Mr. Tuấn Anh
Mr. Hoàng Ân
Mr. Tuấn Anh
The XTM 2520 is a powerhouse. High-performance 35 Gbps firewall throughput combines with strong protection, flexible management, and a multitude of connectivity options to deliver the ultimate enterprise-grade network security solution. The 2520 delivers unparalleled visibility into real-time and historical user, network, and security activities. This allows businesses to easily define, enforce, and audit strong security and acceptable use policies, resulting in increased employee productivity and less risk to critical intellectual property and customer data. VPN failover, WAN failover, and High Availability features ensure that mission-critical data keeps flowing. Real-time monitoring and rich reporting are included at no additional cost.
Up to 35 Gbps firewall throughput, 10 Gbps VPN throughput, and a jaw-dropping 15 Gbps throughput with full IPS and antivirus threat protection enabled. No one in the network security industry can top that number!
|Unified security in a BYOD environment
Open the door to limitless productivity with tools to connect your people securely, even when they use personal devices like iPads and Androids. Anywhere, anytime secure access is today's greatest competitive edge.
|Always know what's happening on your network
Pinpoint significant network activities to take immediate corrective or diagnostic actions directly from the interactive, real-time monitoring. All logging and reporting functions also included with purchase.
|Easily manage many appliances
Distributed organizations and MSSPs will especially appreciate the intuitive tools that support policy creation, management, and enforcement across multiple locations.
Best-in-class security services boost protection in critical attack areas, including gateway AV, URL and web content filtering, intrusion prevention, app control, spam blocking.
|High port density
Twelve 1-Gigabit Ethernet ports and four 10G SFP+ support high-speed LAN backbone infrastructures, as well as gigabit WAN connections.
|Quick and secure setup
Take advantage of innovative features like drag-and-drop VPN creation and RapidDeploy technology to make fast work of extending your network.
WatchGuard's advanced OS provides active/active high availability with load balancing, dynamic routing, VLAN support, and multi-WAN failover to ensure reliability.
Control the use of Web 2.0 and other applications on your network for tighter security, better use of bandwidth, and greater productivity.
|3 ways to manage your appliance
Choose how you manage your WatchGuard appliance, using WatchGuard System Manager, the command line interface, and a web UI for access from anywhere.
|XTM 2520 Next-Generation Firewall Detailed Specs|
|Firewall||Stateful Packet Inspection, Deep Application Inspection, Proxy Firewall|
|Application Proxies||HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3, SIP, H.323|
|Threat Protection||Blocks spyware, DoS attacks, fragmented & malformed packets, blended threats & more|
|VoIP||H.323. SIP, Call Setup and Session Security|
|Application Control||Available with NGFW Bundle and Security Bundle|
|Intrusion Prevention Service||Available with NGFW Bundle and Security Bundle|
|Gateway AntiVirus||Available with Security Bundle|
|Reputation Enabled Defense||Available with Security Bundle|
|spamBlocker||Available with Security Bundle|
|WebBlocker||Available with Security Bundle|
|VPN & Authentication|
|Encryption||DES, 3DES, AES 128-, 192-, 256-bit|
|IPSec||SHA-1, MD5, IKE pre-shared key, 3rd party cert|
|L2TP||Works with native OS clients|
|PPTP||Server & Passthrough|
|Single Sign-On||Transparent Active Directory Auth.|
|XAUTH||Radius, LDAP, Secure LDAP, Windows Active Directory|
|Other User Authentication||VASCO, RSA SecurID, Web-based, Local, Microsoft Terminal Services and Citrix|
|Firewall Throughput*||35 Gbps|
|VPN Throughput*||10 Gbps|
|AV Throughput*||9.7 Gbps|
|IPS Throughput*||15 Gbps|
|UTM Throughput*||Up to 10 Gbps|
|Concurrent Sessions (bi-directional)||3,500,000|
|New Connections per Second||135,000|
|Nodes Supported (LAN IPs)||
|MUVPN Tunnels (IPSec/SSL/L2TP)||Unrestricted|
|Operating System||Fireware® XTM Pro|
|IP Address Assignment||Static, DynDNS, PPPoE, DHCP (Server, Client, Relay)|
|Routing||Static, dynamic (BGP4, OSPF, RIP v1/v2), Policy-based|
|Link Aggregation||802.3ad dynamic, static, active/backup|
|QoS||8 priority queues, diff serv, modified strict queuing|
|VLAN Support||4,000 VLANs: bridging, tagging, routed mode|
|High Availability||Active/Passive, Active/Active with load balancing|
|NAT||Static, dynamic, 1:1, IPSec NAT traversal, Policy-based NAT, Virtual IP|
|Other Networking||Port independence, WAN failover, load balancing, transparent/drop-in mode|
WatchGuard System Manager v11.7 or higher
4-device WatchGuard System Manager license included with purchase. 5-device bonus pack comes with activation.
