WatchGuard XTM 850 Series Next-Generation Firewall
Best-in-class Network Security
Sorry, this unit has been discontinued and is no longer available for purchase, replace by Firebox M4600. If you currently own this Model, please click here to participate in the WatchGuard Trade-Up Program! You can also purchase available renewals below. End of Sale (EOS): 31 Dec 2018. End of Life (EOL) for the XTM 850 is 31 Dec 2023 - you will not be able receive support after this date even with a 1 Year contract.
WatchGuard XTM 850 Series Overview:
The XTM 800 Series delivers best-in-class network security. These solutions provide up to 14 Gbps firewall throughput and over 5 Gbps throughput with full IPS and antivirus threat protection enabled. The exceptional performance also allows you to integrate functions that previously required separate stand-alone appliances, so your business can securely run at maximum speed and efficiency at a lower cost. And the value doesn't end there. XTM 800 devices include a rich set of tools for maximizing the business value of every dollar spent on Internet connectivity. You define which types of traffic are most important, ensuring that business traffic always wins out over recreational or discretionary traffic. VPN failover, WAN failover, and High Availability features ensure that mission-critical data keeps flowing. Real-time monitoring and rich reporting are included at no additional cost.
Unified security in a BYOD environment
Always know what's happening on your network
Easily manage many appliances
Quick and secure setup
High port density
An investment in your security
3 ways to manage your appliance
- Application-layer content inspection recognizes & blocks threats that stateful packet firewalls cannot detect.
- Powerful subscription-based security services boost protection in critical attack areas for multiple layers of defense. By partnering with leading technology providers, WatchGuard is able to integrate best-of-breed security components into one UTM platform for stronger security at big cost savings.
- –Application Control keeps unproductive, inappropriate, and dangerous applications off-limits.
- –Intrusion Prevention Service (IPS ) delivers in-line protection from malicious exploits, including buffer overflows, SQL injections, and cross-site scripting attacks.
- –WebBlocker controls access to sites that host objectionable material or pose network security risks.
- –Gateway AntiVirus (GAV) scans traffic on all major protocols to stop threats.
- –spamBlocker delivers continuous protection from unwanted and dangerous email.
- –Reputation Enabled Defense ensures faster, safer web surfing with cloud-based reputation look-up.
- –Data Loss Prevention (DLP) automatically inspects data in motion for corporate policy violations.
Easy to Manage
- Interactive, real-time monitoring and reporting – at no additional charge – give an unprecedented view into network security activity so you can take immediate preventive or corrective actions.
- WatchGuard Dimension, a public and private cloud-ready visibility solution, instantly turns raw data into security intelligence.
- Intuitive management console centrally manages all security functions.
- Fast, secure remote configuration and rapid deployment tools make it easy for large distributed enterprises and managed service providers to grow their businesses.
- WAN and VPN failover provide redundancy for increased reliability.
- Extend best-in-class UTM security to the WLAN by adding WatchGuard’s Wireless Access Points.
- Drag-and-drop Branch Office VPN setup – three clicks and your remote office is connected.
Highest UTM Performance in the Industry
- Firewall throughput of up to 14 Gbps to keep traffic moving.
- Best UTM throughput in its class – up to 5.7 Gbps – even with strong security enabled.
- No need to compromise protection for strong performance or vice versa. Multi-layered, interlocking security protects the network while throughput remains high.
- Gigabit Ethernet ports support high-speed LAN backbone infrastructures & gigabit WAN connections.
