WatchGuard XTM 21
Extensible Threat Management for Growing Businesses

WatchGuard XTM 21 Wireless Series Overview:

WatchGuard® XTM 2 Series appliances deliver a new class of performance driven security. Network protection is stronger than ever, with full HTTPS inspection and VoIP support. All models have three 1-Gigabit Ethernet ports for faster link speeds, and optional wireless capabilities include dual-band 802.11n technology for greater wireless speed and responsiveness. An XTM 2 Series appliance can be used as a stand-alone security solution for a small business, and makes an ideal endpoint for connecting a secure VPN tunnel back to a WatchGuard XTM or WatchGuard Firebox network.

With a WatchGuard® XTM 2 Series appliance, your network is:

SECURE:

• Application-layer content inspection recognizes & blocks threats that stateful packet firewalls cannot detect.
• Wide-ranging proxy protection comes from robust security on HTTP, HTTPS, FTP, SMTP, POP3, DNS, TCP/UDP.
• Security subscriptions boost protection in critical attack areas for complete unified threat management.
• Includes Skype blocking – the first of a new generation of built-in application-blocking capabilities.
• Delivers integrated SSL VPN for simple, anywhere-anytime network access.

EFFICIENT:

• Scriptable CLI supports interoperability and allows easy integration into existing infrastructure for quick, direct connection.
• Interactive, real-time monitoring and reporting – at no extra charge – give an unprecedented view into network security activity, so you can take immediate preventive or corrective actions.
• Intuitive management console centralizes configurations and streamlines remote management.
• Three 1-GbE interfaces allow faster link speeds, which is particularly useful for trusted LAN.
• Role-based access control (RBAC) allows top administrator to create custom roles for granular control.
• Drag-and-drop Branch Office VPN setup – three clicks and your remote office is connected.

FLEXIBLE:

• Call setup security for VoIP means you don’t need to “wire around the firewall” to take advantage of the big cost savings that VoIP can generate.
• WAN and VPN failover increase performance, redundancy, and reliability.
• Multiple VPN choices deliver flexibility in remote access.
• Includes PPPoE options for modem setup and scheduled redial for predictable PPPoE session restarts where regional providers require them, without the disruption of a full appliance reboot.
• Advanced networking features, like transparent bridge mode and multicast over VPN, allow you to add security without needing to change existing network infrastructure.

WIRED OR WIRELESS – YOUR CHOICE:

• Wireless models include optional dual-band 802.11n technology for much more responsive wireless network connection and expanded range. Allows users to access 2.4 GHz or less crowded 5GHz band.
• Three distinct wireless security zones (VAPs) give administrators precise control over Internet access privileges for different user groups.
• Wireless guest services segment the Internet for customers/guests.

CAPABLE:

• Multi-layered, interlocking security protects the network.
• Secure remote connectivity keeps mobile workforce productive.
• Intuitive, centralized management gives you the control you need to manage efficiently.
• Choice of wired or wireless models to suit your specific business requirements.
• Security and reporting tools support industry and regulatory compliance.

Product Comparison:

 

WatchGuard® Model	XTM 21	XTM 22	XTM 23
Throughput & Connections
Firewall Throughput*	110 Mbps	150 Mbps	195 Mbps
VPN Throughput*	35 Mbps	55 Mbps	55 Mbps
XTM Throughput*	18 Mbps	30 Mbps	40 Mbps
Interfaces 10/100	3 copper	3 copper	3 copper
Interfaces 10/100/1000	3 copper	3 copper	3 copper
I/O Interfaces	2 USB	2 USB	2 USB
Nodes Supported (LAN IPs)	Unrestricted	Unrestricted	Unrestricted
Concurrent Connections	10,000	20,000	30,000
Local user auth. DB limit	100	200	200
Model Upgradeable			N/A
Wireless Available**	802.11a/b/g/n	802.11a/b/g/n	802.11a/b/g/n
VPN Tunnels (included / Maximum)
Branch Office VPN	5	20	50
Mobile VPN IPSec	1 / 11	5 / 25	5 / 55
Mobile VPN SSL	1 / 11	1 / 25	55 / 55
Security Features
Firewall	Stateful packet inspection, deep application inspection, application proxies
Application Proxies	HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3
Threat Protection	Blocks spyware, DoS attacks, fragmented & malformed packets, blended threats, and more
VoIP	H.323. SIP, call setup and session security
Security Subscriptions	WebBlocker, spamBlocker, Gateway AntiVirus, Intrusion Prevention Service
VPN & Authentication
Encryption	DES, 3DES, AES 128-, 192-, 256-bit
IPSec	SHA-1, IKE pre-shared key, 3rd party cert
VPN Failover
SSL	Thin client, Web exchange
PPTP	Server and Passthrough
Single Sign-on	Transparent Active Directory Authentication
XAUTH	Radius, LDAP, Windows Active Directory
Other user authentication	VASCO, RSA SecurID, web-based, local
Management
Management Platform	WatchGuard System Manager (WSM)
Alarms and Notifications	SNMP v2/v3, Email, Management System Alert
Server Support	Logging and Reporting with Server Health status, Quarantine, WebBlocker, Management
Web UI	Supports Windows, Mac, Linux, and Solaris OS
Command Line Interface	Includes direct connect and scripting
Standard Networking
QoS	8 priority queues, DiffServ, modified strict queuing
IP Address Assignment	Static, DynDNS, PPPoE, DHCP (server, client, relay)
NAT	Static, dynamic, 1:1, IPSec traversal, policy-based
Support and Maintenance
LiveSecurity Service	Hardware warranty, 12/5 technical support with 4-hour response time, software updates, threat alerts
Certifications
Security	ICSA, FIPS 140-2 and EAL4+ in progress
Safety	NRTL/C, CB
Hazardous Substance Control	WEEE, RoHS, REACH

