Free Consultant
Sales HCM - Hà Nội
Hỗ trợ kỹ thuật

WatchGuard XTM 2520

Fully Extensible, Enterprise-Class Protection & Productivity Safeguards

WatchGuard XTM 2520 Series Next-Generation Firewall

WatchGuard XTM 2520 Series Overview:

The XTM 2520 is a powerhouse. High-performance 35 Gbps firewall throughput combines with strong protection, flexible management, and a multitude of connectivity options to deliver the ultimate enterprise-grade network security solution. The 2520 delivers unparalleled visibility into real-time and historical user, network, and security activities. This allows businesses to easily define, enforce, and audit strong security and acceptable use policies, resulting in increased employee productivity and less risk to critical intellectual property and customer data. VPN failover, WAN failover, and High Availability features ensure that mission-critical data keeps flowing. Real-time monitoring and rich reporting are included at no additional cost.

Outstanding performanceScreaming-fast throughput
Up to 35 Gbps firewall throughput, 10 Gbps VPN throughput, and a jaw-dropping 15 Gbps throughput with full IPS and antivirus threat protection enabled. No one in the network security industry can top that number!
Unified security in a BYOD environmentUnified security in a BYOD environment
Open the door to limitless productivity with tools to connect your people securely, even when they use personal devices like iPads and Androids. Anywhere, anytime secure access is today's greatest competitive edge.
Always know what's happening on your networkAlways know what's happening on your network
Pinpoint significant network activities to take immediate corrective or diagnostic actions directly from the interactive, real-time monitoring. All logging and reporting functions also included with purchase.
Easily manage many appliancesEasily manage many appliances
Distributed organizations and MSSPs will especially appreciate the intuitive tools that support policy creation, management, and enforcement across multiple locations.
Comprehensive protectionComprehensive protection
Best-in-class security services boost protection in critical attack areas, including gateway AV, URL and web content filtering, intrusion prevention, app control, spam blocking.
High port densityHigh port density
Twelve 1-Gigabit Ethernet ports and four 10G SFP+ support high-speed LAN backbone infrastructures, as well as gigabit WAN connections.
Quick and secure setupQuick and secure setup
Take advantage of innovative features like drag-and-drop VPN creation and RapidDeploy technology to make fast work of extending your network.
Advanced NetworkingAdvanced networking
WatchGuard's advanced OS provides active/active high availability with load balancing, dynamic routing, VLAN support, and multi-WAN failover to ensure reliability.
Application ControlApplication Control
Control the use of Web 2.0 and other applications on your network for tighter security, better use of bandwidth, and greater productivity.
3 ways to manage your appliance3 ways to manage your appliance
Choose how you manage your WatchGuard appliance, using WatchGuard System Manager, the command line interface, and a web UI for access from anywhere.


Best-of-Breed Security

  • Application-layer content inspection recognizes and blocks threats that stateful packet firewalls cannot detect.
  • Powerful subscription-based security services boost protection in critical attack areas for multiple layers of defense. By partnering with leading technology providers, WatchGuard is able to integrate best-of-breed security components into one UTM platform for stronger security at big cost savings.
    • Application Control keeps unproductive, inappropriate, and dangerous applications off limits.
    • Intrusion Prevention Service delivers in-line protection from malicious exploits, including buffer overflows, SQL injections, and cross-site scripting attacks.
    • WebBlocker controls access to sites that host objectionable material or pose security risk.
    • Gateway AntiVirus (GAV) scans traffic on all major protocols to stop threats.
    • spamBlocker delivers continuous protection from unwanted and dangerous email.
    • Reputation Enabled Defense ensures faster, safer web surfing with cloud-based reputation
    • Data Loss Prevention (DLP) automatically inspects data in motion for corporate policy violations.
  • Advanced networking features, such as dynamic routing and link aggregation, allow you to add security without needing to change existing network infrastructure.
  • Multiple VPN choices (IPSec, SSL, L2TP) for secure remote access include support for Windows, Mac, Android and Apple iOS devices.

Easy to Manage

  • WatchGuard Dimension™ is a public and private cloud-ready security visibility solution that instantly turns raw data into security intelligence.
  • Interactive, real-time monitoring and reporting – at no additional charge – give an unprecedented view into network security activity so you can take immediate preventive or corrective actions.
  • Intuitive management console centrally manages all security functions.
  • Fast, secure remote configuration and rapid deployment tools make it easy for large distributed enterprises and managed service providers to grow their businesses.
  • Extend best-in-class UTM security to the WLAN by adding WatchGuard’s Wireless Access Points.
  • Drag-and-drop Branch Office VPN setup – three clicks and your remote office is connected.

