Free Consultant
Sales HCM - Hà Nội
Hỗ trợ kỹ thuật

WatchGuard XTM 860

Best-in-class Network Security

WatchGuard XTM 860

WatchGuard XTM 860 Series Overview:

The XTM 800 Series delivers best-in-class network security.These solutions provide up to 14 Gbps firewall throughput and over 5 Gbps throughput with full IPS and antivirus threat protection enabled. The exceptional performance also allows you to integrate functions that previously required separate stand-alone appliances, so your business can securely run at maximum speed and efficiency at a lower cost. And the value doesn't end there. XTM 800 devices include a rich set of tools for maximizing the business value of every dollar spent on Internet connectivity. You define which types of traffic are most important, ensuring that business traffic always wins out over recreational or discretionary traffic. VPN failover, WAN failover, and High Availability features ensure that mission-critical data keeps flowing. Real-time monitoring and rich reporting are included at no additional cost.

Outstanding performanceOutstanding performance
XTM 800 Series devices have screaming-fast throughput, even when optional security subscriptions are enabled. And those are the numbers that really count!

Unified security in a BYOD environmentUnified security in a BYOD environment
Open the door to limitless productivity with tools to connect your people securely, even when they use personal devices like iPads and Androids. Anywhere, anytime secure access is today's greatest competitive edge.

Always know what's happening on your networkAlways know what's happening on your network
Pinpoint significant network activities to take immediate corrective or diagnostic actions directly from the interactive, real-time monitoring. Nobody provides better network visibility than WatchGuard.

Easily manage many appliancesEasily manage many appliances
Distributed organizations and MSSPs will especially appreciate the intuitive tools that support policy creation, management, and enforcement across multiple locations.

Comprehensive protectionComprehensive protection
Best-in-class security services boost protection in critical attack areas, including gateway AV, URL and web content filtering, intrusion prevention, app control, spam blocking.

Quick and secure setupQuick and secure setup
Take advantage of innovative features like drag-and-drop VPN creation and RapidDeploy technology to make fast work of extending your network.

High port densityHigh port density
Fourteen 1Gb Ethernet ports support high-speed LAN backbone infrastructures, as well as gigabit WAN connections. Need fiber support? XTM 870-F includes eight 1Gb fiber ports.

An investment in your securityAn investment in your security
Model upgradability ensures your network security investment is protected with the ability to easily upgrade its performance, capacity, and security capabilities as business requirements change and new threats emerge.

Advanced NetworkingAdvanced Networking
WatchGuard's advanced OS provides active/active high availability with load balancing, dynamic routing, VLAN support, and multi-WAN failover to ensure reliability.

Application ControlApplication Control
Control the use of Web 2.0 and other applications on your network for tighter security, better use of bandwidth, and greater productivity.

3 ways to manage your appliance3 ways to manage your appliance
Choose how you manage your WatchGuard appliance, using WatchGuard System Manager, the command line interface, and a web UI for access from anywhere.



Best-of-Breed Security

  • Application-layer content inspection recognizes & blocks threats that stateful packet firewalls cannot detect.
  • Powerful subscription-based security services boost protection in critical attack areas for multiple layers of defense. By partnering with leading technology providers, WatchGuard is able to integrate best-of-breed security components into one UTM platform for stronger security at big cost savings.
    • –Application Control keeps unproductive, inappropriate, and dangerous applications off-limits.
    • –Intrusion Prevention Service (IPS ) delivers in-line protection from malicious exploits, including buffer overflows, SQL injections, and cross-site scripting attacks.
    • –WebBlocker controls access to sites that host objectionable material or pose network security risks.
    • –Gateway AntiVirus (GAV) scans traffic on all major protocols to stop threats.
    • –spamBlocker delivers continuous protection from unwanted and dangerous email.
    • –Reputation Enabled Defense ensures faster, safer web surfing with cloud-based reputation look-up.
    • –Data Loss Prevention (DLP) automatically inspects data in motion for corporate policy violations.
  • Advanced networking features, such as dynamic routing and link aggregation, allow you to add security without needing to change existing network infrastructure.
  • Multiple VPN choices (IPSec, SSL, L2TP) for secure remote access include support for Android and Apple iOS devices.

Easy to Manage

  • Interactive, real-time monitoring and reporting – at no additional charge – give an unprecedented view into network security activity so you can take immediate preventive or corrective actions.
  • WatchGuard Dimension, a public and private cloud-ready visibility solution, instantly turns raw data into security intelligence.
  • Intuitive management console centrally manages all security functions.
  • Fast, secure remote configuration and rapid deployment tools make it easy for large distributed enterprises and managed service providers to grow their businesses.
  • WAN and VPN failover provide redundancy for increased reliability.
  • Extend best-in-class UTM security to the WLAN by adding WatchGuard’s Wireless Access Points.
  • Drag-and-drop Branch Office VPN setup – three clicks and your remote office is connected.

