Free Consultant
Hỗ trợ tại Hà Nội
Hỗ trợ tại TP.HCM
Hỗ trợ kỹ thuật
Bộ phận kinh doanh

WatchGuard XTM 23

Extensible Threat Management for Growing Businesses

WatchGuard XTM 2 Series Appliance

Customers Please Note - WatchGuard has announced an end of sale (EOS) for the XTM 21, 22 and 23 series on June 30, 2012. Orders will be accepted until stock is depleted. We encourage all customers to purchase the new XTM 25 and XTM26 Series that include a faster CPU at the same price!

Try the New XTM 25 Series, Faster CPU, Same Price!

WatchGuard Product
XTM 23 Trade Up Program - Security Bundle - More Details
XTM 23 Series Security Bundle, 1-Year
* Includes Appliance, Gateway AV/IPS, SpamBlocker, WebBlocker, LiveSecurity, Application Control and Reputation Enabled Defense
* Special Pricing with Trade Up Program

WatchGuard XTM 23 Series Overview:

WatchGuard® XTM 2 Series appliances deliver a new class of performance driven security. Network protection is stronger than ever, with full HTTPS inspection and VoIP support. All models have three 1-Gigabit Ethernet ports for faster link speeds, and optional wireless capabilities include dual-band 802.11n technology for greater wireless speed and responsiveness. An XTM 2 Series appliance can be used as a stand-alone security solution for a small business, and makes an ideal endpoint for connecting a secure VPN tunnel back to a WatchGuard XTM or WatchGuard Firebox network.

With a WatchGuard® XTM 2 Series appliance, your network is:


  • Application-layer content inspection recognizes & blocks threats that stateful packet firewalls cannot detect.
  • Wide-ranging proxy protection comes from robust security on HTTP, HTTPS, FTP, SMTP, POP3, DNS, TCP/UDP.
  • Security subscriptions boost protection in critical attack areas for complete unified threat management.
  • Includes Skype blocking – the first of a new generation of built-in application-blocking capabilities.
  • Delivers integrated SSL VPN for simple, anywhere-anytime network access.


  • Scriptable CLI supports interoperability and allows easy integration into existing infrastructure for quick, direct connection.
  • Interactive, real-time monitoring and reporting – at no extra charge – give an unprecedented view into network security activity, so you can take immediate preventive or corrective actions.
  • Intuitive management console centralizes configurations and streamlines remote management.
  • Three 1-GbE interfaces allow faster link speeds, which is particularly useful for trusted LAN.
  • Role-based access control (RBAC) allows top administrator to create custom roles for granular control.
  • Drag-and-drop Branch Office VPN setup – three clicks and your remote office is connected.


  • Call setup security for VoIP means you don’t need to “wire around the firewall” to take advantage of the big cost savings that VoIP can generate.
  • WAN and VPN failover increase performance, redundancy, and reliability.
  • Multiple VPN choices deliver flexibility in remote access.
  • Includes PPPoE options for modem setup and scheduled redial for predictable PPPoE session restarts where regional providers require them, without the disruption of a full appliance reboot.
  • Advanced networking features, like transparent bridge mode and multicast over VPN, allow you to add security without needing to change existing network infrastructure.

Wired or Wireless - Your Choice:

  • Wireless models include optional dual-band 802.11n technology for much more responsive wireless network connection and expanded range. Allows users to access 2.4 GHz or less crowded 5GHz band.
  • Three distinct wireless security zones (VAPs) give administrators precise control over Internet access privileges for different user groups.
  • Wireless guest services segment the Internet for customers/guests.


  • Multi-layered, interlocking security protects the network.
  • Secure remote connectivity keeps mobile workforce productive.
  • Intuitive, centralized management gives you the control you need to manage efficiently.
  • Choice of wired or wireless models to suit your specific business requirements.
  • Security and reporting tools support industry and regulatory compliance.

Fireware XTM includedFireware XTM included
Our newest Fireware XTM OS increases security and networking capabilities. When you're ready, it's easy to upgrade to the Pro version of the OS for even more features.

