DOCUMENT* PRESENTED BY WICK HILL

* © Wick Hill and the Wick Hill logo are trademarks of Wick Hill Group Plc. Registered in the UK and other countries. Other logo, brand and product names are trademarks of their respective owners. All 3rd party information contained within this document is copyright of the originator. Errors and omissions excluded.

01483 227 600 | www.wickhill.com | [email protected] Wick Hill Group plc. River Court, Albert Drive, Woking, Surrey, GU21 5RP.

5. Inspect HTTPS traffic—while safeguarding privacy: An increasing proportion of Internet traffic runs over encrypted HTTPS channels. Though the “S” on the end of HTTPS stands for “secure,” the encryption of these transactions renders the traffic invisible to traditional firewalls. Full inbound and outbound HTTPS inspection in WatchGuard XTM closes the loophole that other security products leave wide open. URL filtering, AV scanning, and a host of other security functions carried out on HTTPS traffic, identify and stop threats before they can affect your business. Additionally, the data is not exposed to human eyes, so the risk of an intentional or unintentional privacy violation is eliminated.

To defend against these threats, WatchGuard XTM also works globally, combining advanced capabilities from the world’s best suppliers of security technology to complement WatchGuard’s award-winning foundation. This “all-star lineup” outpaces firewalls from other vendors who rely only on inhouse technology rather than acknowledged best-in-class capabilities for specialized functions. At the same time, the deep integration of these functions and an intuitive user interface streamline the creation and monitoring of the holistic security policy, giving customers best-in-class security while eliminating the complexity and cost of managing disparate point solutions.

6. Make Voice over IP Simple and Safe For Your Business:

9. Connect Your People Securely:

Voice over IP (VoIP) is an extremely useful tool in business today for decreasing telecommunication costs and increasing productivity. However, it carries inherent risks, because the VoIP protocols are complex and varied in their implementations. WatchGuard XTM provides application-layer VoIP security, allowing businesses to take advantage of VoIP while minimizing exposure and risk to critical systems and data. With the XTM Series, organizations don’t have to “wire around the firewall” to take advantage of the huge cost savings and communication capabilities VoIP offers.

Virtual Private Networking (VPN) is ultimately about securely connecting people to the resources they need. Businesses today have distributed workforces and need to provide privacy over public lines. By deploying VPNs businesses can deliver secure, encrypted connectivity for traveling employees, remote offices and telecommuters that require access to critical corporate network resources. WatchGuard XTM provides a multitude of ways to easily and securely create and manage these connections. The unique “drag and drop VPN” enables an organization to connect offices almost instantly, without error, even when dynamic IP addresses are in use. Mobile VPN enables road warriors, virtual employees, collaborators, and any other authorized person to connect to corporate resources from anywhere, at any time, from a variety of devices including laptops, smartphones, and the popular Apple® iOS devices. You can rest assured that with VPN support your critical corporate network resources are protected.

7. Making the Most of the Network: As Internet use has increased, so have temptations, distractions, and security risks online. Organizations require more than a simple “allow/deny” security policy. WatchGuard XTM includes a rich set of tools for maximizing the business value of every dollar spent on Internet connectivity. Traffic Shaping and QoS tools allow organizations to define which types of traffic are most important, and which types are less important or prohibited, ensuring that business traffic always wins out over recreational or discretionary traffic. VPN failover, WAN failover, and High Availability features ensure that mission-critical data keeps flowing, even in the event of failure or degradation of equipment or connectivity.

8. Best-In-Class Security: Attackers and malware constantly advance, making use of an extensive worldwide underground market for crimeware.

10. User Friendly: WatchGuard recognizes that many small businesses do not have a dedicated IT security staff. With this recognition comes a dedication to creating interfaces that take the hard work and guess work out of business security. Task flows are designed for maximum efficiency, and interfaces use plain language that enables even security novices to create, monitor, and audit strong security and acceptable use policies.

U.S. Sales: 1.800.734.9905 • International Sales: 1.206.613.0895 • Web: www.watchguard.com No express or implied warranties are provided for herein. All specifications are subject to change and expected future products, features or functionality will be provided on an if and when available basis. ®2013 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, Fireware, and LiveSecurity are registered trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. All other tradenames are the property of their respective owners. Part No. WGCE66683_120913

The WatchGuard® XTM Story Since 1996, WatchGuard Technologies has provided over one-half million network security appliances to hundreds of thousands of customers worldwide. While the technologies, performance, and individual features of those products have evolved and grown tremendously over that time, the underlying WatchGuard philosophy has remained the same: to deliver strong security that is easy to manage and monitor, at an excellent price. WatchGuard’s XTM and XTMv family of all-in-one solutions delivers enterprise-grade network protection for small to midsize businesses, keeping your network secure, employee productivity high, and turning the Internet from a security risk to a business empowerment tool. 1. Complete Security Capabilities Now & into the Future:

3. Know What is Happening On Your Company’s Network:

WatchGuard XTM enables organizations to define, enforce, and audit a strong security and acceptable use policy, with a range of capabilities unmatched in its class. With WatchGuard XTM, organizations can:

“Visibility IS security” – and great visibility is one of the most important ways to ensure compliance with policies. The XTM Series and WatchGuard System Manager (WSM) enable a business to gain deep real-time and historical insights into the network and user events and activities. Interactive real-time monitoring features help pinpoint significant activities as they happen, and let the administrator take immediate corrective or diagnostic actions directly from the monitoring interface. WSM’s centralized logging features unique TCP-based, encrypted log channels for maximum reliability and security, while Report Manager includes over 60 predefined reports, with an intuitive user interface that uses plain language, easyto-read graphics, and drill-down and pivot controls.