Highest UTM Performance in the Industry

  • Firewall throughput of up to 35 Gbps to keep traffic moving.
  • Best UTM throughput in its class – up to 10 Gbps – even with strong security enabled.
  • No need to compromise protection for fast performance or vice versa. Multi-layered, interlocking security protects the network while throughput remains high.
  • WAN and VPN failover provide redundancy for increased reliability.
  • XTM 1525-RP and XTM 2520 models include four 10 Gb fiber ports, with 850 nm multimode SFP+ transceiver modules included for each interface.

Detailed Specifications:

XTM 2520 Next-Generation Firewall Detailed Specs
Firewall Stateful Packet Inspection, Deep Application Inspection, Proxy Firewall
Application Proxies HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3, SIP, H.323
Threat Protection Blocks spyware, DoS attacks, fragmented & malformed packets, blended threats & more
VoIP H.323. SIP, Call Setup and Session Security
Application Control Available with NGFW Bundle and Security Bundle
Intrusion Prevention Service Available with NGFW Bundle and Security Bundle
Gateway AntiVirus Available with Security Bundle
Reputation Enabled Defense Available with Security Bundle
spamBlocker Available with Security Bundle
WebBlocker Available with Security Bundle
VPN & Authentication
Encryption DES, 3DES, AES 128-, 192-, 256-bit
IPSec SHA-1, MD5, IKE pre-shared key, 3rd party cert
SSL Thin client
L2TP Works with native OS clients
PPTP Server & Passthrough
VPN Failover Yes
Single Sign-On Transparent Active Directory Auth.
XAUTH Radius, LDAP, Secure LDAP, Windows Active Directory
Other User Authentication VASCO, RSA SecurID, Web-based, Local, Microsoft Terminal Services and Citrix
Firewall Throughput* 35 Gbps
VPN Throughput* 10 Gbps
AV Throughput* 9.7 Gbps
IPS Throughput* 15 Gbps
UTM Throughput* Up to 10 Gbps
Concurrent Sessions (bi-directional) 3,500,000
New Connections per Second 135,000
Nodes Supported (LAN IPs)


BOVPN Tunnels Unrestricted
MUVPN Tunnels (IPSec/SSL/L2TP) Unrestricted
Operating System Fireware® XTM Pro
IP Address Assignment Static, DynDNS, PPPoE, DHCP (Server, Client, Relay)
Routing Static, dynamic (BGP4, OSPF, RIP v1/v2), Policy-based
Link Aggregation 802.3ad dynamic, static, active/backup
QoS 8 priority queues, diff serv, modified strict queuing
VLAN Support 4,000 VLANs: bridging, tagging, routed mode
High Availability Active/Passive, Active/Active with load balancing
NAT Static, dynamic, 1:1, IPSec NAT traversal, Policy-based NAT, Virtual IP
Other Networking Port independence, WAN failover, load balancing, transparent/drop-in mode
Management Platform

WatchGuard System Manager v11.7 or higher

4-device WatchGuard System Manager license included with purchase. 5-device bonus pack comes with activation.

Alarms and Notifications SNMP v2/v3, Email, Mgmt. System Alert
Server Support Logging, Reporting, Quarantine, WebBlocker, Management
Web UI Supports Windows, Mac, Linux, and Solaris OS with most common browsers
CLI Includes direct connect and scripting
Interfaces 12: 10/100/1000
4: 10G SFP+ Fiber
Other Ports 1 Serial, 2 USB
Product Dimensions 22" x 17" x 1.75" (56 x 43 x 4.4 cm)
Shipping Dimensions 28.5" x 21" x 5" (72 x 53 x 13 cm)
Weight 36 lbs. (16 kg)
AC Power 100-250 VAC Autosensing
Hot-Swap Power Supplies 2 redundant field-replaceable power supplies with integrated fan
Power Consumption U.S. 130 Watts (max), 444 BTU/hr (max)
Rack Mountable 1U rack mount kit with slide rack rail
WEEE/RoHS Compliant Yes
Security Certifications Pending: ICSA Firewall, ICSA VPN, CC EAL4+
Review Pending: FIPS 140-2
Network Certifications IPv6 Ready Gold (routing)
Safety Certifications NRTL/C, CB

*Throughput rates are determined using multiple flows through multiple ports and will vary depending on environment and configuration.