Highest UTM Performance in the Industry

  • Firewall throughput of up to 14 Gbps to keep traffic moving.
  • Best UTM throughput in its class – up to 5.7 Gbps – even with strong security enabled.
  • No need to compromise protection for strong performance or vice versa. Multi-layered, interlocking security protects the network while throughput remains high.
  • Gigabit Ethernet ports support high-speed LAN backbone infrastructures & gigabit WAN connections.
  • Upgrade to a higher model within the line for more performance and capacity with a simple license key.


  XTM 850 XTM 860 XTM 870*
Throughput and Connections
Firewall throughput** 8 Gbps 11 Gbps 14 Gbps
VPN throughput** 8 Gbps 8 Gbps 10 Gbps
AV throughput** 4 Gbps 5.5 Gbps 7 Gbps
IPS throughput** 5 Gbps 7 Gbps 9 Gbps
UTM throughput** 3 Gbps 4 Gbps 5.7 Gbps
Interfaces 10/100/1000 14 copper 14 copper 14 copper*
I/O interfaces 1 Serial, 2 USB DB-9 1 Serial, 2 USB DB-9 1 Serial, 2 USB DB-9
Nodes supported (LAN IPs) Unrestricted Unrestricted Unrestricted
Concurrent sessions
5,000,000 7,000,000 9,000,000
New connections per second 70,000 80,000 90,000
VLANs (bridging, tagging, routed mode) 750 750 1,000
Authenticated users limit Unrestricted Unrestricted Unrestricted
VPN tunnels
Branch Office VPN 5,000 6,000 7,000
Mobile VPN IPSec 10,000 12,000 14,000
Mobile VPN SSL/L2TP 10,000 12,000 14,000
PPTP 50 50 50
Model Upgradeable
Upgrade Licenses: to XTM 860, 870 to XTM 870 N/A
Firewall Stateful packet inspection, deep packet inspection, proxy firewall
Application Proxies HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3
Threat Protection Blocks spyware, DoS attacks, fragmented packets, malformed packets, blended threats and more
VoIP H.323. SIP, call setup & session security
Security subscriptions Application Control, Reputation Enabled Defense, WebBlocker, spamBlocker, Gateway AntiVirus, Intrusion Prevention Service (available in the Security Bundle)
VPN & Authentication
Encryption DES, 3DES, AES 128-, 192-, 256-bit
IPSec SHA-1, MD5, IKE pre-shared Key, 3rd party cert import
SSL Thin client
L2TP Works with native OS clients
PPTP Server & Passthrough
VPN Failover Yes
Single Sign-On Transparent Active Directory Auth.
XAUTH Radius, LDAP, Windows Active Directory
Other User Authentication VASCO, RSA SecurID, web-based, local
Operating System Fireware XTM Pro
IP Address Assignment Static, DynDNS, PPPoE, DHCP (server, client, relay)
Routing Static, dynamic (BGP4, OSPF, RIP v1/v2), policy-based
Link Aggregation 802.3ad dynamic, static, active/backup
QoS 8 priority queues, diffserv, modified strict queuing
High Availability Active/passive, active/active with load balancing
NAT Static, dynamic, 1:1, IPSec NAT traversal, policy-based, virtual IP for server load balancing
Other Networking Port independence, multi-WAN failover, multi-WAN load balancing, transparent/drop-in mode
Management Platform

WatchGuard System Manager (WSM) v.11.7 or higher

4-device base WatchGuard System Manager license included. 5-device bonus pack comes with activation.

Alarms and Notifications SNMP v2/v3, Email, Management System Alert
Server Support Logging, Reporting, Quarantine, WebBlocker, Management
Web UI Supports Windows, Mac, Linux, and Solaris OS
CLI Includes direct connect and scripting
Product Dimensions 16.5" x 17" x 1.75" (42 x 43 x 4.4 cm)
Shipping Dimensions 22" x 22.25" x 5.25" (56 x 56.5 x 13.3 cm)
Shipping Weight 20 lbs (9 Kg)
AC Power 100-250 VAC autosensing
Power Consumption U.S. 110 Watts (max), 376 BTU/hr (max)
Rack Mountable Yes (1U rack mount)
Security Pending: ICSA Firewall, ICSA VPN, CC EAL4+
FIPS 140-2
Network IPv6 Ready Gold (routing)
Safety NRTL/C, CB
Hazardous Substance Compliance WEEE, RoHS, REACH
*XTM 870 is also available with 6 copper and 8 fiber 10/100/1000 interfaces under the model number XTM 870-F.

**Throughput rates are determined using multiple flows through multiple ports and will vary depending on environment and configuration.

