WatchGuard puts high-end security in low-end boxes

WatchGuard is adding proxy firewall capabilities that screen HTTP, FTP and POP3 traffic
  • Tim Greene (Network World)
  • 05 December, 2006 07:09

WatchGuard is adding high-end security features to its low-end protection devices to make it more affordable for customers to put advanced network defenses at their sites.

The company is adding proxy firewall capabilities that screen HTTP, FTP and POP3 traffic, at the application layer, making it more secure than a network-layer firewall, because it checks payloads and attachments for malware.

The new capabilities are being added to Firebox X Edge 20e and 55e devices, including the models of each that include a wireless access point. These devices sit between the Internet and office networks and include firewalls, VPNs, traffic shaping, WAN failover options, Web filtering and virus scanning.

WatchGuard also is bundling these devices with three security services for a flat price. These packages include WatchGuard's Gateway Anti-virus/Intrusion Prevention System, spamBlocker, WebBlocker and Live Security services.

One-year subscriptions for the services plus a Firebox X Edge 20e cost US$800 with the standard hardware and US$900 for the wireless version. The same service bundle with the Firebox X Edge 55e costs US$1,200 for the standard hardware and US$1,300 for the wireless version. The company has not set the price for renewing the services after the first year.

The upside of these devices is that they are less expensive than buying separate devices that support each function, so they are easier to manage and install.

But they are not for all businesses, says Rob Whiteley, an analyst with Forrester Research. Large corporations don't want multifunction security devices because they want to keep security, acceleration and routing technology separate for internal billing purposes. Different IT departments handle these separate infrastructure technologies, he says.

Surveys by Forrester indicate the desire for such integrated devices shrinks as businesses get larger. "Large companies want them the least," Whiteley says.

However, retail companies like these products because they have many sites without dedicated IT staff, he says. It is simpler for IT to place a manageable multifunction device in stores than to place separate routers, firewalls, virus scanners and content filters, he says.

These multifunction boxes - also called unified threat management (UTM) gear - are not meant for the smallest businesses, either, Whiteley says. "They bring the costs down, but for small businesses, it's still too much," he says.

Plus Cisco and Juniper, whose multifunction routers are moving downscale, may be able to attract low-end customers because their devices can be integrated into their network architecture, he says. In addition, Check Point, Crossbeam, Fortinet, ServGate, SonicWall, Xyzel offer a spectrum of these UTMs as well.

The new Firebox X Edge software Version 8.5 with the new security features will be available by the end of this month, WatchGuard says.