Faster, safe web surfingFaster, safe web surfing
Add a simple subscription to Reputation Enabled Defense to your XTM solution and your organization will have faster web performance and even stronger security – with no additional hardware to buy.

Multiple VPN choicesMultiple VPN choices
Have flexible remote access options, including IPSec, SSL, and support for iOS devices such as iPhone, iPad, and iPod touch.

Affordable security for small businessAffordable security for small business
Comprehensive network protection at a digestible price point — your network and your bottom line should be pretty happy about that.

3 ways to manage your appliance3 ways to manage your appliance
Now you have the power to choose how you manage your WatchGuard appliance including, WatchGuard System Manager, the command line interface, and a web UI for access from anywhere, anytime.

Hardware-less upgradesHardware-less upgrades
We won't make you buy new hardware as your security demands grow. You can use simple software license keys to add functionality and increase protection as your network requires it.

Reporting made easyReporting made easy
Monitoring and reporting tools, included at no extra cost, support compliance, with drill-down functions that make it easy to pinpoint specific activities.

Application ControlApplication Control
Control the use of Web 2.0 and other applications on your network for tighter security, better use of bandwidth, and greater productivity.

Green securityGreen security
Our firewalls are designed with efficiency in mind, consuming very little energy. Compare our power consumption to other security products and see how WatchGuard can make your data center more energy efficient. Green up your network with WatchGuard.



WatchGuard Model XTM 21 / 21-W XTM 22 / 22-W XTM 23 / 23-W
Throughput & Connections
Firewall Throughput* 110 Mbps 150 Mbps 195 Mbps
VPN Throughput* 35 Mbps 55 Mbps 55 Mbps
XTM Throughput* 18 Mbps 30 Mbps 40 Mbps
Interfaces 10/100 3 copper 3 copper 3 copper
Interfaces 10/100/1000 3 copper 3 copper 3 copper
I/O Interfaces 2 USB 2 USB 2 USB
Nodes Supported (LAN IPs) Unrestricted Unrestricted Unrestricted
Concurrent Connections 10,000 20,000 30,000
Local user auth. DB limit 100 200 200
Model Upgradeable Yes Yes No
Wireless Available** 802.11a/b/g/n 802.11a/b/g/n 802.11a/b/g/n
VPN Tunnels (included / Maximum)
Branch Office VPN 5 20 50
Mobile VPN IPSec 1 / 11 5 / 25 5 / 55
Mobile VPN SSL 1 / 11 1 / 25 55 / 55
Security Features
Firewall Stateful packet inspection, deep application inspection, application proxies
Application Proxies HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3
Threat Protection Blocks spyware, DoS attacks, fragmented & malformed packets, blended threats, and more
VoIP H.323. SIP, call setup and session security
Security Subscriptions Application Control, WebBlocker, spamBlocker, Gateway AntiVirus, Intrusion Prevention Service, Reputation Enabled Defense
VPN & Authentication
Encryption DES, 3DES, AES 128-, 192-, 256-bit
IPSec SHA-1, IKE pre-shared key, 3rd party cert
VPN Failover Yes
SSL Thin client, Web exchange
PPTP Server and Passthrough
Single Sign-on Transparent Active Directory Authentication
XAUTH Radius, LDAP, Windows Active Directory
Other user authentication VASCO, RSA SecurID, web-based, local 802.1X for XTM 2 Series wireless
Management Platform WatchGuard System Manager (WSM)
Alarms and Notifications SNMP v2/v3, Email, Management System Alert
Server Support Logging and Reporting with Server Health status, Quarantine, WebBlocker, Management
Web UI Supports Windows, Mac, Linux, and Solaris OS
Command Line Interface Includes direct connect and scripting
Standard Networking
QoS 8 priority queues, DiffServ, modified strict queuing
IP Address Assignment Static, DynDNS, PPPoE, DHCP (server, client, relay)
NAT Static, dynamic, 1:1, IPSec traversal, policy-based
Support and Maintenance
LiveSecurity Service Hardware warranty, 12/5 technical support with 4-hour response time, software updates, threat alerts
Multi-year subscriptions available
Security ICSA VPN, FIPS 140-2 (EAL4+ in progress)
Safety NRTL/C, CB
Network IPv6 Ready Gold (routing)
Hazardous Substance Control WEEE, RoHS, REACH
Dimensions and Power
Product Dimensions - Wired 6.1" x 7.5" x 1.25" (15.5 x 19.0 x 3.2 cm)
Product Dimensions - Wireless
(antennae up)
7.75" x 10.75" x 5" (19.7 x 27.3 x 12.7 cm)
Shipping Dimensions 10.75" x 13.25" x 3.4" (27.3 x 33.7 x 8.6 cm)
Shipping Weight - Wired 3.2 lbs (1.45 Kg)
Shipping Weight - Wireless 3.6 lbs (1.6 Kg)
AC Power 100-240 VAC Autosensing
Power Consumption - Wired U.S. 23.33 Watts (80 BTU/hr)
Power Consumption - Wireless U.S. 24.0 Watts (82 BTU/hr)
Rack Mountable No (wall mount bracket included)
  Operating Storage
Temperature 32° F to 104° F (0° C to 40° C) -40° F to 158° F (-40° C to 70° C)
Relative Humidty 10% to 85% non-condensing 10% to 95% non-condensing
Altitude 0 to 9,843 ft @ 95° F (3,000 m @ 35° C) 0 to 15,000 ft @ 95° F (4,570 m @ 35° C)
  Wired Wireless
MTBF 129,955 hours @ 104° F (40° C ) 103,612 hours @ 104° F (40° C )