Product Comparison:

WatchGuard® Model XTM 1520-RP XTM 1525-RP XTM 2520
Ideal For Main offices/headquarters that need strong security and a solution that offers room for growth. Main offices/headquarters looking for fast throughput and strong security that grows with changing needs. Main offices/headquarters that need enterprise-grade performance & security
Model Upgradeable N/A N/A N/A
Interfaces 14: 10/100/1000 6: 10/100/1000
4: 10G SFP+
12: 10/100/1000
4: 10G SFP+
Intrusion Prevention (DOS, DDOS, PAD, port scanning, spoofing attacks, address space probes, and more) X X X
Wireless Models Only N/A N/A N/A
User Authentication with transparent Windows authentication X X X
Firewall Throughput 14 Gbps 25 Gbps 35 Gbps
VPN Throughput 10 Gbps 10 Gbps 10 Gbps
AV Throughput 8 Gbps 9 Gbps 9.7 Gbps
IPS Throughput 11 Gbps 13 Gbps 15 Gbps
UTM Throughput 6.7 Gbps 6.7 Gbps Up to 10 Gbps
Concurrent Sessions*
2,000,000 2,600,000 3,500,000
VPN Tunnels
Branch Office VPN Tunnels (Max.) 10,000 10,000 Unrestricted
Mobile VPN with SSL/L2TP (Incl/Max) 15,000 20,000 Unrestricted
Mobile VPN with IPSec Client Licenses (Bundled) 15,000 20,000 Unrestricted
Mobile VPN with IPSec Tunnels (Max.) 15,000 20,000 Unrestricted
VPN Authentication X X X
Optional Centralized (Multibox) Management. Optional licenses enable Drag and Drop VPN and one-touch appliance updates. 4-device WatchGuard System Manager license included with purchase. 5-device bonus pack comes with activation. 4-device WatchGuard System Manager license included with purchase. 5-device bonus pack comes with activation. 4-device WatchGuard System Manager license included with purchase. 5-device bonus pack comes with activation.
Networking Features
Dynamic NAT X X X
Static NAT X X X
One to One NAT X X X
VLAN 2,000 3,000 4,000
Policy-Based Routing X X X
WAN Failover X X X
Multi-WAN Load Balancing X X X
Server Load Balancing X X X
Traffic Management/QoS X X X
High Availability Active/Active or Active/Passive X X X
Dynamic Routing X X X
VoIP (SIP and H.323) Support X X X
Additional Security Subscriptions
Application Control Optional Optional Optional
Data Loss Prevention Optional Optional Optional
Reputation Enabled Defense Optional Optional Optional
spamBlocker with Virus Outbreak Detection Optional Optional Optional
Gateway AntiVirus
Intrusion Prevention Service (IPS)
Optional Optional Optional
WebBlocker with HTTPS URL filtering Optional Optional Optional
LiveSecurity® Service LiveSecurity Plus with 24/7 support included with Security Bundle LiveSecurity Plus with 24/7 support included with Security Bundle LiveSecurity Plus with 24/7 support included with Security Bundle

*Concurrent sessions here represent the number of bi-directional connections.

Throughput rates are determined using multiple flows through multiple ports and will vary depending on environment and configuration.

Options & Upgrades:


Security Subscriptions


Data Loss Prevention (DLP)Data Loss Prevention (DLP)
XTM DLP prevents data breaches by scanning text and common file types to detect sensitive information. A predefined library of over 200 rules for 18 countries makes creating and updating corporate data policies as easy as point and click.


Application ControlApplication Control
Application Control enables IT administrators to monitor and control access to web and business applications to enforce policy, and protect productivity and network bandwidth.


Reputation Enabled DefenseReputation Enabled Defense
Reputation Enabled Defense delivers a powerful, cloud-based URL reputation service that protects web users from malicious web pages, while dramatically improving web processing overhead.
WebBlocker content and URL filtering subscription helps eliminate legal liabilities resulting from inappropriate web surfing, while increasing employee productivity and protection from web-based attacks.
spamBlocker is the best in the industry at distinguishing legitimate communication from spam outbreaks in real time, blocking nearly 100% of unwanted emails and the viral payloads they carry.
Gateway AntiVirusGateway AntiVirus
Gateway AntiVirusis a fully integrated, signature-based security subscription that identifies and blocks known spyware, viruses, trojans, and blended threats in real time.

Intrusion Prevention ServiceIntrusion Prevention Service
Intrusion Prevention Service works hand-in-hand with your WatchGuard firewall's application layer content inspection to provide real-time protection from threats, including SQL injections, cross-site scripting, and buffer overflows.

LiveSecurity ServiceLiveSecurity Service
LiveSecurity Service, a high-value support and maintenance program that you activate online when you register your product. LiveSecurity delivers technical support, hardware warranty with advance hardware replacement, the latest software updates, and threat alerts.


Nhà phân phối chính thức thiết bị Tường Lửa WatchGuard tại Việt Nam