■



■



■



■

D  efend Resources with powerful firewall, anti-malware, and intrusion prevention. C  onnect Offices Securely and allow road warriors and virtual employees to access corporate resources from anywhere, anytime, with nearly any device. E  xtend the XTM’s best-in-class security to the WLAN by adding wireless access points. The AP100 and AP200 let you harness the power of mobile devices without putting network assets at risk. Enforce Acceptable Use with WebBlocker, spamBlocker,

Application Control, and Reputation Enabled Defense – tools that safeguard employee Internet use while providing IT with deep visibility into usage patterns.

2. Stay Secure on a Tight Budget: XTM appliances deliver the best price-performance in the industry, ensuring that you can get rock-solid security as well as the performance your business needs to proceed unimpeded. What’s more, with XTM’s unique model upgradability, you can choose the appliance that fits your needs today, with the ability to upgrade to a higher model within the series via a simple license key. An assortment of upgrade packages makes it easy to custom-tailor the solution to the organization’s exact needs.

4. Centrally Manage Your Organization’s Security: Distributed organizations and Managed Security Services Providers (MSSPs) need the ability to manage large numbers of appliances from a single location, with simplicity and scalability. WatchGuard System Manager, bundled with every XTM appliance, is rich in tools that support policy creation, management, and enforcement across multiple locations. Role-Based Access Control supports the delegation of duties according to function within the organization, and every function can be centrally managed – including firewall, VPN, intrusion prevention, URL filtering, web security, anti-virus and anti-spam services, appliance software updates and more. And, beyond the centralized management capabilities in WSM, WatchGuard XTM solutions may be managed via a Web UI or a Command Line Interface (CLI) for ultimate flexibility.

©2009 WatchGuard Technologies, Inc.

WatchGuard® XTM Products at a glance XTM 2 Series[a]

XTM 3 Series

25/25-W

26/26-W

upgradeable to XTM 26

–

Firewall throughput

240 Mbps

540 Mbps

VPN throughput

40 Mbps

AV throughput

33/33-W

XTM 5 Series

330

1525-RP –

2520

14 Gbps

14 Gbps

25 Gbps

35 Gbps

8 Gbps

10 Gbps

10 Gbps

10 Gbps

10 Gbps

4 Gbps

5.5 Gbps

7 Gbps

8 Gbps

9 Gbps

9.7 Gbps

2.8 Gbps

5 Gbps

7 Gbps

9 Gbps

11 Gbps

13 Gbps

15 Gbps

1.4 Gbps

1.7 Gbps

3 Gbps

4 Gbps

5.7 Gbps

6.7 Gbps

6.7 Gbps

up to 10 Gbps

6[b]

6[b]

6[b]

14

14

14[c]

14

6 and four 10G SFP+[d]

12 and four 10G SFP+[d]

1 Serial / 2 USB

1 Serial / 2 USB

1 Serial / 2 USB

1 Serial / 2 USB

1 Serial / 2 USB

1 Serial / 2 USB

1 Serial / 2 USB

1 Serial / 2 USB

1 Serial / 2 USB

1 Serial / 2 USB

Unrestricted

Unrestricted

Unrestricted

Unrestricted

Unrestricted

Unrestricted

Unrestricted

Unrestricted

Unrestricted

Unrestricted

Unrestricted

40,000

40,000

40,000

50,000

100,000

350,000

1,000,000

1,250,000

1,500,000

2,000,000

2,600,000

3,500,000

20/50 (incl/max)

75

75

100

200

300

400

750

750

1,000

2,000

3,000

4,000

500

500

500

500

500

500

1,000

2,500

Unrestricted

Unrestricted

Unrestricted

Unrestricted

Unrestricted

Unrestricted

10

40

50

50

65

75

200

600

5,000

6,000

7,000

10,000

10,000

Unrestricted

5/10

5/40

5/55

5/55

75/75

100/100

300/300

1,000/1,000

10,000

12,000

14,000

15,000/15,000

20,000/20,000

Unrestricted

1/11 (incl/max)

1/25 (incl/max)