|Alarms and Notifications||SNMP v2/v3, Email, Mgmt. System Alert|
|Server Support||Logging, Reporting, Quarantine, WebBlocker, Management|
|Web UI||Supports Windows, Mac, Linux, and Solaris OS with most common browsers|
|CLI||Includes direct connect and scripting|
4: 10G SFP+ Fiber
|Other Ports||1 Serial, 2 USB|
|Product Dimensions||22" x 17" x 1.75" (56 x 43 x 4.4 cm)|
|Shipping Dimensions||28.5" x 21" x 5" (72 x 53 x 13 cm)|
|Weight||36 lbs. (16 kg)|
|AC Power||100-250 VAC Autosensing|
|Hot-Swap Power Supplies||2 redundant field-replaceable power supplies with integrated fan|
|Power Consumption||U.S. 130 Watts (max), 444 BTU/hr (max)|
|Rack Mountable||1U rack mount kit with slide rack rail|
|Security Certifications||Pending: ICSA Firewall, ICSA VPN, CC EAL4+
Review Pending: FIPS 140-2
|Network Certifications||IPv6 Ready Gold (routing)|
|Safety Certifications||NRTL/C, CB|
*Throughput rates are determined using multiple flows through multiple ports and will vary depending on environment and configuration.
|WatchGuard® Model||XTM 1520-RP||XTM 1525-RP||XTM 2520|
|Ideal For||Main offices/headquarters that need strong security and a solution that offers room for growth.||Main offices/headquarters looking for fast throughput and strong security that grows with changing needs.||Main offices/headquarters that need enterprise-grade performance & security|
|Interfaces||14: 10/100/1000||6: 10/100/1000
4: 10G SFP+
4: 10G SFP+
|Application Proxies||HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3, SIP, H.323||HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3, SIP, H.323||HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3, SIP, H.323|
|Intrusion Prevention (DOS, DDOS, PAD, port scanning, spoofing attacks, address space probes, and more)|
|Wireless Models Only||N/A||N/A||N/A|
|User Authentication with transparent Windows authentication|
|Firewall Throughput||14 Gbps||25 Gbps||35 Gbps|
|VPN Throughput||10 Gbps||10 Gbps||10 Gbps|
|AV Throughput||8 Gbps||9 Gbps||9.7 Gbps|
|IPS Throughput||11 Gbps||13 Gbps||15 Gbps|
|UTM Throughput||6.7 Gbps||6.7 Gbps||Up to 10 Gbps|
|Branch Office VPN Tunnels (Max.)||10,000||10,000||Unrestricted|
|Mobile VPN with SSL/L2TP (Incl/Max)||15,000||20,000||Unrestricted|
|Mobile VPN with IPSec Client Licenses (Bundled)||15,000||20,000||Unrestricted|
|Mobile VPN with IPSec Tunnels (Max.)||15,000||20,000||Unrestricted|
|Optional Centralized (Multibox) Management. Optional licenses enable Drag and Drop VPN and one-touch appliance updates.||4-device WatchGuard System Manager license included with purchase. 5-device bonus pack comes with activation.||4-device WatchGuard System Manager license included with purchase. 5-device bonus pack comes with activation.|
|One to One NAT|
|Multi-WAN Load Balancing|
|Server Load Balancing|
|High Availability Active/Active or Active/Passive|
|VoIP (SIP and H.323) Support|
|Additional Security Subscriptions|
|Data Loss Prevention||Optional||Optional||Optional|
|Reputation Enabled Defense||Optional||Optional||Optional|
|spamBlocker with Virus Outbreak Detection||Optional||Optional||Optional|
Intrusion Prevention Service (IPS)
|WebBlocker with HTTPS URL filtering||Optional||Optional||Optional|
|LiveSecurity® Service||LiveSecurity Plus with 24/7 support included with Security Bundle||LiveSecurity Plus with 24/7 support included with Security Bundle||LiveSecurity Plus with 24/7 support included with Security Bundle|
*Concurrent sessions here represent the number of bi-directional connections.
Throughput rates are determined using multiple flows through multiple ports and will vary depending on environment and configuration.
Data Loss Prevention (DLP)
|Reputation Enabled Defense
Reputation Enabled Defense delivers a powerful, cloud-based URL reputation service that protects web users from malicious web pages, while dramatically improving web processing overhead.
WebBlocker content and URL filtering subscription helps eliminate legal liabilities resulting from inappropriate web surfing, while increasing employee productivity and protection from web-based attacks.
spamBlocker is the best in the industry at distinguishing legitimate communication from spam outbreaks in real time, blocking nearly 100% of unwanted emails and the viral payloads they carry.
Gateway AntiVirusis a fully integrated, signature-based security subscription that identifies and blocks known spyware, viruses, trojans, and blended threats in real time.
Intrusion Prevention Service
LiveSecurity Service, a high-value support and maintenance program that you activate online when you register your product. LiveSecurity delivers technical support, hardware warranty with advance hardware replacement, the latest software updates, and threat alerts.