- Upgrade to a higher model within the line for more performance and capacity with a simple license key.
|XTM 850||XTM 860||XTM 870*|
|Throughput and Connections|
|Firewall throughput**||8 Gbps||11 Gbps||14 Gbps|
|VPN throughput**||8 Gbps||8 Gbps||10 Gbps|
|AV throughput**||4 Gbps||5.5 Gbps||7 Gbps|
|IPS throughput**||5 Gbps||7 Gbps||9 Gbps|
|UTM throughput**||3 Gbps||4 Gbps||5.7 Gbps|
|Interfaces 10/100/1000||14 copper||14 copper||14 copper*|
|I/O interfaces||1 Serial, 2 USB DB-9||1 Serial, 2 USB DB-9||1 Serial, 2 USB DB-9|
|Nodes supported (LAN IPs)||Unrestricted||Unrestricted||Unrestricted|
|New connections per second||70,000||80,000||90,000|
|VLANs (bridging, tagging, routed mode)||750||750||1,000|
|Authenticated users limit||Unrestricted||Unrestricted||Unrestricted|
|Branch Office VPN||5,000||6,000||7,000|
|Mobile VPN IPSec||10,000||12,000||14,000|
|Mobile VPN SSL/L2TP||10,000||12,000||14,000|
|Upgrade Licenses:||to XTM 860, 870||to XTM 870||N/A|
|Firewall||Stateful packet inspection, deep packet inspection, proxy firewall|
|Application Proxies||HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3|
|Threat Protection||Blocks spyware, DoS attacks, fragmented packets, malformed packets, blended threats and more|
|VoIP||H.323. SIP, call setup & session security|
|Security subscriptions||Application Control, Reputation Enabled Defense, WebBlocker, spamBlocker, Gateway AntiVirus, Intrusion Prevention Service (available in the Security Bundle)|
|VPN & Authentication|
|Encryption||DES, 3DES, AES 128-, 192-, 256-bit|
|IPSec||SHA-1, MD5, IKE pre-shared Key, 3rd party cert import|
|L2TP||Works with native OS clients|
|PPTP||Server & Passthrough|
|Single Sign-On||Transparent Active Directory Auth.|
|XAUTH||Radius, LDAP, Windows Active Directory|
|Other User Authentication||VASCO, RSA SecurID, web-based, local|
|Operating System||Fireware XTM Pro|
|IP Address Assignment||Static, DynDNS, PPPoE, DHCP (server, client, relay)|
|Routing||Static, dynamic (BGP4, OSPF, RIP v1/v2), policy-based|
|Link Aggregation||802.3ad dynamic, static, active/backup|
|QoS||8 priority queues, diffserv, modified strict queuing|
|High Availability||Active/passive, active/active with load balancing|
|NAT||Static, dynamic, 1:1, IPSec NAT traversal, policy-based, virtual IP for server load balancing|
|Other Networking||Port independence, multi-WAN failover, multi-WAN load balancing, transparent/drop-in mode|
WatchGuard System Manager (WSM) v.11.7 or higher
4-device base WatchGuard System Manager license included. 5-device bonus pack comes with activation.
|Alarms and Notifications||SNMP v2/v3, Email, Management System Alert|
|Server Support||Logging, Reporting, Quarantine, WebBlocker, Management|
|Web UI||Supports Windows, Mac, Linux, and Solaris OS|
|CLI||Includes direct connect and scripting|
|Product Dimensions||16.5" x 17" x 1.75" (42 x 43 x 4.4 cm)|
|Shipping Dimensions||22" x 22.25" x 5.25" (56 x 56.5 x 13.3 cm)|
|Shipping Weight||20 lbs (9 Kg)|
|AC Power||100-250 VAC autosensing|
|Power Consumption||U.S. 110 Watts (max), 376 BTU/hr (max)|
|Rack Mountable||Yes (1U rack mount)|
|Security||Pending: ICSA Firewall, ICSA VPN, CC EAL4+
|Network||IPv6 Ready Gold (routing)|
|Hazardous Substance Compliance||WEEE, RoHS, REACH|
*XTM 870 is also available with 6 copper and 8 fiber 10/100/1000 interfaces under the model number XTM 870-F.