55

55

65

75

300

600

10,000

12,000

14,000

15,000

20,000

Unrestricted

upgradable to XTM 525

850 Mbps

1.4 Gbps

60 Mbps

100 Mbps

75 Mbps

142 Mbps

IPS throughput

100 Mbps

UTM throughput

535

–

upgradable to XTM 545

2 Gbps

2.5 Gbps

240 Mbps

250 Mbps

175 Mbps

340 Mbps

226 Mbps

328 Mbps

55 Mbps

108 Mbps

5

545

850

860

–

upgradable to 860/870

upgradable to 870

3 Gbps

3.5 Gbps

8 Gbps

11 Gbps

350 Mbps

550 Mbps

750 Mbps

8 Gbps

1.5 Gbps

1.7 Gbps

1.8 Gbps

2 Gbps

640 Mbps

1.6 Gbps

2 Gbps

2.4 Gbps

146 Mbps

298 Mbps

850 Mbps

1 Gbps

5

5

7

6[b]

1 Serial / 1 USB

1 Serial / 1 USB

1 Serial / 1 USB

1 Serial / 2 USB

Unrestricted

Unrestricted

Unrestricted

10,000

30,000

20/50 (incl/max)

870

XTM 2520

–

–

525

XTM 1500 Series 1520-RP

–

515

XTM 800 Series –

–

Throughput and Connections

Interfaces 10/100/1000 I/O Interfaces Nodes supported (LAN IPs) Concurrent connections (bi-directional) VLAN support Authenticated users limit VPN Tunnels Branch Office VPN Mobile VPN IPSec (incl/max) Mobile VPN SSL / L2TP Networking Features General

IP address assignment: static, DynDNS, PPPoE, DHCP (server, client, relay) / Port independence / VLAN support / Transparent/drop-in mode

Routing

Dynamic routing (BGP, OSPF, RIPv1,2) / Policy-based routing / Virtual IP for server load balancing^ / NAT: static, dynamic, 1:1, IPSec traversal, policy-based PAT / Traffic shaping & QoS: 8 priority queues, DiffServ, modified strict queuing / Virtual IP for server load balancing[e]

Availability

High availability (active/passive, and active/active for clustering) / VPN failover / Multi-WAN failover / Multi-WAN load balancing / Link aggregation (802.3ad dynamic, static, active/backup) / Wireless WAN failover available with WatchGuard Broadband wireless bridge accessory

Wireless Integrated Wireless

Integrated 802.11a/b/g/n available in model numbers ending in “-W”

Wireless Access Points

All models support AP100 and AP200 wireless access points to extend XTM security capabilities to the WLAN / Includes MAC filtering, client reporting, Captive Portal technology, 802.1X authentication, and PCI compliant scan and reporting

Wireless WAN

All models support WatchGuard Broadband Extend wireless bridge devices for cellular connectivity / Some direct connect USBs are supported

Subscriptions Security Services

Data Loss Prevention / Application Control / Intrusion Prevention Service / WebBlocker / Gateway AntiVirus / spamBlocker / Reputation Enabled Defense

LiveSecurity® Service

Multi-year LiveSecurity subscriptions are available for all models / LiveSecurity Plus with 24/7 support and Gold-level service are available as purchase options for XTM models 330 and higher

Throughput rates are determined using multiple flows through multiple ports and will vary depending on environment and configuration. Contact your WatchGuard reseller or call WatchGuard directly (1.800.734.9905) for help determining the right model for your network.

Every XTM appliance includes these features: Security Capabilities

Management Software

User Authentication

LiveSecurity Service Upgrade Options

Logging and Reporting

• S tateful packet firewall, deep application inspection, application proxies: HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3 • Blocks spyware, DoS attacks, fragmented packets, malformed packets, blended threats and more • Protocol anomaly detection, behavior analysis, pattern matching • Static and dynamic blocked sources list • VoIP: H.323 and SIP, call setup and session security

WatchGuard XTM appliances can be managed with:

• Transparent Active Directory Authentication (single sign-on) • XAUTH for RADIUS, LDAP, Secure LDAP, Windows Active Directory • RSA SecurID® and VASCO • Local database • 802.1X for wireless appliances (XTM 25-W, 26-W, 33-W) • Microsoft® Terminal Services and Citrix XenApp environments supported

• R  emote Installation Services for comprehensive assistance with the initial setup, configuration, VPN installation • Premium 4-Hour Hardware Replacement to ensure maximum uptime • LiveSecurity Platinum for complex environments. Includes assigned Technical Support Manager to help you achieve your strategic goals with WatchGuard products

• • • • • • • •

• C  ommand line interface with direct connects and scripting • Web UI for single device management from anywhere • WatchGuard System Manager: intuitive, centralized console providing interactive real-time monitoring and logging; includes drag-and-drop VPN creation, rich historical reporting • Simplified deployment with RapidDeploy & RemoteConfig

XTM 2 Series can be upgraded to Pro version of Fireware OS for maximum SSL tunnels and high availability. XTM 2 Series and 3 Series appliances.

[a]

XTM 5 Series models include one 10/100 interface.