Powered by Fireware® XTM and XTM Pro

XTM 2 Series appliances can be upgraded to the Pro version of the Fireware XTM operating system with a simple License purchase***. Advanced networking features include:

Networking Features Fireware XTM Fireware XTM Pro
Routing Static Dynamic (BGP4, OSPF,RIP v1/2), Policy-based
SSL 1 SSL tunnel available Maximum number of SSL tunnels available
VLAN support 20 50
Other Features Port Independence Transparent/drop-in mode Multi-WAN failover
Multi-WAN load balancing

*Throughput rates will vary based on environment and configuration
** All XTM 2 Series appliances are available in wireless versions under the model numbers XTM 21-W, XTM 22-W, XTM 23-W, XTM-25-W, and XTM-26-W
*** The XTM-23 and XTM-23-W Series ship with Fireware XTM Pro series installed.

Models Comparison:

WatchGuard Model XTM 21/21-W XTM 22/22-W XTM 23/23-W XTM 25/25-W XTM 26/26-W
Ideal For Remote offices, small businesses that need and easy-to-manage solution at a great price. Available in wired and wireless models. Remote offices, small business, wireless hotspots that want an affordable, all-in-one security solution. Available in wired and wireless models.
Model Upgradeable X X N/A X N/A
Interfaces 3: 10/100/1000 and 3:10/100 3: 10/100/1000 and 3:10/100 3: 10/100/1000 and 3:10/100 5 1GbE 5 1GbE
Application Proxies HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3, SIP, H.323, TFTP
Intrusion Prevention (DOS, DDOS, PAD, port scanning, spoofing attacks, address space probes, and more) X X X X X
Wireless Models Only 802.11b/g/n, WPA, WPA2, WEP, Wireless Guest Services
User Authentication with transparent Windows authentication X X X X X
Firewall Throughput** 110 Mbps 150 Mbps 195 Mbps 110 Mbps 350 Mbps
VPN Throughput** 35 Mbps 55 Mbps 55 Mbps 35 Mbps 55 Mbps
XTM Throughput** 18 Mbps 40 Mbps 40 Mbps 20 Mbps 30 Mbps
Concurrent Sessions*
10,000 20,000 30,000 10,000 30,000
VPN Tunnels
Branch Office VPN Tunnels (Max.) 5 20 50 10 40
Mobile VPN with SSL (Incl/Max) 1 / 11 5 / 25 55 1 / 11 1 / 25
Mobile VPN with IPSec Client Licenses (Bundled) 1 5 5 5 5
Mobile VPN with IPSec Tunnels (Max.) 11 25 55 10 40
VPN Authentication X X X X X
Mobile VPN IPSec (incl/max) 1-device WatchGuard System Manager license included with purchase.
Networking Features
Dynamic NAT X X X X X
Static NAT X X X X X
One to One NAT X X X X X
VLAN 20, upgradeable to 50 with Fireware® XTM Pro upgrade 20, upgradeable to 50 with Fireware® XTM Pro upgrade 50 20, upgradeable to 50 with Fireware® XTM Pro upgrade 20, upgradeable to 50 with Fireware® XTM Pro upgrade
Policy-Based Routing Optional with Fireware XTM Pro Optional with Fireware XTM Pro X Optional with Fireware XTM Pro Optional with Fireware XTM Pro
WAN Failover Optional with Fireware XTM Pro Optional with Fireware XTM Pro X Optional with Fireware XTM Pro Optional with Fireware XTM Pro
Multi-WAN Load Balancing Optional with Fireware XTM Pro Optional with Fireware XTM Pro X Optional with Fireware XTM Pro Optional with Fireware XTM Pro
