WatchGuard XTM 850 Series Next-Generation Firewall
Best-in-class Network Security

WatchGuard XTM 850 Series Overview:

The XTM 800 Series delivers best-in-class network security. These solutions provide up to 14 Gbps firewall throughput and over 5 Gbps throughput with full IPS and antivirus threat protection enabled. The exceptional performance also allows you to integrate functions that previously required separate stand-alone appliances, so your business can securely run at maximum speed and efficiency at a lower cost. And the value doesn't end there. XTM 800 devices include a rich set of tools for maximizing the business value of every dollar spent on Internet connectivity. You define which types of traffic are most important, ensuring that business traffic always wins out over recreational or discretionary traffic. VPN failover, WAN failover, and High Availability features ensure that mission-critical data keeps flowing. Real-time monitoring and rich reporting are included at no additional cost.

Outstanding performance XTM 800 Series devices have screaming-fast throughput, even when optional security subscriptions are enabled. And those are the numbers that really count!	Unified security in a BYOD environment Open the door to limitless productivity with tools to connect your people securely, even when they use personal devices like iPads and Androids. Anywhere, anytime secure access is today's greatest competitive edge.
Always know what's happening on your network Pinpoint significant network activities to take immediate corrective or diagnostic actions directly from the interactive, real-time monitoring. Nobody provides better network visibility than WatchGuard.	Easily manage many appliances Distributed organizations and MSSPs will especially appreciate the intuitive tools that support policy creation, management, and enforcement across multiple locations.
Comprehensive protection Best-in-class security services boost protection in critical attack areas, including gateway AV, URL and web content filtering, intrusion prevention, app control, spam blocking.	Quick and secure setup Take advantage of innovative features like drag-and-drop VPN creation and RapidDeploy technology to make fast work of extending your network.
High port density Fourteen 1Gb Ethernet ports support high-speed LAN backbone infrastructures, as well as gigabit WAN connections. Need fiber support? XTM 870-F includes eight 1Gb fiber ports.	An investment in your security Model upgradability ensures your network security investment is protected with the ability to easily upgrade its performance, capacity, and security capabilities as business requirements change and new threats emerge.
Advanced Networking WatchGuard's advanced OS provides active/active high availability with load balancing, dynamic routing, VLAN support, and multi-WAN failover to ensure reliability.	Application Control Control the use of Web 2.0 and other applications on your network for tighter security, better use of bandwidth, and greater productivity.
3 ways to manage your appliance Choose how you manage your WatchGuard appliance, using WatchGuard System Manager, the command line interface, and a web UI for access from anywhere.

Features:

Best-of-Breed Security

• Application-layer content inspection recognizes & blocks threats that stateful packet firewalls cannot detect.
• Powerful subscription-based security services boost protection in critical attack areas for multiple layers of defense. By partnering with leading technology providers, WatchGuard is able to integrate best-of-breed security components into one UTM platform for stronger security at big cost savings.
• –Application Control keeps unproductive, inappropriate, and dangerous applications off-limits.
• –Intrusion Prevention Service (IPS ) delivers in-line protection from malicious exploits, including buffer overflows, SQL injections, and cross-site scripting attacks.
• –WebBlocker controls access to sites that host objectionable material or pose network security risks.
• –Gateway AntiVirus (GAV) scans traffic on all major protocols to stop threats.
• –spamBlocker delivers continuous protection from unwanted and dangerous email.
• –Reputation Enabled Defense ensures faster, safer web surfing with cloud-based reputation look-up.
• –Data Loss Prevention (DLP) automatically inspects data in motion for corporate policy violations.

Advanced networking features, such as dynamic routing and link aggregation, allow you to add security without needing to change existing network infrastructure.

Multiple VPN choices (IPSec, SSL, L2TP) for secure remote access include support for Android and Apple iOS devices.

Easy to Manage

• Interactive, real-time monitoring and reporting – at no additional charge – give an unprecedented view into network security activity so you can take immediate preventive or corrective actions.
• WatchGuard Dimension, a public and private cloud-ready visibility solution, instantly turns raw data into security intelligence.
• Intuitive management console centrally manages all security functions.
• Fast, secure remote configuration and rapid deployment tools make it easy for large distributed enterprises and managed service providers to grow their businesses.
• WAN and VPN failover provide redundancy for increased reliability.
• Extend best-in-class UTM security to the WLAN by adding WatchGuard’s Wireless Access Points.
• Drag-and-drop Branch Office VPN setup – three clicks and your remote office is connected.