[b]

XTM 870 appliances come with 6 copper and 8 fiber 10/100/1000 interfaces under model number WatchGuard XTM 870-F.

[c]

Multi-appliance log aggregation HTML and PDF reports Encrypted, TCP-based log channel SNMP v2 & v3 Logging and reporting with server health status Syslog interface also supported Logging and reporting with server health status Web-based configurable reports portal

Fiber ports can operate as 10GBase-SR/SW or 1000Base-SX.

[d]

[e]

Server load balancing is not available on

DOCUMENT* PRESENTED BY WICK HILL

* © Wick Hill and the Wick Hill logo are trademarks of Wick Hill Group Plc. Registered in the UK and other countries. Other logo, brand and product names are trademarks of their respective owners. All 3rd party information contained within this document is copyright of the originator. Errors and omissions excluded.

01483 227 600 | www.wickhill.com | [email protected] Wick Hill Group plc. River Court, Albert Drive, Woking, Surrey, GU21 5RP.

Email and Web Security with Data Loss Prevention When companies need proven protection from email and web threats, and prevention of data loss for privacy and compliance, they turn to WatchGuard XCS. These solutions provide the most comprehensive and proactive security across email and web in the industry, with consolidated visibility and control of your email and web traffic.

Next-Generation Anti-Spam Technology

Protection for Web Traffic

• A  nti-spam engine examines sender info and content, including images, attachments, and embedded URLs, and conducts contextual analysis to determine risk level. • Reputation Enabled Defense, a key “in the cloud” component of XCS, blocks up to 98% of unwanted email at the perimeter, dramatically optimizing bandwidth. • Signature-based anti-spam combines with knowledgebased learning technology to block spam and protect against emerging, difficult-to-detect variants. • Spam quarantine allows end users to access and manage their quarantined messages, safe lists, and block lists via digests that are emailed to them.

• E  xtend the same powerful defenses against threats and data loss to all web traffic with a Web Security subscription. • U  RL filtering provides immediate and accurate network defense against malicious and inappropriate web sites. • I n-the-cloud URL inspection analyzes every URL at the connection level to determine risk. Compromised URLs are blocked at the perimeter for faster, safer web surfing. • T  raffic enhancements include web caching, large file downloads, and streaming media support to reduce bandwidth consumption, server loads, and latency for web traffic.

The WatchGuard® XCS Story

Enterprise-Grade Reliability

web networks. XCS products are backed by LiveSecurity® Service, a high-value support and maintenance program. The WatchGuard

• F  ully redundant system, including message-level, logical, geographic, and hardware redundancy*. • P  atented XCS queue replication ensures no communication is ever lost. • D  ynamic on-demand clustering allows you to replicate configuration settings and messaging queues across multiple systems in minutes.

commitment to performance and value gives our customers enterprise-grade protection in a cost-effective, extensible solution.

Protection from Email-Borne Threats • Z  ero-hour threat outbreak response delivers proactive defense against the latest threats. • Advanced content filtering and malware prevention scans inbound and outbound email for malicious content delivered by blended threats.

Data Loss Prevention (DLP)

Centralized Management and Reporting

• P  re-defined compliance dictionaries can be used for compliance with GBL, HIPAA, PCI and more and are customizable to support efficient policy creation. • XCS DLP Wizard further streamlines policy configuration. Then once policies are determined, the system automatically configures the XCS without any other user action required. • Automatically block, quarantine, reroute, blind copy, encrypt, or allow messages based on policy requirements. • Protect known confidential files from data loss and train the system on what to look for and the actions to take.

• A  pply a single policy to control traffic so you spend less time defending your borders and more time focusing on higher business value IT projects. • P  rovides one-click administration for customizable reports in varying file formats. Meet audit requirements with time-, feature-, and group-based reports.  anagement reporting tools provide a holistic view of • M web security. Includes user-based reporting and a web dashboard for monitoring web usage and web threats.

Watchguard Quarantine Management Server (QMS) Email Encryption with XCS Securemail • Auto-encryption  ensures consistent policy application, taking the decision-making out of the hands of users. Users can also manually trigger encryption. • Encrypted messages can be opened by any browser and on any mobile device. • Message encryption policies can be extremely granular and, once defined, applied automatically at the gateway. • Subscription-based, XCS Securemail does away with the need for a dedicated server, avoiding the costs associated with most encryption technology.

• O  ff-load spam & suspect email efficiently and effectively into a dedicated holding area. • F  rees email servers to process only legitimate email traffic. • S  upports multiple domains, organizations, and users. • A  vailable as a hardware appliance or as a free virtual appliance as part of your LiveSecurity support subscription. *Hardware redundancy available on 770R, 880, and 1180 models.