**Throughput rates are determined using multiple flows through multiple ports and will vary depending on environment and configuration.
|XTM 850||XTM 860||XTM 870*|
|Ideal For||Main offices/headquarters that need strong security and a solution that offers room for growth.||Main offices/headquarters looking for fast throughput and strong security that grows with changing needs.||Main offices/headquarters that need enterprise-grade performance & security|
|Model Upgradeable||to XTM 860, 870||to XTM 870||N/A|
|Interfaces||14: 10/100/1000||14: 10/100/1000||14: 10/100/1000***|
|Application Proxies||HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3, SIP, H.323||HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3, SIP, H.323||HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3, SIP, H.323|
|Intrusion Prevention (DOS, DDOS, PAD, port scanning, spoofing attacks, address space probes, and more)|
|Wireless Models Only||N/A||N/A||N/A|
|User Authentication with transparent Windows authentication|
|Firewall Throughput||8 Gbps||11 Gbps||14 Gbps|
|VPN Throughput||8 Gbps||8 Gbps||10 Gbps|
|AV Throughput||4 Gbps||5.5 Gbps||7 Gbps|
|IPS Throughput||5 Gbps||7 Gbps||9 Gbps|
|UTM Throughput||3 Gbps||4 Gbps||5.7 Gbps|
|Branch Office VPN Tunnels (Max.)||5,000||6,000||7,000|
|Mobile VPN with SSL/L2TP (Incl/Max)||10,000||12,000||14,000|
|Mobile VPN with IPSec Client Licenses (Bundled)||10,000||12,000||14,000|
|Mobile VPN with IPSec Tunnels (Max.)||10,000||12,000||14,000|
|Optional Centralized (Multibox) Management. Optional licenses enable Drag and Drop VPN and one-touch appliance updates.||4-device WatchGuard System Manager license included with purchase. 5-device bonus pack comes with activation.||4-device WatchGuard System Manager license included with purchase. 5-device bonus pack comes with activation.||4-device WatchGuard System Manager license included with purchase. 5-device bonus pack comes with activation.|
|One to One NAT|
|Multi-WAN Load Balancing|
|Server Load Balancing|
|High Availability Active/Active or Active/Passive|
|VoIP (SIP and H.323) Support|
|Additional Security Subscriptions|
|Data Loss Prevention||Optional||Optional||Optional|
|Reputation Enabled Defense||Optional||Optional||Optional|
|spamBlocker with Virus Outbreak Detection||Optional||Optional||Optional|
Intrusion Prevention Service (IPS)
|WebBlocker with HTTPS URL filtering||Optional||Optional||Optional|
|LiveSecurity® Service||LiveSecurity Plus with 24/7 support included with Security Bundle||LiveSecurity Plus with 24/7 support included with Security Bundle||LiveSecurity Plus with 24/7 support included with Security Bundle|
*Concurrent sessions here represent the number of bi-directional connections.
Throughput rates are determined using multiple flows through multiple ports and will vary depending on environment and configuration.
***XTM 870 appliances are available with 6 copper and 8 fiber 10/100/1000 interfaces under the model number XTM 870-F.
Options & Upgrades:
Data Loss Prevention (DLP)
|Reputation Enabled Defense
Reputation Enabled Defense delivers a powerful, cloud-based URL reputation service that protects web users from malicious web pages, while dramatically improving web processing overhead.
WebBlocker content and URL filtering subscription helps eliminate legal liabilities resulting from inappropriate web surfing, while increasing employee productivity and protection from web-based attacks.
spamBlocker is the best in the industry at distinguishing legitimate communication from spam outbreaks in real time, blocking nearly 100% of unwanted emails and the viral payloads they carry.
Gateway AntiVirusis a fully integrated, signature-based security subscription that identifies and blocks known spyware, viruses, trojans, and blended threats in real time.
Intrusion Prevention Service
LiveSecurity Service, a high-value support and maintenance program that you activate online when you register your product. LiveSecurity delivers technical support, hardware warranty with advance hardware replacement, the latest software updates, and threat alerts.
Download the XTM 800 Series Datasheet (PDF).
- Pricing and product availability subject to change without notice.
Our Price: $595.00
Our Price: $85.00