Highest UTM Performance in the Industry

• Firewall throughput of up to 14 Gbps to keep traffic moving.
• Best UTM throughput in its class – up to 5.7 Gbps – even with strong security enabled.
• No need to compromise protection for strong performance or vice versa. Multi-layered, interlocking security protects the network while throughput remains high.
• Gigabit Ethernet ports support high-speed LAN backbone infrastructures & gigabit WAN connections.
• Upgrade to a higher model within the line for more performance and capacity with a simple license key.

Specifications:

	XTM 850	XTM 860	XTM 870*
Throughput and Connections
Firewall throughput**	8 Gbps	11 Gbps	14 Gbps
VPN throughput**	8 Gbps	8 Gbps	10 Gbps
AV throughput**	4 Gbps	5.5 Gbps	7 Gbps
IPS throughput**	5 Gbps	7 Gbps	9 Gbps
UTM throughput**	3 Gbps	4 Gbps	5.7 Gbps
Interfaces 10/100/1000	14 copper	14 copper	14 copper*
I/O interfaces	1 Serial, 2 USB DB-9	1 Serial, 2 USB DB-9	1 Serial, 2 USB DB-9
Nodes supported (LAN IPs)	Unrestricted	Unrestricted	Unrestricted
Concurrent sessions (bi-directional)	5,000,000	7,000,000	9,000,000
New connections per second	70,000	80,000	90,000
VLANs (bridging, tagging, routed mode)	750	750	1,000
Authenticated users limit	Unrestricted	Unrestricted	Unrestricted
VPN tunnels
Branch Office VPN	5,000	6,000	7,000
Mobile VPN IPSec	10,000	12,000	14,000
Mobile VPN SSL/L2TP	10,000	12,000	14,000
PPTP	50	50	50
Model Upgradeable
Upgrade Licenses:	to XTM 860, 870	to XTM 870	N/A
Security
Firewall	Stateful packet inspection, deep packet inspection, proxy firewall
Application Proxies	HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3
Threat Protection	Blocks spyware, DoS attacks, fragmented packets, malformed packets, blended threats and more
VoIP	H.323. SIP, call setup & session security
Security subscriptions	Application Control, Reputation Enabled Defense, WebBlocker, spamBlocker, Gateway AntiVirus, Intrusion Prevention Service (available in the Security Bundle)
VPN & Authentication
Encryption	DES, 3DES, AES 128-, 192-, 256-bit
IPSec	SHA-1, MD5, IKE pre-shared Key, 3rd party cert import
SSL	Thin client
L2TP	Works with native OS clients
PPTP	Server & Passthrough
VPN Failover	Yes
Single Sign-On	Transparent Active Directory Auth.
XAUTH	Radius, LDAP, Windows Active Directory
Other User Authentication	VASCO, RSA SecurID, web-based, local
Networking
Operating System	Fireware XTM Pro
IP Address Assignment	Static, DynDNS, PPPoE, DHCP (server, client, relay)
Routing	Static, dynamic (BGP4, OSPF, RIP v1/v2), policy-based
Link Aggregation	802.3ad dynamic, static, active/backup
QoS	8 priority queues, diffserv, modified strict queuing
High Availability	Active/passive, active/active with load balancing
NAT	Static, dynamic, 1:1, IPSec NAT traversal, policy-based, virtual IP for server load balancing
Other Networking	Port independence, multi-WAN failover, multi-WAN load balancing, transparent/drop-in mode
Management
Management Platform	WatchGuard System Manager (WSM) v.11.7 or higher 4-device base WatchGuard System Manager license included. 5-device bonus pack comes with activation.
Alarms and Notifications	SNMP v2/v3, Email, Management System Alert
Server Support	Logging, Reporting, Quarantine, WebBlocker, Management
Web UI	Supports Windows, Mac, Linux, and Solaris OS
CLI	Includes direct connect and scripting
Hardware
Product Dimensions	16.5" x 17" x 1.75" (42 x 43 x 4.4 cm)
Shipping Dimensions	22" x 22.25" x 5.25" (56 x 56.5 x 13.3 cm)
Shipping Weight	20 lbs (9 Kg)
AC Power	100-250 VAC autosensing
Power Consumption	U.S. 110 Watts (max), 376 BTU/hr (max)
Rack Mountable	Yes (1U rack mount)
Certifications
Security	Pending: ICSA Firewall, ICSA VPN, CC EAL4+ FIPS 140-2
Network	IPv6 Ready Gold (routing)
Safety	NRTL/C, CB
Hazardous Substance Compliance	WEEE, RoHS, REACH

*XTM 870 is also available with 6 copper and 8 fiber 10/100/1000 interfaces under the model number XTM 870-F.

**Throughput rates are determined using multiple flows through multiple ports and will vary depending on environment and configuration.