Address: 505 Fifth Avenue South, Suite 500, Seattle, WA 98104 • Web: www.watchguard.com • U.S. Sales: 1.800.734.9905 • International Sales: 1.206.613.0895 No express or implied warranties are provided for herein. All specifications are subject to change and expected future products, features or functionality will be provided on an if and when available basis. ®2013 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, and LiveSecurity are registered trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. All other tradenames are the property of their respective owners. Part No. WGCE66671_090913

Since 1996, WatchGuard Technologies has provided more than 600,000 security appliances to hundreds of thousands of customers worldwide. Our Extensible Content Security (XCS and XCSv) solutions offer the industry’s best defense-in-depth for email, web, and data loss prevention. With four physical appliances and four virtual editions to choose from, XCS and XCSv meet the messaging security requirements of businesses of all sizes, including solutions to protect the world’s most demanding email and

Eliminate Spam and Email-borne Threats The dangers carried by spam have never been greater. Highly sophisticated email scams are luring users to web sites where malicious code awaits. Data is stolen, malware propagated, and networks infected with spyware and botnets. WatchGuard XCS utilizes breakthrough innovations in email security to stop today’s spam threats. An “in the cloud” reputation lookup service blocks up to 98% of spam at the connection level, then the powerful anti-spam engine conducts a rigorous analysis of messages and attachments on the remaining email. The result is industry-leading spam protection, with huge savings in email processing overhead.

Extend Protection to Web Traffic Adding a Web Security subscription to your XCS appliance will extend that same powerful protection to all your web traffic as well. The cloud-based web reputation service determines the risk level of each web page to stop threats at the perimeter. URL filtering analyzes and blocks access to web sites based on pre-defined policies to reduce risks, prevent legal liabilities from inappropriate web surfing, and protect bandwidth.

Stop the Loss of Sensitive Data Confidential information can leave the network, accidentally or maliciously, in many ways. Email is the primary threat vector for data loss, yet web communications over popmail services such as Hotmail and Gmail, business collaboration tools, and social networking sites like LinkedIn and Facebook have become just as common egress points for sensitive data. The data loss prevention (DLP) capabilities of WatchGuard XCS enable tight control over all outbound traffic no matter

what the communication tool to keep sensitive, regulated, and classified information from exiting the network without authorization.

Encrypt Emails for Privacy and Compliance Given the volume of sensitive data that must pass between business networks, the decision isn’t if you should encrypt confidential email messages, but how. WatchGuard XCS SecureMail provides policy-driven, transparent encryption that is easy to deploy and manage. Messages can be opened by any browser and on any mobile device, Keys are issued dynamically, minimizing the risk of key corruption or unauthorized data recovery. And because it’s a fully integrated subscription, it beats the high cost and administrative burden of standalone encryption products.

Effectively Define Your Relationship with the Internet  CS solutions are rich in tools that support policy creation, X management, and enforcement. The XCS DLP Wizard guides administrators through DLP configuration controls quickly and simply. Built-in compliance dictionaries streamline policy-creation to meet a wide range of regulatory mandates. Granular controls provide enhanced visibility into data leaving the network. All email and web security can be managed across protocols from one centralized management console, using one set of corporate acceptable use and compliance policies for maximum efficiency and protection.

©2009 WatchGuard Technologies, Inc.

WatchGuard® XCS Products at a glance XCS 280

XCS 580

XCS 770R

XCS 880

XCS 1180

Small Business

Mid-Size Business

Mid-Size to Large Enterprise

Large Enterprise

Large Enterprise and ISPs

CHASSIS/PROCESSOR Form Factor

1U Shallow, Rack-Mountable

1U Shallow, Rack-Mountable

1U Mid, Rack-Mountable

1U Mid, Rack-Mountable

2U Deep, Rack-Mountable

Product Dimensions

11.5” x 17” x 1.75” (29.2 x 43.2 x 4.5 cm)

11.5” x 17” x 1.75” (29.2 x 43.2 x 4.5 cm)

28” x 19” x 1.75” (71 x 48 x 4.5 cm)

22.6” x 17” x 1.75” (57.4 x 43 x 4.5 cm)

23” x 17.5” x 3.5” (58.4 x 44.5 x 9 cm)

Shipping Dimensions

18” x 21” x 5” (45.7 x 53.3 x 12.7 cm)

18” x 21” x 5” (45.7 x 53.3 x 12.7 cm)

33” x 24” x 8” (84 x 61 x 20 cm)

29” x 23” x 8.5” (73.4 x 58.8 x 21.5 cm)

32” x 23.5” x 10” (81 x 60 x 25.4 cm)

16 lbs. (7.3 kg)

16 lbs. (7.3 kg)

49 lbs. (22 kg)

31 lbs. (14 kg)

56 lbs. (25.5 kg)