Product Comparison:

  XTM 850 XTM 860 XTM 870*
Ideal For Main offices/headquarters that need strong security and a solution that offers room for growth. Main offices/headquarters looking for fast throughput and strong security that grows with changing needs. Main offices/headquarters that need enterprise-grade performance & security
Model Upgradeable to XTM 860, 870 to XTM 870 N/A
Interfaces 14: 10/100/1000 14: 10/100/1000 14: 10/100/1000***
Intrusion Prevention (DOS, DDOS, PAD, port scanning, spoofing attacks, address space probes, and more) X X X
Wireless Models Only N/A N/A N/A
User Authentication with transparent Windows authentication X X X
Firewall Throughput 8 Gbps 11 Gbps 14 Gbps
VPN Throughput 8 Gbps 8 Gbps 10 Gbps
AV Throughput 4 Gbps 5.5 Gbps 7 Gbps
IPS Throughput 5 Gbps 7 Gbps 9 Gbps
UTM Throughput 3 Gbps 4 Gbps 5.7 Gbps
Concurrent Sessions*
5,000,000 7,000,000 9,000,000
VPN Tunnels
Branch Office VPN Tunnels (Max.) 5,000 6,000 7,000
Mobile VPN with SSL/L2TP (Incl/Max) 10,000 12,000 14,000
Mobile VPN with IPSec Client Licenses (Bundled) 10,000 12,000 14,000
Mobile VPN with IPSec Tunnels (Max.) 10,000 12,000 14,000
VPN Authentication X X X
Optional Centralized (Multibox) Management. Optional licenses enable Drag and Drop VPN and one-touch appliance updates. 4-device WatchGuard System Manager license included with purchase. 5-device bonus pack comes with activation. 4-device WatchGuard System Manager license included with purchase. 5-device bonus pack comes with activation. 4-device WatchGuard System Manager license included with purchase. 5-device bonus pack comes with activation.
Networking Features
Dynamic NAT X X X
Static NAT X X X
One to One NAT X X X
VLAN 750 750 1,000
Policy-Based Routing X X X
WAN Failover X X X
Multi-WAN Load Balancing X X X
Server Load Balancing X X X
Traffic Management/QoS X X X
High Availability Active/Active or Active/Passive X X X
Dynamic Routing X X X
VoIP (SIP and H.323) Support X X X
Additional Security Subscriptions
Application Control Optional Optional Optional
Data Loss Prevention Optional Optional Optional
Reputation Enabled Defense Optional Optional Optional
spamBlocker with Virus Outbreak Detection Optional Optional Optional
Gateway AntiVirus
Intrusion Prevention Service (IPS)
Optional Optional Optional
WebBlocker with HTTPS URL filtering Optional Optional Optional
LiveSecurity® Service LiveSecurity Plus with 24/7 support included with Security Bundle LiveSecurity Plus with 24/7 support included with Security Bundle LiveSecurity Plus with 24/7 support included with Security Bundle
*Concurrent sessions here represent the number of bi-directional connections.

Throughput rates are determined using multiple flows through multiple ports and will vary depending on environment and configuration.

***XTM 870 appliances are available with 6 copper and 8 fiber 10/100/1000 interfaces under the model number XTM 870-F.

Options & Upgrades:


Security Subscriptions


Data Loss Prevention (DLP)Data Loss Prevention (DLP)
XTM DLP prevents data breaches by scanning text and common file types to detect sensitive information. A predefined library of over 200 rules for 18 countries makes creating and updating corporate data policies as easy as point and click.


Application ControlApplication Control
Application Control enables IT administrators to monitor and control access to web and business applications to enforce policy, and protect productivity and network bandwidth.


Reputation Enabled DefenseReputation Enabled Defense
Reputation Enabled Defense delivers a powerful, cloud-based URL reputation service that protects web users from malicious web pages, while dramatically improving web processing overhead.
WebBlocker content and URL filtering subscription helps eliminate legal liabilities resulting from inappropriate web surfing, while increasing employee productivity and protection from web-based attacks.
spamBlocker is the best in the industry at distinguishing legitimate communication from spam outbreaks in real time, blocking nearly 100% of unwanted emails and the viral payloads they carry.
Gateway AntiVirusGateway AntiVirus
Gateway AntiVirusis a fully integrated, signature-based security subscription that identifies and blocks known spyware, viruses, trojans, and blended threats in real time.

Intrusion Prevention ServiceIntrusion Prevention Service
Intrusion Prevention Service works hand-in-hand with your WatchGuard firewall's application layer content inspection to provide real-time protection from threats, including SQL injections, cross-site scripting, and buffer overflows.

LiveSecurity ServiceLiveSecurity Service
LiveSecurity Service, a high-value support and maintenance program that you activate online when you register your product. LiveSecurity delivers technical support, hardware warranty with advance hardware replacement, the latest software updates, and threat alerts.


Nhà phân phối chính thức thiết bị Tường Lửa WatchGuard tại Việt Nam