSecurity, SpamScreen and WebBlocker are either registered trademarks or trademarks of WatchGuard
Technologies, Inc. in the United States and/or other countries. McAfee and VirusScan are registered
trademarks of Network Associates, Inc. and/or its affiliates in the United States and/or other countries.
All other trademarks and tradenames are the property of their respective owners.
Part No. 300702WGCLA65690
FAX:
+1.206.521.8342
Download PDF