CPU

Intel Xeon Single-Core Processor

Intel Xeon Dual-Core Processor

Intel Xeon Quad-Core Processor

Intel Xeon Quad-Core Processor

Intel Xeon Quad-Core Processor

Power

Fixed, 600W, universal 100/240V

Fixed, 600W, universal 100/240V

Fixed, 600W, universal 100/240V

2 redundant hot-swap, 275W, universal 100/240V

2 redundant hot-plug, 350W, universal 100/240V

−

−

RAID 1, Hot-Swappable

RAID 1, Hot-Swappable

RAID 10, Hot-Swappable

4GB (1 x 4GB) DDR3 1333MHz

4GB (1 x 4GB) DDR3 1333MHz

4GB (2 x 2GB) DDR3 1066 MHz

8GB (2 x 4GB) DDR3 1600MHz

8GB (2 x 4GB) DDR3 1600MHz

320GB SATA-II, 7.2K RPM

320GB SATA-II, 7.2K RPM

2 500GB SATA-II, 7.2K RPM

2 x 1TB SATA, 7.2K RPM

4 x 300GB SAS, 15K RPM

3 Intel Gigabit Ethernet / 1 RS-232 (DB-9) Serial Port

3 Intel Gigabit Ethernet / 1 RS-232 (DB-9) Serial Port

4 Intel Gigabit Ethernet / 1 RS-232 (DB-9) Serial Port

4 Intel Gigabit Ethernet / 1 RS-232 (DB-9) Serial Port

4 Intel Gigabit Ethernet / 1 RS-232 (DB-9) Serial Port

Anti-Spam / Anti-Virus / Anti-Malware











Blended Threat Prevention











Reputation Enabled Defense











Spam Dictionaries











Pattern-based Message Filters











Message Quarantine











Inbound Attachment Control











URL Filtering*











Cloud-based Web Reputation Services*











Uncategorized Web Content Filtering*











Acceptable Web Usage*











Web Application Control*











Shipping Weight

STORAGE RAID Memory Hard Disk Drives PORTS Ethernet / Serial THREAT PROTECTION

WEB SECURITY (subscription-based)

Web Traffic Enhancements*

Web caching / large file downloads with rapid scan / streaming media control / traffic management and clustering

DATA LOSS PREVENTION Pattern-based Content Rules











TLS / Message-level encryption**

TLS / Message-level encryption**

TLS / Message-level encryption**

TLS / Message-level encryption**

TLS / Message-level encryption**

Compliance Dictionaries











Objectionable-Content Filtering











Transparent Remediation











Encryption

Additional Capabilities MANAGEMENT & REPORTING REDUNDANCY SUPPORT AND MAINTENANCE

*Available for all XCS models with a WatchGuard XCS Web Security Subscription.

DLP Wizard / Outbound content and attachment scanning / outbound attachment control / document fingerprinting and data classification Centralized management / archiving (third party) / on-box reporting / user-based reporting / messaging logs / customizable granular policies, including time-based web access policies and IP-based policies / customizable granular reports Message-level redundancy / on-demand clustering / geographical redundancy / queue replication

(hardware redundancy available on 770R, 880, and 1180 models only)

All XCS models include LiveSecurity Plus for 24/7 technical support, hardware warranty, and software updates

**Available for all XCS models with a WatchGuard XCS SecureMail Email Encryption Subscription.

©2013 WatchGuard Technologies, Inc.

et

he Datas

XTM Security Subscriptions For defense-in-depth against network threats

DATA LOSS PREVENTION (DLP) The DLP subscription prevents data breaches by scanning text and common file types in email, web, and FTP traffic to detect sensitive information attempting to exit the network. ■

 A built-in library of over 200 rules allows IT to quickly create and update corporate DLP policies.

■

 Built-in sensors are included for PCI DSS and HIPAA compliance mandates.

APPLICATION CONTROL Available for all xtm solutions WatchGuard offers seven UTM (unified threat management) security subscriptions for its XTM appliance family so businesses can layer on protection where they need it most. These services complement the built-in defenses of your WatchGuard XTM firewall, boosting protection in critical attack areas, including assaults from spyware, spam, viruses, trojans, web exploits, and blended threats.

Application Control has become an essential component of next-generation security. It protects the network and keeps users on the tasks that matter by blocking unproductive and inappropriate apps. ■

 Gain control over 2,000 web and business applications, using more than 2,500 unique signatures.

■

 Have complete visibility into applications used, with intuitive monitoring and reporting capabilities.

■

Control usage of applications by category, application, or application sub-functions.

INTRUSION PREVENTION SERVICE (IPS) By adding an IPS subscription, your network gains in-line protection from attacks, including buffer overflows, SQL injections, and cross-site scripting attacks. ■

■

“ Not only are we saving money, we have content filtering much more effective than what we had before.” Wilson Chan Information Systems Manager Durham School District

All ports and protocols are scanned to block network, application, and protocol-based attacks.  Blocked sites list saves valuable processing time by dynamically blocking IP addresses that have been positively identified as the source of an attack.

WEBBLOCKER URL and content filtering are indispensable for controlling access to sites that host objectionable material or pose network security risks. These include known spyware and phishing sites. ■

■

 Configure over 100 web categories to stop the sites and web tools you most want to block, and enable access by user, group, domain, and need for maximum flexibility  URL database is hosted in the cloud to simplify setup and administration. A local install option is also available.