*Throughput rates will vary based on environment and configuration
** All XTM 2 Series appliances are available in wireless versions under the model numbers XTM 21-W, XTM 22-W, and XTM 23-W

Product Views:

Additional Specifications:

Choose Your Operating System:

XTM 21 and XTM 22 models ship with the Fireware® XTM operating system. As network requirements become more complex, it’s easy to upgrade to the Pro version of the OS using a downloadable software license key. (Fireware XTM Pro ships with the XTM 23 appliance.)

Networking Features	Fireware XTM	Fireware XTM Pro
Routing	Static	Policy-based
SSL	1 SSL tunnel available	Maxmimum number of SSL tunnels available
VLAN Support	20	50
Other Features	Port Independence Transparent/drop-in mode	Multi-WAN Failover Multi-WAN load balancing

Buy the Bundle and Get the Works!

Get everything you need for complete threat management at a great price with the Security Bundle. Includes choice of any WatchGuard XTM 2 Series appliance (wired or wireless), WebBlocker, spamBlocker, Gateway AntiVirus, and Intrusion Prevention Service, plus LiveSecurity® Service for support and maintenance.

Dimensions and Power
Product Dimensions - Wired	7.5” x 6.125” x 1.25” (19.1 x 15.6 x 3.2 cm)
Product Dimensions - Wireless (antennae up)	10.5” x 7.75” x 5” (26.7 x 19.7 x 12.7 cm)
Shipping Dimensions	3.2 lbs (1.45 Kg)
Shipping Weight - Wired	3.6 lbs (1.6 Kg)
Shipping Weight - Wireless	19.5 lbs (8.8 Kg)
AC Power	100-240 VAC autosensing
Power Consumption - Wired	U.S. 23.33 Watts (80 BTU/hr)
Power Consumption - Wireless	U.S. 24.0 Watts (82 BTU)
Rack Mountable	No (wall mount bracket included)

*Throughput rates will vary based on environment and configuration
** All XTM 2 Series appliances are available in wireless versions under the model numbers XTM 21-W, XTM 22-W, and XTM 23-W

Options and Upgrades:

WebBlocker WebBlocker content and URL filtering subscription helps eliminate legal liabilities resulting from inappropriate web surfing, while increasing employee productivity and protection from web-based attacks. Gateway AntiVirus Gateway AntiVirusis a fully integrated, signature-based security subscription that identifies and blocks known spyware, viruses, trojans, and blended threats in real time. LiveSecurity Service Your WatchGuard appliance includes a subscription to our ground-breaking LiveSecurity Service, which you activate online when you register your product. You have three options for getting LiveSecurity when you purchase any WatchGuard XTM or Firebox® X Peak™, Core™, or Edge e-Series appliance. Choose the option that best fits your budget cycle and renewal schedule.

spamBlocker spamBlocker is the best in the industry at distinguishing legitimate communication from spam outbreaks in real time, blocking nearly 100% of unwanted emails and the viral payloads they carry. Intrusion Prevention Service Intrusion Prevention Serviceworks hand-in-hand with your WatchGuard firewall's application layer content inspection to provide real-time protection from threats, including SQL injections, cross-site scripting, and buffer overflows.

Documentation:

Download the WatchGuard XTM 2 Series Datasheet (PDF).