Server Load Balancing N/A N/A N/A N/A N/A
Traffic Management/QoS X X X X X
High Availability Active/Active or Active/Passive N/A N/A N/A N/A N/A
Dynamic Routing Optional with Fireware XTM Pro Optional with Fireware XTM Pro Optional with Fireware XTM Pro Optional with Fireware XTM Pro Optional with Fireware XTM Pro
VoIP (SIP and H.323)Support X X X X X
Networking Features
Application Control Optional Optional Optional Optional Optional
Reputation Enabled Defense Optional Optional Optional Optional Optional
spamBlocker with Virus Outbreak Detection Optional Optional Optional Optional Optional
Gateway AntiVirus/ Intrusion Prevention Service (IPS) Optional Optional Optional Optional Optional
WebBlocker with HTTPS URL filtering Optional Optional Optional Optional Optional
LiveSecurity® Service 1-year and 3-year subscriptions available

*Concurrent sessions here represent the number of bi-directional connections.
**Throughput rates will vary based on environment & configuration.

Product View:

WatchGuard XTM 2 Series - Rear View

Options & Upgrades:

Turn your WatchGuard XTM security appliance into a complete threat management solution with a WatchGuard Security Suite.

Application ControlApplication Control
Application Control enables IT administrators to monitor and control access to web and business applications to enforce policy, and protect productivity and network bandwidth.

WebBlocker content and URL filtering subscription helps eliminate legal liabilities resulting from inappropriate web surfing, while increasing employee productivity and protection from web-based attacks.

Gateway AntiVirusGateway AntiVirus
Gateway AntiVirusis a fully integrated, signature-based security subscription that identifies and blocks known spyware, viruses, trojans, and blended threats in real time.

LiveSecurity ServiceLiveSecurity Service
LiveSecurity Service, a high-value support and maintenance program that you activate online when you register your product. LiveSecurity delivers technical support, hardware warranty with advance hardware replacement, the latest software updates, and threat alerts.

Reputation Enabled DefenseReputation Enabled Defense
Reputation Enabled Defense delivers a powerful, cloud-based URL reputation service that protects web users from malicious web pages, while dramatically improving web processing overhead.

spamBlocker is the best in the industry at distinguishing legitimate communication from spam outbreaks in real time, blocking nearly 100% of unwanted emails and the viral payloads they carry.

Intrusion Prevention ServiceIntrusion Prevention Service
Intrusion Prevention Service works hand-in-hand with your WatchGuard firewall's application layer content inspection to provide real-time protection from threats, including SQL injections, cross-site scripting, and buffer overflows.


Nhà phân phối chính thức thiết bị Tường Lửa WatchGuard tại Việt Nam