GATEWAY ANTIVIRUS Scans traffic on all major protocols to stop threats before they can gain access to your servers and execute their dangerous payloads. ■

■

Heuristic analysis identifies viruses and dangerous code that signatures can’t catch.  Decompresses and scans all common formats, including .rar, .zip, .gzip, .tar, .jar, .chm, .lha, .cab., .arj, .ace, .bz2, and multiple layers of compression.

REPUTATION ENABLED DEFENSE WatchGuard XTM is the only unified threat management system on the market that includes a powerful, cloud-based reputation lookup service to ensure faster, safer web surfing. ■

■

 Continuous updates keep current with dynamic web content and changing web conditions.  Up to 50% of URL scanning can be skipped without compromising security, resulting in faster browsing times and greater throughput at the gateway.

SPAMBLOCKER Rely on spamBlocker’s industry-leading Recurrent Pattern Detection (RPD™) technology to detect spam outbreaks as they emerge for immediate, continuous protection from unwanted and dangerous email. ■

■

 Block spam regardless of the language, format, or content of the message – even image-based spam that other anti-spam products often miss. RPD identifies and blocks viral payloads for an additional layer of real-time anti-virus protection. WatchGuard® Technologies, Inc.

Watchguard utm platform

Flexible architecture blocks network threats while optimizing performance WatchGuard’s UTM (unified threat management) platform is designed to allow network traffic to pass through a full suite of UTM services— from anti-spam protection to Data Loss Prevention—at top performance levels. Leveraging the power of multi-core processing, the platform runs all scanning engines simultaneously for maximum protection and blazing fast throughput. Resources are allocated based on the flow of data and the security services that data requires. For example, if web filtering needs more horsepower, additional processors are automatically applied so web traffic keeps moving and your business stays secure.

managing subscriptions is easy

Best-of-breed UTM

All security functionality on your WatchGuard XTM solution, including UTM subscriptions, can be managed from a single intuitive console.

WatchGuard uses a best-of-breed strategy to create the most reliable security solutions on the market. By partnering with industry-leading technology vendors, WatchGuard delivers an all-star family of UTM network security products.

kNow what’s happening on your network at all times  Any security activity identified by a service is logged and stored

■

for easy reporting so you can take immediate preventive or corrective action. ■

A  ll management tools, including rich reporting and monitoring, are included with your WatchGuard XTM purchase. There is no additional hardware or software to buy.

How to purchase WatchGuard UTM services are available in single and multi-year subscriptions. Contact your local authorized WatchGuard reseller for more information on how to add best-of-breed UTM defenses to your WatchGuard XTM appliance, including bundled services and special promotions.

■

■

■

■

■

U.S. SALES 1.800.734.9905

AVG—A consistently high performer in independent Virus Bulletin testing provides the engine for Gateway AntiVirus.  Commtouch—Patented RPD® technology in the Cloud provides spamBlocker with the only effective anti-spam solution for low footprint UTM appliances. Up to 4 billion messages per day reviewed. Websense—Supplies the cloud-based URL database for WebBlocker. Security coverage is supplemented by Websense Security Labs and their ThreatSeeker Network.  Trend Micro—Leading provider of IPS and Application signatures, delivering comprehensive protection against the latest Internet threats.  Sophos—Leading provider of email and endpoint security, including DLP, for enterprises worldwide.

International Sales +1.206.613.0895 www.watchguard.com

No express or implied warranties are provided for herein. All specifications are subject to change and expected future products, features or functionality will be provided on an if and when available basis. © 2013 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, and LiveSecurity are registered trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. All other tradenames are the property of their respective owners. Part No. WGCE66481_121113

et

he Datas

WatchGuard® AP100 and AP200 Wireless Access Points AP Technology at a Glance

The mass adoption of smart wireless devices like tablets,

Best-in-class hardware

smartphones and notebooks is driving the BYOD (bring your

What’s behind the AP100 and AP200 WatchGuard’s wireless access points are built using the latest generation of wireless hardware, incorporating advanced technologies to deliver 2x2 MIMO with dual spatial streams capable of handling data rates up to 600 Mbps.

Ease of management With unified management tools, administrators can easily manage both their AP devices and XTM appliances from a single console.

Strong security Features like MAC filtering, client reporting, Captive Portal technology, 802.1X authentication, and PCI compliant scan and reporting, ensure a strong WLAN security stance.

Simple roaming WatchGuard AP devices have you covered, with up to 16 SSIDs, and seamless network access when roaming between access points.

Great coverage, low profile

own device) explosion, putting ever increasing demands on wireless networks. This pressure, coupled with the “wild west” nature of WLAN, means it is now more important than ever to have control of your entire network – both wired and wireless – with best-in-class security, integrated security policies, and increased visibility. Extend best-in-class UTM security to the WLAN Protecting against today’s sophisticated blended threats requires multiple security capabilities, and these threats don’t discriminate between a wired or wireless network path to their targets. WatchGuard’s AP100 and AP200 meet this challenge by extending best-in-class UTM security – including application control, intrusion

Powerful radios and internal antennas housed in a sleek design allow for maximum coverage with a subtle deployment profile, suitable for any space.

prevention, URL and web content filtering, virus and spam blocking and more – from

Flexible power options

of mobile devices without putting network assets at risk.