Product Comparison:

	XTM 850	XTM 860	XTM 870*
Ideal For	Main offices/headquarters that need strong security and a solution that offers room for growth.	Main offices/headquarters looking for fast throughput and strong security that grows with changing needs.	Main offices/headquarters that need enterprise-grade performance & security
Hardware
Model Upgradeable	to XTM 860, 870	to XTM 870	N/A
Interfaces	14: 10/100/1000	14: 10/100/1000	14: 10/100/1000***
Security
Application Proxies	HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3, SIP, H.323	HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3, SIP, H.323	HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3, SIP, H.323
Intrusion Prevention (DOS, DDOS, PAD, port scanning, spoofing attacks, address space probes, and more)
Wireless Models Only	N/A	N/A	N/A
User Authentication with transparent Windows authentication
Performance
Firewall Throughput	8 Gbps	11 Gbps	14 Gbps
VPN Throughput	8 Gbps	8 Gbps	10 Gbps
AV Throughput	4 Gbps	5.5 Gbps	7 Gbps
IPS Throughput	5 Gbps	7 Gbps	9 Gbps
UTM Throughput	3 Gbps	4 Gbps	5.7 Gbps
Concurrent Sessions* (bi-directional)	5,000,000	7,000,000	9,000,000
VPN Tunnels
Branch Office VPN Tunnels (Max.)	5,000	6,000	7,000
Mobile VPN with SSL/L2TP (Incl/Max)	10,000	12,000	14,000
Mobile VPN with IPSec Client Licenses (Bundled)	10,000	12,000	14,000
Mobile VPN with IPSec Tunnels (Max.)	10,000	12,000	14,000
VPN Authentication
Management
Optional Centralized (Multibox) Management. Optional licenses enable Drag and Drop VPN and one-touch appliance updates.	4-device WatchGuard System Manager license included with purchase. 5-device bonus pack comes with activation.	4-device WatchGuard System Manager license included with purchase. 5-device bonus pack comes with activation.	4-device WatchGuard System Manager license included with purchase. 5-device bonus pack comes with activation.
Networking Features
Dynamic NAT
Static NAT
One to One NAT
VLAN	750	750	1,000
Policy-Based Routing
WAN Failover
Multi-WAN Load Balancing
Server Load Balancing
Traffic Management/QoS
High Availability Active/Active or Active/Passive
Dynamic Routing
VoIP (SIP and H.323) Support
Additional Security Subscriptions
Application Control	Optional	Optional	Optional
Data Loss Prevention	Optional	Optional	Optional
Reputation Enabled Defense	Optional	Optional	Optional
spamBlocker with Virus Outbreak Detection	Optional	Optional	Optional
Gateway AntiVirus/ Intrusion Prevention Service (IPS)	Optional	Optional	Optional
WebBlocker with HTTPS URL filtering	Optional	Optional	Optional
LiveSecurity® Service	LiveSecurity Plus with 24/7 support included with Security Bundle	LiveSecurity Plus with 24/7 support included with Security Bundle	LiveSecurity Plus with 24/7 support included with Security Bundle

*Concurrent sessions here represent the number of bi-directional connections.

Throughput rates are determined using multiple flows through multiple ports and will vary depending on environment and configuration.

***XTM 870 appliances are available with 6 copper and 8 fiber 10/100/1000 interfaces under the model number XTM 870-F.

Options & Upgrades:

Security Subscriptions

Data Loss Prevention (DLP) XTM DLP prevents data breaches by scanning text and common file types to detect sensitive information. A predefined library of over 200 rules for 18 countries makes creating and updating corporate data policies as easy as point and click.	Application Control Application Control enables IT administrators to monitor and control access to web and business applications to enforce policy, and protect productivity and network bandwidth.
Reputation Enabled Defense Reputation Enabled Defense delivers a powerful, cloud-based URL reputation service that protects web users from malicious web pages, while dramatically improving web processing overhead.	WebBlocker WebBlocker content and URL filtering subscription helps eliminate legal liabilities resulting from inappropriate web surfing, while increasing employee productivity and protection from web-based attacks.
spamBlocker spamBlocker is the best in the industry at distinguishing legitimate communication from spam outbreaks in real time, blocking nearly 100% of unwanted emails and the viral payloads they carry.	Gateway AntiVirus Gateway AntiVirusis a fully integrated, signature-based security subscription that identifies and blocks known spyware, viruses, trojans, and blended threats in real time.
Intrusion Prevention Service Intrusion Prevention Serviceworks hand-in-hand with your WatchGuard firewall's application layer content inspection to provide real-time protection from threats, including SQL injections, cross-site scripting, and buffer overflows.	LiveSecurity Service LiveSecurity Service, a high-value support and maintenance program that you activate online when you register your product. LiveSecurity delivers technical support, hardware warranty with advance hardware replacement, the latest software updates, and threat alerts.

Documentation:

Download the XTM 800 Series Datasheet (PDF).