The firewall commendably defaults to blocking all incoming unsolicited traffic on the external interface but you can modify this with custom rules. We’ve found a large number of SME firewall vendors leave you high and dry at this point but Watchguard bucks the trend by providing plenty of help in its copious documentation. You can also use extra rules to restrict traffic between the trusted and optional networks.
Setting up mobile client IPsec VPNs is never an easy task – one reason why SSL VPN appliances are growing in popularity. Even so, Watchguard does make a valiant effort at providing all the necessary information. Setting up a user’s VPN account at the X15w creates a unique configuration file which must be copied to the client system along with the MUVPN software which is downloaded from Watchguard’s support site. The least secure part of this process is supplying the user with a shared key which, obviously, shouldn’t be emailed to them. All the user then needs to do is activate the security policy and select the Connect option to create a VPN tunnel with the appliance. Usefully, you can force wireless users to connect over a VPN tunnel as well.
The WebBlocker option has been a standard feature on the Fireboxes for some time and is a hosted service managed by SurfControl. It costs £64 for the first year with a yearly renewal fee of only £48 and with this in action you can select from fourteen content categories that you want blocked. Users that attempt to access a banned site are redirected to the appliance which delivers a warning message and only with a valid password can they override the block. You can also enforce authentication from any client requesting Internet access. SurfControl runs one of the better content filtering services and it showed during testing with it spotting all our attempts to access dodgy websites.
The price also includes a one year subscription for five seats to McAfee’s VirusScan ASaP service. This is a cut-down version of McAfee’s main anti-virus software which provides real-time and on-demand scanning but it’s totally independent of the appliance which plays no part in management of this component.
The Firebox X15w is a great idea for small businesses that need an all-in-one security solution and as existing Firebox users we would seriously consider upgrading. However, for first time users there is a lot of competition, some of which costs a lot less. Take Billion’s myGuard 7500GL for example – it may be more basic, but it does provide a similar level of features which includes web content filtering and managed anti-virus services but costs around a third of the X15w’s price.