Power options include Power Over Ethernet (PoE), A/C adapter (included), and PoE injector (optional) for maximum deployment flexibility. AP200’s plenum enclosure offers safety code compliance for those who need it.

Integrate wired and wireless security policies

Lower TCO  ealize big cost savings, with no separate R controller hardware costs, no per-­AP “seat” charges, and no controller software license fees.

the XTM to the WLAN. With the AP100 and AP200, businesses can harness the power

WatchGuard’s AP100 and AP200 allow users to easily apply security policies to wired and WLAN resources simultaneously , which is critical to enforcing security standards across the entire network infrastructure. And updating integrated policies couldn’t be simpler – creating huge IT time-savings.

Unified device management Unified device management tools offer a “single pane of glass” view into network security activities and allow users to configure and manage their AP100/AP200 and XTM devices from one place – reducing both setup time and maintenance costs.

WatchGuard® Technologies, Inc.

AP100 and AP200 Technical Specifications AP100

AP200

Environmental Information

Hardware Details Number of Radios

1

2

2.4GHz or 5GHz (selectable)

Supported Frequencies (summary) Radio characteristics

Radio 1 = 5GHz

Radio 2 = 2.4GHz

2,400-2.474GHz, 5.150-5.250GHz, 5.2505.350GHz, 5.470-5.725GHz, 5.725-5.850GHz

Antenna

4 internal, omnidirectional

Peak Antenna Gain Maximum TX Power*

3 dBi

4 dBi

3 dBi

2.4GHz = 17dBm 5GHz = 20DBm

5GHz = 20dBm

2.4GHz = 21dBm

Data Rate

300 Mbps

SSID Plenum Enclosure (fire resistant)

16

No

Yes

WPA-PSK, WPA2-PSK, WPA2-PSK Mixed, WPA2Enterprise 802.1x, TKIP, AES

Security Settings Ethernet

PoE, A/C Adapter

MTBF

> 500,000 Hours

Physical Security

Kensington Lock 802.11a/b/g/n, 802.11i, 802.1x, 802.3af/at, 802.1Q

IEEE Standards Supported

Deployment

-40 to 158° F (-40° to 70° C)

Non-Operating Relative Humidity

5% to 90% Non-condensing

Input Voltage

100 - 240V AC

Frequency

50/60Hz

Input Current Maximum

400mA

Output Voltage

12V

Output Current

1250mA

IEEE Standard

802.3af

Input Voltage

100 - 240V AC

Output Voltage

56V

Output Power

15.4W

Product Dimensions

6.5” RD x 1.75” H (16.5 x 4.4 cm)

Shipping Dimensions

7” x 7.25” x 4.5” (17.8 x 18.4 x 11.4 cm)

Product Weight

.75 lbs (.34 kg)

Shipping Weight (includes A/C adapter, mounting kit, etc.)

2 lbs (.91 kg)

Mounting Kit

Included

Certifications

1-year or 3-year subscription to LiveSecurity® Service for hardware warranty with advance hardware replacement, technical support, software updates - included with purchase

Support & Maintenance

Storage Temperature

Dimensions

1GBe

Power Options

5% to 90% Non-condensing

PoE Injector (optional)

600 Mbps

8

32 to 104 F° (0 to 40° C)

Operating Relative Humidity

AC Power Adapter

2x2 MIMO Dual Spatial Streams

Supported frequencies*

Operating Temperature

Indoors

Wireless

FCC, IC, CE

Safety

NRTL/C, CB, CE

Control of Hazardous Substances

WEEE, RoHS, REACH

*Country-specific restrictions apply

Suggested† Number of Access Points by XTM Model and XTMv Edition XTM Models Number of Access Points

2 Series**

3 Series

5 Series

8 Series

800 Series

XTM 1050

1500 Series

XTM 2050

XTM 2520

up to 5

up to 15

up to 35

up to 70

up to 100

up to 100

up to 100

up to 100

up to 100

XTMv (virtual) Editions

Small Office

Medium Office

Large Office

Datacenter

Number of Access Points

up to 25

up to 50

up to 75

up to 100

Number of Access Points is not restricted by license

†

**

Not available on XTM 21, 22, 23 models

Reset Button Ethernet Connector

AC Power

To learn more about the WatchGuard AP100 and AP200, contact your WatchGuard reseller, or visit us at www.watchguard.com/AP

Kensington Lock

LED U.S. SALES: 1.800.734.9905 INternational Sales: +1.206.613.0895 WEB: www.watchguard.com No express or implied warranties are provided for herein. All specifications are subject to change and expected future products, features or functionality will be provided on an if and when available basis. © 2013 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, and LiveSecurity are registered trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. All other tradenames are the property of their respective owners. Part No. WGCE66797_032613