WatchGuard shows new 'XTM' super-firewall

WatchGuard has announced the first of a new line of 'super-firewalls' it claims will greatly extend the security and management features available on today's Unified Threat Management (UTM) appliances.

Dubbed 'XTM' (for eXtensible Threat Management), the first product in the series is the XTM 1050, a sort of super-UTM for the data center which loads a 10Gbps firewall, 2Gbps IPsec packet forwarding, and cryptographic acceleration into a box designed around two standard Intel quad-core processors.

But in what ways is the XTM appliance going to be different from the 'UTM' ones the company has been selling since IDC analyst Charles Kolodgy coined the latter phrase in 2003? Indeed, it turns out that the same analyst came up with the new moniker as well.

The answer is that the XTM firewall is a UTM firewall on steroids, adding a raft of new features to the security mix that would, in rival products, require secondary appliances. That's the principle anyway.

The XTM 1050's news is that it can see inside https packets - these are normally invisible to firewalls - in the form of built-in proxying. It also comes with VoIP security proxies for SIP and H.323, and uses port obfuscation to keep such traffic secure from the theoretical hacks that have afflicted the latter technology in the last year. Neither feature could commonly be found in firewalls, UTM or not.

The basic 1050 has 12 Gigabit Ethernet ports, but 4 of these can be upgraded to accommodate fiber. Other 'extensible' features include multi-WAN load balancing, the ability to cluster two 1050s together as a single logical unit, with WAN and VPN failover and QoS for packet shaping.

"WatchGuard believes that the UTM industry is at an inflection point, and that the current state of UTM appliances is insufficient to fully address these factors. Therefore, what business and technical decision makers will need is the next generation of UTM - XTM, or extensible threat management solutions," said WatchGuard in a white paper it has put out on the XTM idea.

"By making network security extensible, WatchGuard takes an unequalled position in the industry. The XTM 1050 embodies our vision of bringing extensible protection and networking in one high-performance, easy to manage and easy to own appliance," said the company's Eric Aarrestad, reinforcing the marketing push.

The key to XTM is probably not that different to what drove the whole UTM movement - mainstream processing architectures and custom ASIC chips have just become so much more powerful relative to cost. Where separate units would have once have been essential, now running several processor-consuming capabilities on one appliance is not so far-fetched. It also makes sense in certain networks to load security, management and traffic shaping into as few physical appliances as possible.

The WatchGuard XTM 1050 will be available in Q4 at a price that has yet to be confirmed.